def needed_objectclasses(self, entry): dont_remove = ["organizationalPerson", "univentionPerson"] schema_attrs = ldap.schema.SCHEMA_ATTRS ldap.set_option(ldap.OPT_DEBUG_LEVEL, 0) ldap._trace_level = 0 subschemasubentry_dn, schema = ldap.schema.urlfetch("%s/cn=subschema", self.uri) if subschemasubentry_dn is None: univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "No sub schema sub entry found!") return None needed_oc = [] for attr_type, schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items(): if attr_type == "objectClasses": for element_id in schema.listall(schema_class): se_orig = schema.get_obj(schema_class, element_id) attributes = se_orig.may + se_orig.must for i in range(0, len(se_orig.names)): if se_orig.names[i] in entry["objectClass"] and not se_orig.names[i] in needed_oc: for j in attributes: if (j in res[0][1] or j in dont_remove) and not se_orig.names[i] in needed_oc: needed_oc.append(se_orig.names[i]) return needed_oc
def list_classes(uri): subschemasubentry_dn, schema = ldap.schema.urlfetch(uri) schema_reverse = ldap.schema.SubSchema(schema.ldap_entry()) ocs = ldap.schema.SCHEMA_CLASS_MAPPING['objectclasses'] for element_id in schema.listall(ocs): obj = schema.get_obj(ocs, element_id) print("%s - %s" % (obj.names[0], obj.desc or "no description"))
def list_classes(uri): # pragma: nocover subschemasubentry_dn, schema = ldap.schema.urlfetch(uri.encode('ascii')) schema_reverse = ldap.schema.SubSchema(schema.ldap_entry()) ocs = ldap.schema.SCHEMA_CLASS_MAPPING['objectclasses'] for element_id in schema.listall(ocs): obj = schema.get_obj(ocs, element_id) print("%s - %s" % (obj.names[0], obj.desc or "no description"))
def needed_objectclasses(self, entry): dont_remove = ['organizationalPerson', 'univentionPerson'] schema_attrs = ldap.schema.SCHEMA_ATTRS ldap.set_option(ldap.OPT_DEBUG_LEVEL, 0) ldap._trace_level = 0 subschemasubentry_dn, schema = ldap.schema.urlfetch( '%s/cn=subschema', self.uri) if subschemasubentry_dn is None: univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'No sub schema sub entry found!') return None needed_oc = [] for attr_type, schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items( ): if attr_type == 'objectClasses': for element_id in schema.listall(schema_class): se_orig = schema.get_obj(schema_class, element_id) attributes = se_orig.may + se_orig.must for i in range(0, len(se_orig.names)): if se_orig.names[i] in entry[ 'objectClass'] and not se_orig.names[ i] in needed_oc: for j in attributes: if (j in res[0][1] or j in dont_remove ) and not se_orig.names[i] in needed_oc: needed_oc.append(se_orig.names[i]) return needed_oc
if html_output: print("""<html> <head> <title>Object class tree</title> </head> <body bgcolor="#ffffff"> <h1>Object class tree</h1> <dl> """) HTMLSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) print("""</dl> <h1>Attribute type tree</h1> <dl> """) for a in schema.listall(ldap.schema.AttributeType): if at_tree[a]: HTMLSchemaTree(schema,ldap.schema.AttributeType,at_tree,a,0) print print("""</dl> </body> </html> """) else: print('*** Object class tree ***\n') print PrintSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0)
subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1]) if subschemasubentry_dn is None: print('No sub schema sub entry found!') sys.exit(1) if schema.non_unique_oids: print('*** Schema errors ***') print('non-unique OIDs:\n','\r\n'.join(schema.non_unique_oids)) print('*** Schema from',repr(subschemasubentry_dn)) # Display schema for attr_type,schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items(): print('*'*20,attr_type,'*'*20) for element_id in schema.listall(schema_class): se_orig = schema.get_obj(schema_class,element_id) print(attr_type,str(se_orig)) print('*** Testing object class inetOrgPerson ***') drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink') if not drink is None: print('*** drink ***') print('drink.names',repr(drink.names)) print('drink.collective',repr(drink.collective)) inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson') if not inetOrgPerson is None: print(inetOrgPerson.must,inetOrgPerson.may) print('*** person,organizationalPerson,inetOrgPerson ***')
if html_output: print ("""<html> <head> <title>Object class tree</title> </head> <body bgcolor="#ffffff"> <h1>Object class tree</h1> <dl> """) HTMLSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0) print ("""</dl> <h1>Attribute type tree</h1> <dl> """) for a in schema.listall(ldap.schema.AttributeType): if at_tree[a]: HTMLSchemaTree(schema,ldap.schema.AttributeType,at_tree,a,0) print() print ("""</dl> </body> </html> """) else: print ('*** Object class tree ***\n') print() PrintSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0)
subschemasubentry_dn, schema = ldap.schema.urlfetch(sys.argv[-1]) if subschemasubentry_dn is None: print('No sub schema sub entry found!') sys.exit(1) if schema.non_unique_oids: print('*** Schema errors ***') print('non-unique OIDs:\n', '\r\n'.join(schema.non_unique_oids)) print('*** Schema from', repr(subschemasubentry_dn)) # Display schema for attr_type, schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items(): print('*' * 20, attr_type, '*' * 20) for element_id in schema.listall(schema_class): se_orig = schema.get_obj(schema_class, element_id) print(attr_type, str(se_orig)) print('*** Testing object class inetOrgPerson ***') drink = schema.get_obj(ldap.schema.AttributeType, 'favouriteDrink') if not drink is None: print('*** drink ***') print('drink.names', repr(drink.names)) print('drink.collective', repr(drink.collective)) inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass, 'inetOrgPerson') if not inetOrgPerson is None: print(inetOrgPerson.must, inetOrgPerson.may) print('*** person,organizationalPerson,inetOrgPerson ***')
""" recursive. returns all attributes for a objectClass object down the hierarchy """ attrs.extend(oc.may + oc.must) for oc_name in oc.sup: sup_oc = schema.get_obj(ldap.schema.ObjectClass, oc_name) getAttrs(sup_oc, attrs) return attrs def addAttrs(*ocnames): return tuple(itertools.chain(*[hubocnames_and_attrs[name] for name in ocnames])) isHubOC = lambda oc: oc.names[0].startswith("hub") all_ocs = [schema.get_obj(ldap.schema.ObjectClass, oid) for oid in schema.listall(ldap.schema.ObjectClass)] all_attrs = [schema.get_obj(ldap.schema.AttributeType, oid) for oid in schema.listall(ldap.schema.AttributeType)] multivalue_attrs = tuple(itertools.chain(*[x.names for x in all_attrs if not x.single_value])) hub_ocs = [oc for oc in all_ocs if isHubOC(oc)] hub_ocs = all_ocs hubocnames_and_attrs = dict([(oc.names[0], tuple(getAttrs(oc, []))) for oc in hub_ocs]) # aux_attrs_and_ocnames = dict([(hubocnames_and_attrs[oc.names[0]], oc.names[0]) for oc in hub_ocs if oc.kind == 2]) oc_entries = dict([(oc.names[0], (oc.names + oc.sup)) for oc in hub_ocs]) conn.unbind_s() del all_ocs, conn, isHubOC, schema, all_attrs def getLocalUserDNFromUid(conn, uid): gdn = globaluserdn % uid
def get_att(name,password,host): #if __name__=='__main__': url = ldapurl.LDAPUrl('ldap://', host+':389', '', name) ldap_server = ldap.initialize('ldap://'+host+':389') ldap_server.bind_s(name, password) subentrydn = ldap_server.search_subschemasubentry_s() entry = ldap_server.read_subschemasubentry_s(subentrydn,url.attrs) schema = None attributes = {} objectclass = {} if subentrydn!=None: schema = ldap.schema.SubSchema(entry) attlist = schema.listall(ldap.schema.AttributeType) for item in attlist: a = schema.get_obj(ldap.schema.AttributeType, item) attnamelist = a.names for att in attnamelist: attributes[att.lower()] = {"DESC": a.desc, "SINGLE": a.single_value, "SYNTAX": a.syntax, "NAME": att, "COLLECTIVE": a.collective, "EQUALITY": a.equality, "OBSOLETE": a.obsolete, "OID": a.oid, "ORDERING": a.ordering, "SUP": a.sup, "SYNTAX_LEN": a.syntax_len, "USAGE": a.usage} objlist = schema.listall(ldap.schema.ObjectClass) for oids in objlist: a = schema.get_obj(ldap.schema.ObjectClass, oids) kind = "" if a.kind == 0: kind = "STRUCTURAL" if a.kind == 1: kind = "ABSTRACT" if a.kind == 2: kind = "AUXILIARY" desc = "" if a.desc != None: desc = a.desc must = [] if len(a.must) != 0: must = a.must may = [] if len(a.may) != 0: may = a.may sup = [] for item in a.sup: if item.lower() != 'top': sup.append(item.lower()) numericoid = "" if a.oid != None: numericoid = a.oid for name in a.names: objectclass[name] = {"DESC":desc,"MUST":must,"MAY": may,"NAME": name,"KIND":kind,"SUP":sup,"OID": numericoid} else: schema = None #print attributes ldap_server.unbind() return objectclass
class WorkerThreadFetch(threading.Thread): # TODO MOVE THIS TO LUMACONNECTION def __init__(self, serverMeta): threading.Thread.__init__(self) self.serverMeta = serverMeta self.ldapConnection = None self.FINISHED = False self.exceptionObject = None self.objectClassesDict = {} self.attributeDict = {} self.syntaxDict = {} self.matchingDict = {} def run(self): try: urlschemeVal = "ldap" if self.serverMeta.encryptionMethod == ServerEncryptionMethod.SSL: urlschemeVal = "ldaps" whoVal = None credVal = None if not (self.serverMeta.bindAnon): whoVal = self.serverMeta.bindDN credVal = self.serverMeta.bindPassword url = ldapurl.LDAPUrl(urlscheme=urlschemeVal, hostport=self.serverMeta.hostname + ":" + str(self.serverMeta.port), dn=self.serverMeta.baseDN, who=whoVal, cred=credVal) self.ldapServerObject = ldap.initialize(url.initializeUrl()) self.ldapServerObject.protocol_version = 3 # Check whether we want to validate the server certificate. validateMethod = ldap.OPT_X_TLS_DEMAND if self.serverMeta.checkServerCertificate == ServerCheckCertificate.Demand: validateMethod = ldap.OPT_X_TLS_DEMAND elif self.serverMeta.checkServerCertificate == ServerCheckCertificate.Never: validateMethod = ldap.OPT_X_TLS_NEVER elif self.serverMeta.checkServerCertificate == ServerCheckCertificate.Try: validateMethod = ldap.OPT_X_TLS_TRY elif self.serverMeta.checkServerCertificate == ServerCheckCertificate.Allow: validateMethod = ldap.OPT_X_TLS_ALLOW encryption = False if self.serverMeta.encryptionMethod == ServerEncryptionMethod.SSL: encryption = True elif self.serverMeta.encryptionMethod == ServerEncryptionMethod.TLS: encryption = True if encryption: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, validateMethod) #self.ldapServerObject.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, validateMethod) # If we're going to present client certificates, this must be set as an option if self.serverMeta.useCertificate and encryption: try: self.ldapServerObject.set_option( ldap.OPT_X_TLS_CERTFILE, self.serverMeta.clientCertFile) self.ldapServerObject.set_option( ldap.OPT_X_TLS_KEYFILE, self.serverMeta.clientCertKeyfile) except Exception, e: message = "Certificate error. Reason:\n" message += "Could not set client certificate and certificate keyfile. " message += str(e) #TODO LOGGING print "Error:", message, "in ObjectClassAttributeInfo.WorkerThreadFetch" print "TODO - proper logging/error-handling" #environment.logMessage(LogObject("Error,",message)) if self.serverMeta.encryptionMethod == ServerEncryptionMethod.TLS: self.ldapServerObject.start_tls_s() # Enable Alias support if self.serverMeta.followAliases: self.ldapServerObject.set_option(ldap.OPT_DEREF, ldap.DEREF_ALWAYS) if self.serverMeta.bindAnon: self.ldapServerObject.simple_bind() elif self.serverMeta.authMethod == ServerAuthMethod.Simple: self.ldapServerObject.simple_bind_s(whoVal, credVal) elif not self.serverMeta == ServerAuthMethod.Simple: sasl_cb_value_dict = {} if not self.serverMeta.authMethod == ServerAuthMethod.SASL_GSSAPI: sasl_cb_value_dict[ldap.sasl.CB_AUTHNAME] = whoVal sasl_cb_value_dict[ldap.sasl.CB_PASS] = credVal sasl_mech = None if self.serverMeta.authMethod == ServerAuthMethod.SASL_PLAIN: sasl_mech = "PLAIN" elif self.serverMeta.authMethod == ServerAuthMethod.SASL_CRAM_MD5: sasl_mech = "CRAM-MD5" elif self.serverMeta.authMethod == ServerAuthMethod.SASL_DIGEST_MD5: sasl_mech = "DIGEST-MD5" elif self.serverMeta.authMethod == ServerAuthMethod.SASL_LOGIN: sasl_mech = "LOGIN" elif self.serverMeta.authMethod == ServerAuthMethod.SASL_GSSAPI: sasl_mech = "GSSAPI" elif self.serverMeta.authMethod == ServerAuthMethod.SASL_EXTERNAL: sasl_mech = "EXTERNAL" sasl_auth = ldap.sasl.sasl(sasl_cb_value_dict, sasl_mech) # If python-ldap has no support for SASL, it doesn't have # sasl_interactive_bind_s as a method. try: if "EXTERNAL" == sasl_mech: #url = ldapurl.LDAPUrl(urlscheme="ldapi", # hostport = self.serverMeta.host.replace("/", "%2f"), # dn = self.serverMeta.baseDN) url = "ldapi://" + self.serverMeta.hostname.replace( "/", "%2F").replace(",", "%2C") #self.ldapServerObject = ldap.initialize(url.initializeUrl()) self.ldapServerObject = ldap.initialize(url) self.ldapServerObject.protocol_version = 3 # Enable Alias support if self.serverMeta.followAliases: self.ldapServerObject.set_option( ldap.OPT_DEREF, ldap.DEREF_ALWAYS) self.ldapServerObject.sasl_interactive_bind_s( "", sasl_auth) except AttributeError, e: self.result = False self.exceptionObject = e self.FINISHED = True return #subschemasubentry_dn = self.ldapServerObject.search_subschemasubentry_s(url.dn) subschemasubentry_dn = self.ldapServerObject.search_subschemasubentry_s( ) if subschemasubentry_dn is None: subschemasubentry_entry = None else: if url.attrs is None: schema_attrs = SCHEMA_ATTRS else: schema_attrs = url.attrs subschemasubentry_entry = self.ldapServerObject.read_subschemasubentry_s( subschemasubentry_dn, attrs=schema_attrs) self.ldapServerObject.unbind_s() schema = None if subschemasubentry_dn != None: schema = ldap.schema.SubSchema(subschemasubentry_entry) else: schema = None # get objectclass information oidList = schema.listall(ldap.schema.ObjectClass) for x in oidList: y = schema.get_obj(ldap.schema.ObjectClass, x) # detect kind of objectclass kind = "" if 0 == y.kind: kind = "STRUCTURAL" elif 1 == y.kind: kind = "ABSTRACT" elif 2 == y.kind: kind = "AUXILIARY" # name of objectclass desc = "" if not (y.desc == None): desc = y.desc # must attributes of the objectclass must = [] if not (len(y.must) == 0): must = y.must # may attributes of the objectclass may = [] if not (len(y.may) == 0): may = y.may # parents of the objectclass # beware that not the whole class chain is given. only # the first class above the current parents = [] for parent in y.sup: # filter out objectclass top. all classes are # derived from top if not ("top" == parent.lower()): parents.append(parent.lower()) oid = "" if not (y.oid == None): oid = y.oid # store values for each name the current class has. # IMPORTANT: the key is always lowercase for name in y.names: self.objectClassesDict[name.lower()] = { "DESC": desc, "MUST": must, "MAY": may, "NAME": name, "KIND": kind, "PARENTS": parents, "OID": oid } # get attribute information oidList = schema.listall(ldap.schema.AttributeType) for x in oidList: y = schema.get_obj(ldap.schema.AttributeType, x) nameList = y.names for z in nameList: self.attributeDict[z.lower()] = { "DESC": y.desc, "SINGLE": y.single_value, "SYNTAX": y.syntax, "NAME": z, "COLLECTIVE": y.collective, "EQUALITY": y.equality, "OBSOLETE": y.obsolete, "OID": y.oid, "ORDERING": y.ordering, "SUP": y.sup, "SYNTAX_LEN": y.syntax_len, "USAGE": y.usage } # get syntax information oidList = schema.listall(ldap.schema.LDAPSyntax) for x in oidList: y = schema.get_obj(ldap.schema.LDAPSyntax, x) self.syntaxDict[x] = {"DESC": y.desc, "OID": y.oid} # get matching information oidList = schema.listall(ldap.schema.MatchingRule) for x in oidList: y = schema.get_obj(ldap.schema.MatchingRule, x) for z in y.names: self.matchingDict[z.lower()] = { "DESC": y.desc, "OID": y.oid, "OBSOLETE": y.obsolete, "SYNTAX": y.syntax, "NAME": z } self.FINISHED = True