Beispiel #1
0
def test_check_univentionDefaultGroup_membership_after_create(udm):
    """Check default primary group membership after users/user create"""
    # from users/user: lookup univentionDefaultGroup
    lo = utils.get_ldap_connection()
    pos = position(lo.base)
    searchResult = lo.search(filter='(objectClass=univentionDefault)',
                             base='cn=univention,' + pos.getDomain(),
                             attr=['univentionDefaultGroup'])
    if not searchResult or not searchResult[0][1]:
        utils.fail(
            'Test system is broken: univentionDefaultGroup value not found')
    groupdn = searchResult[0][1]['univentionDefaultGroup'][0].decode('utf-8')

    # lookup previous members for comparison
    searchResult = lo.search(base=groupdn,
                             scope='base',
                             attr=['uniqueMember', 'memberUid'])
    if not searchResult or not searchResult[0][1]:
        utils.fail(
            'Test system is broken: univentionDefaultGroup object missing: %s'
            % groupdn)
    uniqueMember = searchResult[0][1]['uniqueMember']
    memberUid = searchResult[0][1]['memberUid']

    # now create users/user object
    userdn, uid = udm.create_user(primaryGroup=groupdn)

    # and check if the object has been added to univentionDefaultGroup
    uniqueMember.append(userdn.encode('utf-8'))
    memberUid.append(uid.encode('utf-8'))
    utils.verify_ldap_object(groupdn, {'uniqueMember': uniqueMember})
    utils.verify_ldap_object(groupdn, {'memberUid': memberUid})
Beispiel #2
0
    def create_without_hooks(self, lo, validate):
        if self.exists(lo):
            return False
        logger.info('Creating %r', self)

        if validate:
            self.validate(lo)
            if self.errors:
                raise ValidationError(self.errors.copy())

        pos = udm_uldap.position(ucr.get('ldap/base'))
        container = self.position
        if not container:
            logger.error('%r cannot determine a container. Unable to create!',
                         self)
            return False
        try:
            pos.setDn(container)
            udm_obj = udm_modules.get(self._meta.udm_module).object(
                None, lo, pos, superordinate=self.get_superordinate(lo))
            udm_obj.open()

            # here is the real logic
            self.do_create(udm_obj, lo)

            # get it fresh from the database (needed for udm_obj._exists ...)
            self.set_dn(self.dn)
            logger.info('%r successfully created', self)
            return True
        finally:
            self.invalidate_cache()
 def __init__(self,
              userdn=None,
              password=None,
              host='localhost',
              base=None,
              start_tls=2,
              access=None,
              format=None):
     self._cached = {}
     self._modules = {}
     self._policies = {}
     self._format = format
     self._bc = ConfigRegistry()
     self._bc.load()
     self.__reverse = {}
     if not base:
         self._base = self._bc['ldap/base']
     else:
         self._base = base
     self._position = ua_ldap.position(self._base)
     if access:
         self._access = access
     else:
         self._access = ua_ldap.access(host=host,
                                       base=self._base,
                                       binddn=userdn,
                                       bindpw=password,
                                       start_tls=start_tls)
     ua_modules.update()
    def po(self):
        """
		Get a LDAP position object for the base DN (ldap/base).

		:return: univention.admin.uldap.position object
		"""
        if not self._po:
            self._po = position(self.lo.base)
        return self._po
Beispiel #5
0
 def open_ldap(self):
     ldap_host = self.changeset.ucr["ldap/master"]
     ldap_base = self.changeset.ucr["ldap/base"]
     self.ldap = uldap.access(
         host=ldap_host,
         base=ldap_base,
         binddn=self.binddn,
         bindpw=self.bindpwd,
     )
     self.position = uldap.position(ldap_base)
Beispiel #6
0
def get_connection(userdn, password):
    port = int(ucr_get('ldap/master/port', '7389'))
    host = ucr_get('ldap/master')
    base = ucr_get('ldap/base')
    lo = base_access(host=host,
                     port=port,
                     base=base,
                     binddn=userdn,
                     bindpw=password)
    lo = access(lo=lo)
    pos = position(lo.base)
    return lo, pos
Beispiel #7
0
def create_roleshare_on_server(role,
                               school_ou,
                               share_container_dn,
                               serverfqdn,
                               teacher_group=None,
                               ucr=None,
                               ldap_user_read=None,
                               ldap_user_write=None,
                               ldap_position=None):
    if not ucr:
        ucr = univention.config_registry.ConfigRegistry()
        ucr.load()

    if not teacher_group:
        teacher_groupname = '-'.join(
            (ucs_school_name_i18n(role_teacher), school_ou))
        teacher_group = Group(name=teacher_groupname,
                              school=school_ou).get_udm_object(ldap_user_read)
        if not teacher_group:
            raise univention.admin.uexceptions.noObject(
                'Group not found: %s.' % teacher_groupname)
    else:
        teacher_groupname = teacher_group['name']

    custom_groupname_domainadmins = custom_groupname('Domain Admins')
    try:
        udm_module_name = 'shares/share'
        udm_modules.init(ldap_user_write, ldap_position,
                         udm_modules.get(udm_module_name))
        share_container = udm_uldap.position(share_container_dn)
        udm_obj = udm_modules.get(udm_module_name).object(
            None, ldap_user_write, share_container)
        udm_obj.open()
        udm_obj.options = ['samba']
        udm_obj['name'] = roleshare_name(role, school_ou, ucr)
        udm_obj['path'] = os.path.join('/home',
                                       roleshare_path(role, school_ou, ucr))
        udm_obj['host'] = serverfqdn
        udm_obj['group'] = teacher_group['gidNumber']
        udm_obj['sambaBrowseable'] = "0"
        udm_obj['sambaWriteable'] = "0"
        udm_obj['sambaValidUsers'] = '@"%s" @"%s"' % (
            teacher_groupname, custom_groupname_domainadmins)
        udm_obj['sambaCustomSettings'] = [
            ('admin users', '@"%s" @"%s"' %
             (teacher_groupname, custom_groupname_domainadmins))
        ]
        udm_obj.create()
    except univention.admin.uexceptions.objectExists as exc:
        print 'Object exists: %s' % (exc.args[0], )
    else:
        print 'Object created: %s' % _2utf8(udm_obj.dn)
Beispiel #8
0
	def create(self, lo, validate=True):
		logger.info('Creating %r', self)
		pos = udm_uldap.position(ucr.get('ldap/base'))
		pos.setDn(self.position)
		udm_obj = udm_modules.get(self._meta.udm_module).object(None, lo, pos)
		udm_obj.open()
		udm_obj['name'] = self.name
		try:
			self.do_create(udm_obj, lo)
		except objectExists as exc:
			return exc.args[0]
		else:
			return udm_obj.dn
def get_user_connection(userdn, password):
	__init_users_module()
	ucr.load()

	try:
		# open an LDAP connection with the user password and credentials
		return udm_uldap.access(
			host=ucr.get('ldap/server/name'),
			base=ucr.get('ldap/base'),
			port=int(ucr.get('ldap/server/port', 7389)),
			binddn=userdn,
			bindpw=password,
			follow_referral=True
		), udm_uldap.position(ucr.get('ldap/base'))
	except (udm_errors.base, LDAPError) as exc:
		CORE.warn('Failed to get ldap connection for UDM user object %s: %s' % (userdn, exc))
		return None, None
Beispiel #10
0
	def __init__( self, userdn = None, password = None, host = 'localhost', base = None, start_tls = 2, access = None, format = True ):
		self._cached = {}
		self._modules = {}
		self._policies = {}
		self._format = format
		self._bc = ub.baseConfig()
		self._bc.load()
		self.__reverse = {}
		if not base:
			self._base = self._bc[ 'ldap/base' ]
		else:
			self._base = base
		self._position = ua_ldap.position( self._base )
		if access:
			self._access = access
		else:
			self._access = ua_ldap.access(  host = host, base = self._base,
											binddn = userdn, bindpw = password, start_tls = start_tls )
		ua_modules.update()
		self._config = ua_config.config( host = host )
Beispiel #11
0
	def wrapper_func( *args, **kwargs ):
		global _ldap_connection, _ldap_position, _user_dn, _password, _licenseCheck

		if _ldap_connection is not None:
			MODULE.info( 'Using open LDAP connection for user %s' % _user_dn )
			lo = _ldap_connection
			po = _ldap_position
		else:
			MODULE.info( 'Opening LDAP connection for user %s' % _user_dn )
			try:
				lo = udm_uldap.access( host = ucr.get( 'ldap/master' ), base = ucr.get( 'ldap/base' ), binddn = _user_dn, bindpw = _password )

				# license check (see also univention.admin.uldap.access.bind())
				if not GPLversion:
					try:
						_licenseCheck = univention.admin.license.init_select(lo, 'admin')
						if _licenseCheck in range(1, 5) or _licenseCheck in range(6,12):
							lo.allow_modify = 0
						if _licenseCheck is not None:
							lo.requireLicense()
					except univention.admin.uexceptions.licenseInvalid:
						lo.allow_modify = 0
						lo.requireLicense()
					except univention.admin.uexceptions.licenseNotFound:
						lo.allow_modify = 0
						lo.requireLicense()
					except univention.admin.uexceptions.licenseExpired:
						lo.allow_modify = 0
						lo.requireLicense()
					except univention.admin.uexceptions.licenseWrongBaseDn:
						lo.allow_modify = 0
						lo.requireLicense()

				po = udm_uldap.position( lo.base )
			except udm_errors.noObject, e:
				raise e
			except LDAPError, e:
				raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) )
Beispiel #12
0
    def _create_new_network(self, forward_zone, reverse_zone, dhcp_service):
        ipv4 = self.changeset.new_interfaces.get_default_ipv4_address()

        network_position = uldap.position(self.position.getDn())
        network_position.setDn("cn=networks,%(ldap/base)s" %
                               self.changeset.ucr)

        network_module = modules.get("networks/network")
        modules.init(self.ldap, self.position, network_module)
        network = network_module.object(None, self.ldap, network_position)
        network.info["name"] = "default"
        network.info["network"] = str(ipv4.network)
        network.info["netmask"] = str(ipv4.netmask)
        if forward_zone:
            network.info["dnsEntryZoneForward"] = forward_zone
        if reverse_zone:
            network.info["dnsEntryZoneReverse"] = reverse_zone
        if dhcp_service:
            network.info["dhcpEntryZone"] = dhcp_service
        self.logger.info("Creating '%s' with '%r'...",
                         network.position.getDn(), network.info)
        if not self.changeset.no_act:
            network.create()
Beispiel #13
0
		kwargs[ 'ldap_connection' ] = lo
		kwargs[ 'ldap_position' ] = po
		try:
			ret = func( *args, **kwargs )
			_ldap_connection = lo
			_ldap_position = po
			return ret
		except (udm_errors.ldapSizelimitExceeded, udm_errors.ldapTimeout), e:
			raise e
		except ( LDAPError, udm_errors.base ), e:
			MODULE.info( 'LDAP operation for user %s has failed' % _user_dn )
			try:
				lo = udm_uldap.access( host = ucr.get( 'ldap/master' ), base = ucr.get( 'ldap/base' ), binddn= _user_dn, bindpw = _password )
				lo.requireLicense()
				po = udm_uldap.position( lo.base )
			except udm_errors.noObject, e:
				raise e
			except ( LDAPError, udm_errors.base ), e:
				raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) )

			kwargs[ 'ldap_connection' ] = lo
			kwargs[ 'ldap_position' ] = po
			try:
				ret = func( *args, **kwargs )
				_ldap_connection = lo
				_ldap_position = po
				return ret
			except (udm_errors.ldapSizelimitExceeded, udm_errors.ldapTimeout), e:
				raise e
			except udm_errors.base, e:
Beispiel #14
0
 def init_udm_module(cls, lo):
     if cls._meta.udm_module in cls._initialized_udm_modules:
         return
     pos = udm_uldap.position(lo.base)
     udm_modules.init(lo, pos, udm_modules.get(cls._meta.udm_module))
     cls._initialized_udm_modules.append(cls._meta.udm_module)