def acquireUnique(lo, position, type, value, attr, scope='base'):
ud.debug(ud.ADMIN, ud.INFO, 'LOCK acquireUnique scope = %s' % scope)
if scope == 'domain':
searchBase = position.getDomain()
else:
searchBase = position.getBase()
if type == "aRecord": # uniqueness is only relevant among hosts (one or more dns entries having the same aRecord as a host are allowed)
univention.admin.locking.lock(lo,
position,
type,
value.encode('utf-8'),
scope=scope)
if not lo.searchDn(base=searchBase,
filter=filter_format(
'(&(objectClass=univentionHost)(%s=%s))',
(attr, value))):
return value
elif type in ['groupName', 'uid'] and configRegistry.is_true(
'directory/manager/user_group/uniqueness', True):
univention.admin.locking.lock(lo,
position,
type,
value.encode('utf-8'),
scope=scope)
if not lo.searchDn(
base=searchBase,
filter=filter_format(
'(|(&(cn=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))(uid=%s))',
(value, value))):
ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value)
return value
elif type == "groupName": # search filter is more complex then in general case
univention.admin.locking.lock(lo,
position,
type,
value.encode('utf-8'),
scope=scope)
if not lo.searchDn(
base=searchBase,
filter=filter_format(
'(&(%s=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))',
(attr, value))):
ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value)
return value
else:
ud.debug(ud.ADMIN, ud.INFO,
'LOCK univention.admin.locking.lock scope = %s' % scope)
univention.admin.locking.lock(lo,
position,
type,
value.encode('utf-8'),
scope=scope)
if not lo.searchDn(base=searchBase,
filter=filter_format('%s=%s', (attr, value))):
ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value)
return value
raise univention.admin.uexceptions.noLock(
_('The attribute %r could not get locked.') % (type, ))
def acquireUnique(lo, position, type, value, attr, scope='base'):
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'LOCK acquireUnique scope = %s' % scope)
if scope=='domain':
searchBase=position.getDomain()
else:
searchBase=position.getBase()
if type=="aRecord": # uniqueness is only relevant among hosts (one or more dns entrys having the same aRecord as a host are allowed)
univention.admin.locking.lock(lo, position, type, value, scope=scope)
if not lo.searchDn(base=searchBase, filter='(&(objectClass=univentionHost)(%s=%s))' % (attr, value)):
return value
elif type in ['groupName', 'uid'] and configRegistry.is_true('directory/manager/user_group/uniqueness', True):
univention.admin.locking.lock(lo, position, type, value, scope=scope)
if not lo.searchDn(base=searchBase, filter='(|(&(cn=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))(uid=%s))' % (value, value)):
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'ALLOCATE return %s'% value)
return value
elif type == "groupName": # search filter is more complex then in general case
univention.admin.locking.lock(lo, position, type, value, scope=scope)
if not lo.searchDn(base=searchBase, filter='(&(%s=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))' % (attr, value)):
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'ALLOCATE return %s'% value)
return value
else:
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'LOCK univention.admin.locking.lock scope = %s' % scope)
univention.admin.locking.lock(lo, position, type, value, scope=scope)
if not lo.searchDn(base=searchBase, filter='%s=%s' % (attr, value)):
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'ALLOCATE return %s'% value)
return value
raise univention.admin.uexceptions.noLock, _(': type was %s')%type
def _check_uid_gid_uniqueness(self):
if not configRegistry.is_true("directory/manager/uid_gid/uniqueness", True):
return
if "posix" in self.options or "samba" in self.options:
fg = univention.admin.filter.expression('uidNumber', self['gidNumber'], escape=True)
user_objects = univention.admin.handlers.users.user.lookup(self.co, self.lo, filter_s=fg)
if user_objects:
raise univention.admin.uexceptions.gidNumberAlreadyUsedAsUidNumber(repr(self["gidNumber"]))
class groupNameAlreadyUsed(base):
if configRegistry.is_true('directory/manager/user_group/uniqueness', True):
message = _('The groupname is already in use as groupname or as username')
else:
message = _('The groupname is already in use')
def acquireUnique(lo, position, type, value, attr, scope='base'):
ud.debug(ud.ADMIN, ud.INFO, 'LOCK acquireUnique scope = %s' % scope)
if scope == 'domain':
searchBase = position.getDomain()
else:
searchBase = position.getBase()
if type == "aRecord": # uniqueness is only relevant among hosts (one or more dns entries having the same aRecord as a host are allowed)
univention.admin.locking.lock(lo,
position,
type,
value.encode('utf-8'),
scope=scope)
if not lo.searchDn(base=searchBase,
filter=filter_format(
'(&(objectClass=univentionHost)(%s=%s))',
(attr, value))):
return value
elif type in ['groupName', 'uid'] and configRegistry.is_true(
'directory/manager/user_group/uniqueness', True):
univention.admin.locking.lock(lo,
position,
type,
value.encode('utf-8'),
scope=scope)
if not lo.searchDn(
base=searchBase,
filter=filter_format(
'(|(&(cn=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))(uid=%s))',
(value, value))):
ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value)
return value
elif type == "groupName": # search filter is more complex then in general case
univention.admin.locking.lock(lo,
position,
type,
value.encode('utf-8'),
scope=scope)
if not lo.searchDn(
base=searchBase,
filter=filter_format(
'(&(%s=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))',
(attr, value))):
ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value)
return value
elif type == 'cn-uid-position':
base = lo.parentDn(value)
attr, value, __ = ldap.dn.str2dn(value)[0][0]
try:
attrs = {'cn': ['uid'], 'uid': ['cn', 'ou'], 'ou': ['uid']}[attr]
except KeyError:
return value
if all(
ldap.dn.str2dn(x)[0][0][0] not in attrs
for x in lo.searchDn(base=base,
filter='(|%s)' % ''.join(
filter_format('(%s=%s)', (attr,
value))
for attr in attrs),
scope=scope)):
return value
raise univention.admin.uexceptions.alreadyUsedInSubtree(
'name=%r position=%r' % (value, base))
else:
ud.debug(ud.ADMIN, ud.INFO,
'LOCK univention.admin.locking.lock scope = %s' % scope)
univention.admin.locking.lock(lo,
position,
type,
value.encode('utf-8'),
scope=scope)
if not lo.searchDn(base=searchBase,
filter=filter_format('%s=%s', (attr, value))):
ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value)
return value
raise univention.admin.uexceptions.noLock(
_('The attribute %r could not get locked.') % (type, ))
"add": [_("Add"), _("Add group object")],
"find": [_("Search"), _("Search group object(s)")]
}
childs = 0
short_description = _('Group')
long_description = ''
options = {
'posix': univention.admin.option(short_description=_('Posix group'),
default=1),
'samba': univention.admin.option(short_description=_('Samba group'),
default=1)
}
# global caching variable
if configRegistry.is_true('directory/manager/samba3/legacy', False):
s4connector_present = False
elif configRegistry.is_false('directory/manager/samba3/legacy', False):
s4connector_present = True
else:
s4connector_present = None
module_search_filter = univention.admin.filter.conjunction(
'&', [
univention.admin.filter.expression('objectClass', 'univentionGroup'),
])
property_descriptions = {
'name':
univention.admin.property(short_description=_('Name'),
long_description='',
childs=0
short_description=_('Group')
long_description=''
options={
'posix': univention.admin.option(
short_description=_('Posix group'),
default=1
),
'samba': univention.admin.option(
short_description=_('Samba group'),
default=1
)
}
# global caching variable
if configRegistry.is_true('directory/manager/samba3/legacy', False):
s4connector_present = False
elif configRegistry.is_false('directory/manager/samba3/legacy', False):
s4connector_present = True
else:
s4connector_present = None
module_search_filter=univention.admin.filter.conjunction('&', [
univention.admin.filter.expression('objectClass', 'univentionGroup'),
])
property_descriptions={
'name': univention.admin.property(
short_description=_('Name'),
long_description='',
