s4-dsdb: Extended samdb.newuser to accept security descriptor for the object and optionally skip password reset

Sometimes for testing purposes we create users without any permissions on their objects and password reset
cannot be performed at that point, and is not necessary. For this purpose we can now optionally skip this step.
The default is still to reset the user password.
Also, a security.descriptor object can be specified during the user creation to override using the default one.
defaultSecurityDescriptor is still used by default.

source4/scripting/python/samba/samdb.py

@@ -227,7 +227,7 @@ member: %s
                 profilepath=None, scriptpath=None, homedrive=None, homedirectory=None,
                 jobtitle=None, department=None, company=None, description=None,
                 mailaddress=None, internetaddress=None, telephonenumber=None,
-                physicaldeliveryoffice=None):
+                physicaldeliveryoffice=None, sd=None, setpassword=True):
         """Adds a new user with additional parameters
 
         :param username: Name of the new user
@@ -250,6 +250,8 @@ member: %s
         :param internetaddress: Home page of the new user
         :param telephonenumber: Phone number of the new user
         :param physicaldeliveryoffice: Office location of the new user
+        :param sd: security descriptor of the object
+        :param setpassword: optionally disable password reset
         """
 
         displayname = ""
@@ -326,13 +328,17 @@ member: %s
         if physicaldeliveryoffice is not None:
             ldbmessage["physicalDeliveryOfficeName"] = physicaldeliveryoffice
 
+        if sd is not None:
+            ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
+
         self.transaction_start()
         try:
             self.add(ldbmessage)
 
             # Sets the password for it
-            self.setpassword("(dn=" + user_dn + ")", password,
-              force_password_change_at_next_login_req)
+            if setpassword:
+                self.setpassword("(dn=" + user_dn + ")", password,
+                                 force_password_change_at_next_login_req)
         except:
             self.transaction_cancel()
             raise