def postrun(): ucr = ConfigRegistry() ucr.load() if ucr.is_true("dhcpd/autostart", False): if ucr.is_true('dhcpd/restart/listener', False): ud.debug(ud.LISTENER, ud.INFO, 'DHCP: Restarting server') try: listener.run('/etc/init.d/univention-dhcp', ['univention-dhcp', 'restart'], uid=0) except Exception, e: ud.debug(ud.ADMIN, ud.WARN, 'The restart of the DHCP server failed: %s' % str(e)) else: ud.debug(ud.ADMIN, ud.INFO, 'DHCP: the automatic restart of the dhcp server by the listener is disabled. Set dhcpd/restart/listener to true to enable this option.')
def main() -> None: """ Set repository server. """ ucr = ConfigRegistry() ucr.load() hostdn = ucr.get('ldap/hostdn') if not hostdn: # can't query policy without host-dn exit(0) online_server = ucr.get('repository/online/server') mirror_server = ucr.get('repository/mirror/server') fqdn = '%(hostname)s.%(domainname)s' % ucr self_update = '%(version/version)s-%(version/patchlevel)s' % ucr ucr_variables = [] # type: List[str] new_server, policy_update = query_policy(hostdn) policy_update or self_update # FIXME: not used - should be pass to `univention-repository-update --updateto=` if ucr.is_true('local/repository'): # on a repository server if not new_server: ucr_variables.append('repository/online/server?%s' % fqdn) elif new_server != mirror_server and new_server != fqdn: ucr_variables.append('repository/mirror/server=%s' % new_server) else: # without a local repository if new_server and new_server != online_server: ucr_variables.append('repository/online/server=%s' % new_server) if ucr_variables: handler_set(ucr_variables)
def write_cron_job(configRegistry: ConfigRegistry, cron: str, updateto: str, reboot: str, try_release_update: bool) -> None: with open(CRON_D, 'w') as file: file.write('# cron job for update\n') file.write('PATH=/sbin:/usr/sbin:/usr/bin:/bin\n') if cron == '* * * * * ': return cmd = ['/usr/sbin/jitter 600 true'] if try_release_update: cmd.append( '/usr/share/univention-updater/univention-updater %s %s --silent --noninteractive' % ( 'local' if configRegistry.is_true('local/repository') else 'net', '--updateto=%s' % (quote(updateto), ) if updateto else '', )) cmd.append( '/usr/share/univention-updater/univention-actualise --dist-upgrade --silent' ) if reboot: cmd.append( 'if [ -f /run/univention-updater-reboot ];then ' 'at -f /var/lib/univention-updater/reboot.at -- %s 2>/dev/null;' 'rm -f /run/univention-updater-reboot;' 'fi' % (quote(reboot), )) print('%s\troot\t%s' % (cron, ';'.join(cmd)), file=file)
def postrun(): baseConfig = ConfigRegistry() baseConfig.load() if baseConfig.is_true('nscd/group/invalidate_cache_on_changes', False) and baseConfig.is_false('nss/group/cachefile', True): listener.setuid(0) try: univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, "calling 'nscd -i group'") listener.run('/usr/sbin/nscd', ['nscd', '-i', 'group'], uid=0) except: univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR, "nscd -i group was not successful") listener.unsetuid()
def postrun(): ucr = ConfigRegistry() ucr.load() if ucr.is_true("dhcpd/autostart", False): if ucr.is_true('dhcpd/restart/listener', False): ud.debug(ud.LISTENER, ud.INFO, 'DHCP: Restarting server') try: listener.run('/etc/init.d/univention-dhcp', ['univention-dhcp', 'restart'], uid=0) except Exception as e: ud.debug(ud.ADMIN, ud.WARN, 'The restart of the DHCP server failed: %s' % str(e)) else: ud.debug( ud.ADMIN, ud.INFO, 'DHCP: the automatic restart of the dhcp server by the listener is disabled. Set dhcpd/restart/listener to true to enable this option.' ) else: ud.debug(ud.LISTENER, ud.INFO, 'DHCP: dcpd disabled in config_registry - not started.')
def postrun(): # type: () -> None configRegistry = ConfigRegistry() # TODO: why not listener.configRegistry? configRegistry.load() if configRegistry.is_true('nscd/group/invalidate_cache_on_changes', False) and configRegistry.is_false( 'nss/group/cachefile', True): listener.setuid(0) try: ud.debug(ud.LISTENER, ud.INFO, "calling 'nscd -i group'") listener.run('/usr/sbin/nscd', ['nscd', '-i', 'group'], uid=0) except Exception: ud.debug(ud.LISTENER, ud.ERROR, "nscd -i group was not successful") finally: listener.unsetuid()
def s4connector_present(): # type: () -> bool ucr = ConfigRegistry() ucr.load() if ucr.is_true('directory/manager/samba3/legacy', False): return False if ucr.is_false('directory/manager/samba3/legacy', False): return True for dn, attr in get_ldap_connection().search( filter= '(&(|(objectClass=univentionDomainController)(objectClass=univentionMemberServer))(univentionService=S4 Connector))', attr=['aRecord']): if 'aRecord' in attr: return True return False
def is_true(self, key): value = self.get(key) if value: value = value.lower() ucr = ConfigRegistry() return ucr.is_true(value=value)
sys.exit(1) if '%s/ad/ldap/port' % CONFIGBASENAME not in baseConfig: print '%s/ad/ldap/port not set' % CONFIGBASENAME sys.exit(1) if '%s/ad/ldap/base' % CONFIGBASENAME not in baseConfig: print '%s/ad/ldap/base not set' % CONFIGBASENAME sys.exit(1) if '%s/ad/ldap/binddn' % CONFIGBASENAME not in baseConfig: print '%s/ad/ldap/binddn not set' % CONFIGBASENAME sys.exit(1) if '%s/ad/ldap/bindpw' % CONFIGBASENAME not in baseConfig: print '%s/ad/ldap/bindpw not set' % CONFIGBASENAME sys.exit(1) ca_file = baseConfig.get('%s/ad/ldap/certificate' % CONFIGBASENAME) if baseConfig.is_true('%s/ad/ldap/ssl' % CONFIGBASENAME, True) or baseConfig.is_true( '%s/ad/ldap/ldaps' % CONFIGBASENAME, False): if ca_file: # create a new CAcert file, which contains the UCS CA and the AD CA, # see Bug #17768 for details # https://forge.univention.org/bugzilla/show_bug.cgi?id=17768 new_ca_filename = '/var/cache/univention-ad-connector/CAcert-%s.pem' % CONFIGBASENAME new_ca = open(new_ca_filename, 'w') ca = open('/etc/univention/ssl/ucsCA/CAcert.pem', 'r') new_ca.write(string.join(ca.readlines(), '')) ca.close() ca = open(baseConfig['%s/ad/ldap/certificate' % CONFIGBASENAME]) new_ca.write(string.join(ca.readlines(), '')) ca.close()
def connect(): print(time.ctime()) baseConfig = ConfigRegistry() baseConfig.load() if '%s/ad/ldap/host' % CONFIGBASENAME not in baseConfig: print('%s/ad/ldap/host not set' % CONFIGBASENAME) sys.exit(1) if '%s/ad/ldap/port' % CONFIGBASENAME not in baseConfig: print('%s/ad/ldap/port not set' % CONFIGBASENAME) sys.exit(1) if '%s/ad/ldap/base' % CONFIGBASENAME not in baseConfig: print('%s/ad/ldap/base not set' % CONFIGBASENAME) sys.exit(1) if '%s/ad/ldap/binddn' % CONFIGBASENAME not in baseConfig: print('%s/ad/ldap/binddn not set' % CONFIGBASENAME) sys.exit(1) if '%s/ad/ldap/bindpw' % CONFIGBASENAME not in baseConfig: print('%s/ad/ldap/bindpw not set' % CONFIGBASENAME) sys.exit(1) ca_file = baseConfig.get('%s/ad/ldap/certificate' % CONFIGBASENAME) if baseConfig.is_true('%s/ad/ldap/ssl' % CONFIGBASENAME, True) or baseConfig.is_true('%s/ad/ldap/ldaps' % CONFIGBASENAME, False): if ca_file: # create a new CAcert file, which contains the UCS CA and the AD CA, # see Bug #17768 for details # https://forge.univention.org/bugzilla/show_bug.cgi?id=17768 new_ca_filename = '/var/cache/univention-ad-connector/CAcert-%s.pem' % CONFIGBASENAME new_ca = open(new_ca_filename, 'w') ca = open('/etc/univention/ssl/ucsCA/CAcert.pem', 'r') new_ca.write(''.join(ca.readlines())) ca.close() ca = open(baseConfig['%s/ad/ldap/certificate' % CONFIGBASENAME]) new_ca.write(''.join(ca.readlines())) ca.close() new_ca.close() ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, new_ca_filename) else: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) if '%s/ad/listener/dir' % CONFIGBASENAME not in baseConfig: print('%s/ad/listener/dir not set' % CONFIGBASENAME) sys.exit(1) if '%s/ad/retryrejected' % CONFIGBASENAME not in baseConfig: baseconfig_retry_rejected = 10 else: baseconfig_retry_rejected = baseConfig['%s/ad/retryrejected' % CONFIGBASENAME] ad_ldap_bindpw = open(baseConfig['%s/ad/ldap/bindpw' % CONFIGBASENAME]).read() if ad_ldap_bindpw[-1] == '\n': ad_ldap_bindpw = ad_ldap_bindpw[0:-1] poll_sleep = int(baseConfig['%s/ad/poll/sleep' % CONFIGBASENAME]) ad_init = None while not ad_init: try: ad = univention.connector.ad.ad( CONFIGBASENAME, mapping.ad_mapping, baseConfig, baseConfig['%s/ad/ldap/host' % CONFIGBASENAME], baseConfig['%s/ad/ldap/port' % CONFIGBASENAME], baseConfig['%s/ad/ldap/base' % CONFIGBASENAME], baseConfig['%s/ad/ldap/binddn' % CONFIGBASENAME], ad_ldap_bindpw, baseConfig['%s/ad/ldap/certificate' % CONFIGBASENAME], baseConfig['%s/ad/listener/dir' % CONFIGBASENAME] ) ad_init = True except ldap.SERVER_DOWN: print("Warning: Can't initialize LDAP-Connections, wait...") sys.stdout.flush() time.sleep(poll_sleep) # Initialisierung auf UCS und AD Seite durchfuehren ad_init = None ucs_init = None while not ucs_init: try: ad.initialize_ucs() ucs_init = True except ldap.SERVER_DOWN: print("Can't contact LDAP server during ucs-poll, sync not possible.") sys.stdout.flush() time.sleep(poll_sleep) ad.open_ad() ad.open_ucs() while not ad_init: try: ad.initialize() ad_init = True except ldap.SERVER_DOWN: print("Can't contact LDAP server during ucs-poll, sync not possible.") sys.stdout.flush() time.sleep(poll_sleep) ad.open_ad() ad.open_ucs() retry_rejected = 0 connected = True while connected: print(time.ctime()) # Aenderungen pollen sys.stdout.flush() while True: # Read changes from OpenLDAP try: change_counter = ad.poll_ucs() if change_counter > 0: # UCS changes, read again from UCS retry_rejected = 0 time.sleep(1) continue else: break except ldap.SERVER_DOWN: print("Can't contact LDAP server during ucs-poll, sync not possible.") connected = False sys.stdout.flush() break while True: try: change_counter = ad.poll() if change_counter > 0: # AD changes, read again from AD retry_rejected = 0 time.sleep(1) continue else: break except ldap.SERVER_DOWN: print("Can't contact LDAP server during ad-poll, sync not possible.") connected = False sys.stdout.flush() break try: if str(retry_rejected) == baseconfig_retry_rejected: ad.resync_rejected_ucs() ad.resync_rejected() retry_rejected = 0 else: retry_rejected += 1 except ldap.SERVER_DOWN: print("Can't contact LDAP server during resync rejected, sync not possible.") connected = False sys.stdout.flush() change_counter = 0 retry_rejected += 1 print('- sleep %s seconds (%s/%s until resync) -' % (poll_sleep, retry_rejected, baseconfig_retry_rejected)) sys.stdout.flush() time.sleep(poll_sleep) ad.close_debug()
def is_enabled(): ucr = ConfigRegistry() ucr.load() return ucr.is_true("umc/self-service/passwordreset/email/enabled")
def handler(*args, **kw): log.info("kolab.handler(args(%d): %r, kw: %r)" % (len(args), args, kw)) auth = Auth() auth.connect() if len(args) == 4: # moddn dn = args[0] new = utils.normalize(args[1]) old = utils.normalize(args[2]) command = args[4] pass elif len(args) == 3: dn = args[0] new = utils.normalize(args[1]) old = utils.normalize(args[2]) if isinstance(old, dict) and len(old.keys()) > 0: # Two options: # - entry changed # - entry deleted log.info("user %r, old is dict" % (dn)) if isinstance(new, dict) and len(new.keys()) > 0: log.info("Modify entry %r" % (dn)) mailserver_attribute = conf.get('ldap', 'mailserver_attribute').lower() if mailserver_attribute == None: log.error("Mail server attribute is not set") return if old.has_key(mailserver_attribute): log.info("Modified entry %r has mail server attribute %s: %r" % (dn, mailserver_attribute, new[mailserver_attribute])) if not old[mailserver_attribute] == constants.fqdn: # Even though the new mailserver can be us, it is the # *current* mail server that needs to push for the XFER. log.info("The mail server for user %r is set, and it is not me (%r)" % (dn, old[mailserver_attribute])) return else: # If old has no mailserver attribute, but new does, we need to create # the user locally. if new.has_key(mailserver_attribute): if not new[mailserver_attribute] == constants.fqdn: log.info("The mail server for user %r is set (in new, not old), but it is not me (%r)" % (dn, new[mailserver_attribute])) return else: log.info("Entry %r does not have a mail server attribute." % (dn)) return auth._auth._synchronize_callback( change_type = 'modify', previous_dn = None, change_number = None, dn = dn, entry = new ) else: log.info("Delete entry %r" % (dn)) # See if the mailserver_attribute exists mailserver_attribute = conf.get('ldap', 'mailserver_attribute').lower() if mailserver_attribute == None: log.error("Mail server attribute is not set") # TODO: Perhaps, query for IMAP servers. If there is only one, # we know what to do. return if old.has_key(mailserver_attribute): log.info("Deleted entry %r has mail server attribute %s: %r" % (dn, mailserver_attribute, old[mailserver_attribute])) if not old[mailserver_attribute] == constants.fqdn: log.info("The mail server for user %r is set, and it is not me (%r)" % (dn, old[mailserver_attribute])) return else: log.info("Entry deletion notification for %r does not have a mail server attribute specified." % (dn)) cfg = ConfigRegistry() cfg.load() if cfg.is_true('mail/cyrus/mailbox/delete', True): auth._auth._synchronize_callback( change_type = 'delete', previous_dn = None, change_number = None, dn = dn, entry = old ) elif isinstance(new, dict) and len(new.keys()) > 0: # Old is not a dict (or empty), so the entry is just created log.info("Add entry %r" % (dn)) # See if the mailserver_attribute exists mailserver_attribute = conf.get('ldap', 'mailserver_attribute').lower() if mailserver_attribute == None: log.error("Mail server attribute is not set") # TODO: Perhaps, query for IMAP servers. If there is only one, # we know what to do. return if new.has_key(mailserver_attribute): log.info("Added entry %r has mail server attribute %s: %r" % (dn, mailserver_attribute, new[mailserver_attribute])) if not new[mailserver_attribute] == constants.fqdn: log.info("The mail server for user %r is set, and it is not me (%r)" % (dn, new[mailserver_attribute])) return else: log.info("Added entry %r does not have a mail server attribute set." % (dn)) return auth._auth._synchronize_callback( change_type = 'add', previous_dn = None, change_number = None, dn = dn, entry = new ) else: log.info("entry %r changed, but no new or old attributes" % (dn))
), }, ucs_create_functions=[ univention.connector.set_ucs_passwd_user, univention.connector.check_ucs_lastname_user, univention.connector.set_primary_group_user ], post_con_modify_functions=list(filter(None, [ univention.connector.ad.set_userPrincipalName_from_ucr, univention.connector.ad.password.password_sync_ucs if configRegistry.is_false('connector/ad/mapping/user/password/disabled', True) else None, univention.connector.ad.primary_group_sync_from_ucs, univention.connector.ad.object_memberships_sync_from_ucs, univention.connector.ad.disable_user_from_ucs, ])), post_ucs_modify_functions=list(filter(None, [ univention.connector.ad.password.password_sync_kinit if configRegistry.is_false('connector/ad/mapping/user/password/disabled', True) and configRegistry.is_true('connector/ad/mapping/user/password/kinit', False) else None, univention.connector.ad.password.password_sync if configRegistry.is_false('connector/ad/mapping/user/password/disabled', True) and not configRegistry.is_true('connector/ad/mapping/user/password/kinit', False) else None, univention.connector.ad.set_univentionObjectFlag_to_synced, univention.connector.ad.primary_group_sync_to_ucs, univention.connector.ad.object_memberships_sync_to_ucs, univention.connector.ad.disable_user_to_ucs, ])), post_attributes={ 'organisation': univention.connector.attribute( ucs_attribute='organisation', ldap_attribute='o', con_attribute=configRegistry.get('connector/ad/mapping/organisation', 'company'), ), 'Exchange-Homeserver': univention.connector.attribute( ucs_attribute='Exchange-Homeserver', ldap_attribute='univentionADmsExchHomeServerName',
import pytest import subprocess import time from univention.admin.rest.client import UDM as UDMClient, Forbidden, Unauthorized, PreconditionFailed from univention.config_registry import ConfigRegistry, handler_set from univention.testing.utils import UCSTestDomainAdminCredentials from univention.testing.udm import UDM from univention.lib.misc import custom_groupname ucr = ConfigRegistry() ucr.load() if ucr.is_true('ad/member'): # REST server needs to reload UCR variables for "Domain Adminis" group name subprocess.call(['service', 'univention-directory-manager-rest', 'restart']) class UDMClient(UDMClient): @classmethod def master_connection(cls, username, password): return cls.http('https://%s/univention/udm/' % (ucr['ldap/master'],), username, password) @classmethod def test_connection(cls): account = UCSTestDomainAdminCredentials(ucr) return cls.master_connection(account.username, account.bindpw)
def handler(*args, **kw): log.info("kolab.handler(args(%d): %r, kw: %r)" % (len(args), args, kw)) auth = Auth() auth.connect() if len(args) == 4: # moddn dn = args[0] new = utils.normalize(args[1]) old = utils.normalize(args[2]) command = args[4] pass elif len(args) == 3: dn = args[0] new = utils.normalize(args[1]) old = utils.normalize(args[2]) if isinstance(old, dict) and len(old.keys()) > 0: # Two options: # - entry changed # - entry deleted log.info("user %r, old is dict" % (dn)) if isinstance(new, dict) and len(new.keys()) > 0: log.info("Modify entry %r" % (dn)) mailserver_attribute = conf.get( 'ldap', 'mailserver_attribute').lower() if mailserver_attribute is None: log.error("Mail server attribute is not set") return if mailserver_attribute in old: log.info( "Modified entry %r has mail server attribute %s: %r" % (dn, mailserver_attribute, new[mailserver_attribute])) if not old[mailserver_attribute] == constants.fqdn: # Even though the new mailserver can be us, it is the # *current* mail server that needs to push for the XFER. log.info( "The mail server for user %r is set, and it is not me (%r)" % (dn, old[mailserver_attribute])) return else: # If old has no mailserver attribute, but new does, we need to create # the user locally. if mailserver_attribute in new: if not new[mailserver_attribute] == constants.fqdn: log.info( "The mail server for user %r is set (in new, not old), but it is not me (%r)" % (dn, new[mailserver_attribute])) return else: log.info( "Entry %r does not have a mail server attribute." % (dn)) return auth._auth._synchronize_callback(change_type='modify', previous_dn=None, change_number=None, dn=dn, entry=new) else: log.info("Delete entry %r" % (dn)) # See if the mailserver_attribute exists mailserver_attribute = conf.get( 'ldap', 'mailserver_attribute').lower() if mailserver_attribute is None: log.error("Mail server attribute is not set") # TODO: Perhaps, query for IMAP servers. If there is only one, # we know what to do. return if mailserver_attribute in old: log.info( "Deleted entry %r has mail server attribute %s: %r" % (dn, mailserver_attribute, old[mailserver_attribute])) if not old[mailserver_attribute] == constants.fqdn: log.info( "The mail server for user %r is set, and it is not me (%r)" % (dn, old[mailserver_attribute])) return else: log.info( "Entry deletion notification for %r does not have a mail server attribute specified." % (dn)) cfg = ConfigRegistry() cfg.load() if cfg.is_true('mail/cyrus/mailbox/delete', True): auth._auth._synchronize_callback(change_type='delete', previous_dn=None, change_number=None, dn=dn, entry=old) elif isinstance(new, dict) and len(new.keys()) > 0: # Old is not a dict (or empty), so the entry is just created log.info("Add entry %r" % (dn)) # See if the mailserver_attribute exists mailserver_attribute = conf.get('ldap', 'mailserver_attribute').lower() if mailserver_attribute is None: log.error("Mail server attribute is not set") # TODO: Perhaps, query for IMAP servers. If there is only one, # we know what to do. return if mailserver_attribute in new: log.info("Added entry %r has mail server attribute %s: %r" % (dn, mailserver_attribute, new[mailserver_attribute])) if not new[mailserver_attribute] == constants.fqdn: log.info( "The mail server for user %r is set, and it is not me (%r)" % (dn, new[mailserver_attribute])) return else: log.info( "Added entry %r does not have a mail server attribute set." % (dn)) return auth._auth._synchronize_callback(change_type='add', previous_dn=None, change_number=None, dn=dn, entry=new) else: log.info("entry %r changed, but no new or old attributes" % (dn))
parser.add_option("-t", "--test", dest="test", help="test run", action="store_true", default=False) options, args = parser.parse_args() syslog.openlog(ident="listfilter", logoption=syslog.LOG_PID, facility=syslog.LOG_MAIL) ucr = ConfigRegistry() ucr.load() univention.admin.modules.update() usersmod = univention.admin.modules.get("users/user") check_sasl_username = ucr.is_true( "mail/postfix/policy/listfilter/use_sasl_username", True) _do_debug = ucr.is_true("mail/postfix/policy/listfilter/debug", False) def debug(msg, *args): if _do_debug: msg = "listfilter: {}".format(msg % args) if options.test: sys.stderr.write("{}\n".format(msg)) else: syslog.syslog(syslog.LOG_DEBUG, msg) def listfilter(attrib): if check_sasl_username: sender = attrib.get("sasl_username", None)
WARN=ud.WARN, WARNING=ud.WARN, INFO=ud.PROCESS, DEBUG=ud.ALL, NOTSET=ud.ALL) LOGGING_TO_SYSLOG = dict(CRITICAL=syslog.LOG_CRIT, ERROR=syslog.LOG_ERR, WARN=syslog.LOG_WARNING, WARNING=syslog.LOG_WARNING, INFO=syslog.LOG_INFO, DEBUG=syslog.LOG_DEBUG, NOTSET=syslog.LOG_DEBUG) ucr = ConfigRegistry() ucr.load() _werror = ucr.is_true("office365/debug/werror", False) def get_logger(logger_name, short_name=None, udebug_facility=ud.LISTENER): logger = logging.getLogger(logger_name) if not any(map(lambda x: isinstance(x, UDebugHandler), logger.handlers)): handler = UDebugHandler(udebug_facility=udebug_facility) handler.set_name(short_name or logger_name) handler.setFormatter(LevelDependentFormatter()) handler.setLevel(logging.DEBUG) logger.addHandler(handler) logger.setLevel(logging.DEBUG) return logger class LevelDependentFormatter(logging.Formatter):
IMPORT_USER_DATA_DIR = '/var/lib/ucs-school-import' SHARE_DIR = '/usr/share/ucs-school-import-http-api' VAR_LIB_DIR = '/var/lib/ucs-school-import-http-api' SPOOL_DIR = '/var/spool/ucs-school-import' POSTGRES_USER = '******' POSTGRES_DB = 'importhttpapi' POSTGRES_HOST = 'localhost' POSTGRES_PORT = '5432' RABBITMQ_VHOST = "importhttpapi" with open(os.path.join(CONF_DIR, 'django_key.secret'), 'rb') as fp: SECRET_KEY = fp.read().strip() # SECURITY WARNING: don't run with debug turned on in production! DEBUG = ucr.is_true('ucsschool/import/http_api/django_debug') if 'ucsschool/import/http_api/ALLOWED_HOSTS' in ucr: ALLOWED_HOSTS = [ h.strip() for h in ucr.get('ucsschool/import/http_api/ALLOWED_HOSTS').split(',') ] else: ALLOWED_HOSTS = [ '127.0.0.1', 'localhost', '{}.{}'.format(ucr['hostname'], ucr['domainname']) ] for k, v in ucr.items(): if re.match(r'^interfaces/.*/address$', k): ALLOWED_HOSTS.append(v)
}, }, "attribute_map_dir": os.path.dirname(saml2.attributemaps.__file__), "key_file": "/etc/univention/ssl/%s/private.key" % (fqdn, ), "cert_file": "/etc/univention/ssl/%s/cert.pem" % (fqdn, ), "xmlsec_binary": "/usr/bin/xmlsec1", "metadata": { "local": glob.glob('/usr/share/univention-management-console/saml/idp/*.xml'), }, "debug": ucr.is_true('umc/saml/debug', False), "contact_person": [{ "givenname": ucr.get('umc/saml/contact-person/%s/givenname' % (type_, ), ''), "surname": ucr.get('umc/saml/contact-person/%s/surname' % (type_, ), ''), "company": ucr.get('umc/saml/contact-person/%s/company' % (type_, ), ''), "mail": [ x.strip() for x in ucr.get('umc/saml/contact-person/%s/mail' % (type_, ), '').split(',') if x.strip() ], "type": type_, } for type_ in ('technical', 'administrative')