Ejemplo n.º 1
0
def connected_users():
    listener.setuid(0)
    lo = ul.getMachineConnection()
    users = lo.search('univentionOpenvpnAccount=1')
    users = map(lambda user: "******" % user[1].get('uid', [None])[0], users)
    myname = listener.baseConfig['hostname']
    me = lo.search('cn=%s' % myname)
    listener.unsetuid()
    connected_users = userlist()

    # append not connected users
    for user in users:
        if not any(u['name'] == user for u in connected_users):
            connected_users.append({'name': user, 'connected': 0, 'type': 0, 'realip': '', 'virtips': '', 'cons': '', 'conr': '', 'recv': 0, 'sent': 0})

    for user in connected_users:
        user['cert'] = os.popen("/usr/sbin/univention-certificate dump -name %s|grep 'Not After'|cut -d ':' -f2-" % user['name']).read()

    data = {"users": connected_users}

    count = str(len(connected_users))

    query = web.ctx.query
    if query:
        # jsonp
        queries = query.split('&')
        callback = queries[0].split('=')[1]
        return '%s({"draw": 1, "recordsTotal": %s, "recordsFiltered": %s, "data": %s});' % (callback, count, count, json.dumps(data))
    else:
        return '{"data": %s}' % json.dumps(data)
Ejemplo n.º 2
0
def license_stats():
    listener.setuid(0)
    lo = ul.getMachineConnection()
    users = lo.search('univentionOpenvpnAccount=1')
    myname = listener.baseConfig['hostname']
    me = lo.search('cn=%s' % myname)
    try:
        key = me[0][1]['univentionOpenvpnLicense'][0]
    except:
        key = ""
    listener.unsetuid()
    connected_users = userlist()

    c_connected_users = len(connected_users)
    c_users = len(users)
    c_licenced = univention_openvpn_common.maxvpnusers(0, key)
    try:
        l = univention_openvpn_common.license(0, key)
        valid = str(date.fromordinal(l['vdate']))
    except:
        valid = "No valid license on this host"

    info = {"expiration": valid, "connected": c_connected_users, "total": c_users, "licenced": c_licenced}

    count = str(len(connected_users))

    query = web.ctx.query
    if query:
        # jsonp
        queries = query.split('&')
        callback = queries[0].split('=')[1]
        return '%s({"draw": 1, "recordsTotal": %s, "recordsFiltered": %s, "info": %s});' % (callback, count, count, json.dumps(info))
    else:
        return '{"info": %s}' % json.dumps(info)
Ejemplo n.º 3
0
def handler(dn, new, old, cmd):
    ud.debug(ud.LISTENER, ud.INFO, '2 master2 handler')

    if cmd == 'n':
        return

    name = new.get('cn', [None])[0]
    port = new.get('univentionOpenvpnPort', [None])[0]
    addr = new.get('univentionOpenvpnAddress', [None])[0]

    if not name or not port or not addr:
        return

    listener.setuid(0)
    lo = ul.getMachineConnection()
    vpnusers = lo.search('(univentionOpenvpnAccount=1)')

    if not univention_openvpn_common.check_user_count(2):                                                                                                                                                                                 
        return          # do nothing

    for user in vpnusers:
        uid = user[1].get('uid', [None])[0]
        home = user[1].get('homeDirectory', ['/dev/null'])[0]
        ud.debug(ud.LISTENER, ud.INFO, '2 Create new certificate for %s in %s' % (uid, home))

        proto = 'udp6' if addr and addr.count(':') else 'udp'

        if uid and home:
        # update bundle for this openvpn server with new config
            try:
                listener.run('/usr/lib/openvpn-int/create-bundle', ['create-bundle', 'no', uid, home, name, addr, port, proto], uid=0)
            finally:
                listener.unsetuid()

    listener.unsetuid()
Ejemplo n.º 4
0
def check_sitetosite(no):
    listener.setuid(0)
    lo = ul.getMachineConnection()

    servers = lo.search('(univentionOpenvpnLicense=*)')

    sitetosite = False
    for server in servers:
        key = server[1].get('univentionOpenvpnLicense', [None])[0]
        try:
            l = license(no, key)
            ud.debug(ud.LISTENER, ud.INFO, '%d Processing license with ID %s:' % (no, l['id']))
            ud.debug(ud.LISTENER, ud.INFO, '%d Valid until: %s' % (no, date.fromordinal(l['vdate'])))
            ud.debug(ud.LISTENER, ud.INFO, '%d Users: %s' % (no, l['u']))
            ud.debug(ud.LISTENER, ud.INFO, '%d Site-2-Site: %s' % (no, l['s2s']))
            if l.get('s2s'): sitetosite = True
            break
        except:
            pass
    listener.unsetuid()
    if not sitetosite:
        ud.debug(ud.LISTENER, ud.INFO, '%d Skipping actions' % no)
        return False
    else:
        return True
Ejemplo n.º 5
0
def change_net(network, netmask, ccd, fn_ips, ipv6):
    if ipv6:
        option = "ifconfig-ipv6-push"
        appendix = "/" + network.split('/')[1] + "\n"
    else:
        option = "ifconfig-push"
        appendix = " " + netmask + "\n"

    ip_map_new = []
    listener.setuid(0)
    lo = ul.getMachineConnection()
    users = lo.search('univentionOpenvpnAccount=1')
    listener.unsetuid()

    users = map(lambda user: user[1].get('uid', [None])[0], users)

    for name in users:
        ip_new = generate_ip(network, ip_map_new)
        ip_map_new.append((name, ip_new))

        # write entry in ccd
        cc = univention_openvpn_common.load_rc(3, ccd + name + ".openvpn")
        if cc is None:
            cc = []
        else:
            cc = [x for x in cc if not re.search(option, x)]
        cc.append(option + " " + ip_new + appendix)
        univention_openvpn_common.write_rc(3, cc, ccd + name + ".openvpn")

    univention_openvpn_common.write_ip_map(3, ip_map_new, fn_ips)
Ejemplo n.º 6
0
	def to_dict(self, package_manager):
		ucr.load()
		res = copy.copy(self._options)
		res['component_id'] = self.component_id
		res['cannot_install_reason'], res['cannot_install_reason_detail'] = self.cannot_install_reason(package_manager)
		cannot_install_reason = res['cannot_install_reason']

		res['can_update'] = self.can_be_updated() and cannot_install_reason == 'installed'
		res['can_install'] = cannot_install_reason is None
		res['is_installed'] = res['can_uninstall'] = cannot_install_reason == 'installed'
		res['allows_using'] = LICENSE.allows_using(self.get('notifyvendor'))
		res['is_joined'] = os.path.exists('/var/univention-join/joined')
		res['is_master'] = ucr.get('server/role') == 'domaincontroller_master'
		res['show_ldap_schema_confirmation'] = not res['is_master']
		if res['is_master']:
			try:
				import univention.admin.handlers.computers.domaincontroller_backup
				lo = uldap.getMachineConnection()
				res['show_ldap_schema_confirmation'] = 0 < len(univention.admin.handlers.computers.domaincontroller_backup.lookup(None, lo, None))
				del lo
			except (LDAPError, ImportError):
				res['show_ldap_schema_confirmation'] = True
		res['server'] = self.get_server()
		res['server_version'] = ucr.get('version/version')
		return res
Ejemplo n.º 7
0
    def to_dict(self, package_manager):
        ucr.load()
        res = copy.copy(self._options)
        res['component_id'] = self.component_id
        res['cannot_install_reason'], res[
            'cannot_install_reason_detail'] = self.cannot_install_reason(
                package_manager)
        cannot_install_reason = res['cannot_install_reason']

        res['can_update'] = self.can_be_updated(
        ) and cannot_install_reason == 'installed'
        res['can_install'] = cannot_install_reason is None
        res['is_installed'] = res[
            'can_uninstall'] = cannot_install_reason == 'installed'
        res['allows_using'] = LICENSE.allows_using(self.get('notifyvendor'))
        res['is_joined'] = os.path.exists('/var/univention-join/joined')
        res['is_master'] = ucr.get('server/role') == 'domaincontroller_master'
        res['show_ldap_schema_confirmation'] = not res['is_master']
        if res['is_master']:
            try:
                import univention.admin.handlers.computers.domaincontroller_backup
                lo = uldap.getMachineConnection()
                res['show_ldap_schema_confirmation'] = 0 < len(
                    univention.admin.handlers.computers.
                    domaincontroller_backup.lookup(None, lo, None))
                del lo
            except (LDAPError, ImportError):
                res['show_ldap_schema_confirmation'] = True
        res['server'] = self.get_server()
        res['server_version'] = ucr.get('version/version')
        return res
Ejemplo n.º 8
0
def check_user_count(no):
    listener.setuid(0)
    lo = ul.getMachineConnection()

    servers = lo.search('(univentionOpenvpnLicense=*)')

    vpnusers = lo.search('(univentionOpenvpnAccount=1)')
    vpnuc = len(vpnusers)
    maxu = 5
    for server in servers:
        key = server[1].get('univentionOpenvpnLicense', [None])[0]
        try:
            l = license(no, key)
            ud.debug(ud.LISTENER, ud.INFO, '%d Processing license with ID %s:' % (no, l['id']))
            ud.debug(ud.LISTENER, ud.INFO, '%d Valid until: %s' % (no, date.fromordinal(l['vdate'])))
            ud.debug(ud.LISTENER, ud.INFO, '%d Users: %s' % (no, l['u']))
            ud.debug(ud.LISTENER, ud.INFO, '%d Site-2-Site: %s' % (no, l['s2s']))
        except:
            pass
        mu = maxvpnusers(no, key)
        if mu > maxu: maxu = mu
    ud.debug(ud.LISTENER, ud.INFO, '%d Found %u active openvpn users (%u allowed)' % (no, vpnuc, maxu))
    listener.unsetuid()
    if vpnuc > maxu:
        ud.debug(ud.LISTENER, ud.INFO, '%d Skipping actions' % no)
        return False
    else:
        return True
def main():
    usage = "usage: %prog [options]"
    parser = optparse.OptionParser(usage=usage, description=__doc__)
    parser.add_option("-f",
                      "--filter",
                      help="resync objects from master found by this filter")
    parser.add_option("-r",
                      "--remove",
                      action="store_true",
                      help="remove objects in local database before resync")
    parser.add_option("-s",
                      "--simulate",
                      action="store_true",
                      help="dry run, do not remove or add")
    opts, args = parser.parse_args()

    ucr = univention.config_registry.ConfigRegistry()
    ucr.load()
    base = ucr.get("ldap/base")
    binddn = "cn=update,%s" % base
    with open("/etc/ldap/rootpw.conf", "r") as fh:
        for line in fh:
            line = line.strip()
            if line.startswith('rootpw '):
                bindpw = line[7:].strip('"')
                break
        else:
            exit(1)

    if not opts.filter:
        opts.filter = '(uid=%s$)' % ucr['hostname']

    # get local and master connection
    local = uldap.access(binddn=binddn,
                         bindpw=bindpw,
                         start_tls=0,
                         host="localhost",
                         port=389)
    if ucr.get("server/role", "") == "domaincontroller_backup":
        master = uldap.getAdminConnection()
    else:
        master = uldap.getMachineConnection(ldap_master=True)

    # delete local
    if opts.remove:
        res = local.search(base=base, filter=opts.filter)
        for dn, data in res:
            print("remove from local: %s" % (dn, ))
            if not opts.simulate:
                local.delete(dn)

    # resync from master
    res = master.search(base=base, filter=opts.filter)
    for dn, data in res:
        print("resync from master: %s" % (dn, ))
        if not opts.simulate:
            local.add(dn, ldap.modlist.addModlist(data))
 def lookup_user(self, username):
     try:
         ldap = getMachineConnection(ldap_master=True)
         ldap_filter = filter_format("(&(objectClass=person)(uid=%s))",
                                     (username, ))
         result = ldap.searchDn(ldap_filter)
         self.binddn = result[0]
     except LDAPError as ex:
         self.logger.warn("Failed LDAP search for '%s': %s", username, ex)
         self.available = False
Ejemplo n.º 11
0
 def reload(self, force=False):
     if self.uuid is not None and not force:
         # license with uuid has already been found
         return
     self.uuid = None
     # last time we checked, no uuid was found
     # but maybe the user installed a new license?
     try:
         _lo = uldap.getMachineConnection(ldap_master=False)
         data = _lo.search('objectClass=univentionLicense')
         del _lo
         self.uuid = data[0][1]['univentionLicenseKeyID'][0]
     except Exception as e:
         # no licensing available
         MODULE.warn('Failed to load license information: %s' % e)
Ejemplo n.º 12
0
	def reload(self, force=False):
		if self.uuid is not None and not force:
			# license with uuid has already been found
			return
		self.uuid = None
		# last time we checked, no uuid was found
		# but maybe the user installed a new license?
		try:
			_lo = uldap.getMachineConnection(ldap_master=False)
			data = _lo.search('objectClass=univentionLicense')
			del _lo
			self.uuid = data[0][1]['univentionLicenseKeyID'][0]
		except Exception as e:
			# no licensing available
			MODULE.warn('Failed to load license information: %s' % e)
Ejemplo n.º 13
0
 def dump_data(self):
     # we could return infos we have in this object itself.
     # but dont be too clever here. just dump
     # everything we have in LDAP.
     try:
         _lo = uldap.getMachineConnection()
         data = _lo.search('objectClass=univentionLicense')
         del _lo
         # just one license (should be always the case)
         # return the dictionary without the dn
         data = ldif.CreateLDIF(data[0][0], data[0][1])
         return data
     except Exception as e:
         # no udm, no ldap, malformed return value, whatever
         MODULE.error('getting License from LDAP failed: %s' % e)
         return None
Ejemplo n.º 14
0
	def dump_data(self):
		# we could return infos we have in this object itself.
		# but dont be too clever here. just dump
		# everything we have in LDAP.
		try:
			_lo = uldap.getMachineConnection()
			data = _lo.search('objectClass=univentionLicense')
			del _lo
			# just one license (should be always the case)
			# return the dictionary without the dn
			data = ldif.CreateLDIF(data[0][0], data[0][1])
			return data
		except Exception as e:
			# no udm, no ldap, malformed return value, whatever
			MODULE.error('getting License from LDAP failed: %s' % e)
			return None
def main():
    usage = "usage: %prog [options]"
    parser = optparse.OptionParser(usage=usage, description=__doc__)
    parser.add_option("-l",
                      "--ldif",
                      action="store_true",
                      help="Create LDIF file")
    parser.add_option("-s",
                      "--schema",
                      action="store_true",
                      help="Update LDAP schema [%s]" % SCHEMA)
    parser.add_option("-o",
                      "--outfile",
                      default=LDIF,
                      help="File to store gzip LDIF data [%default]")
    parser.add_option("-p",
                      "--pagesize",
                      type=int,
                      default=1000,
                      help="page size to use for LDAP paged search")
    parser.add_option("-v",
                      "--verbose",
                      action="count",
                      help="Increase verbosity")
    opts, args = parser.parse_args()

    logging.basicConfig(
        stream=sys.stderr,
        level=logging.DEBUG if opts.verbose else logging.WARNING)

    ucr = univention.config_registry.ConfigRegistry()
    ucr.load()
    base = ucr.get("ldap/base")
    if ucr.get("server/role", "") == "domaincontroller_backup":
        lo = uldap.getAdminConnection()
    else:
        lo = uldap.getMachineConnection(ldap_master=True)

    if opts.schema:
        update_schema(lo)

    if opts.ldif:
        create_ldif_from_master(lo, opts.outfile, base, opts.pagesize)
Ejemplo n.º 16
0
def _save_external_portal(dn=None):
	if dn is None:
		dn = 'cn=local,cn=portal,cn=univention,%s' % ucr.get('ldap/base')
	lo = uldap.getMachineConnection()
	try:
		dn, attrs = lo.search(base=dn)[0]
	except ldap.NO_SUCH_OBJECT:
		ud.debug(ud.LISTENER, ud.WARN, 'DN %s not found! Falling back to hard coded values' % dn)
		attrs = {
			'univentionPortalDisplayName': ['en_US Startsite for {hostname}', 'de_DE Startseite für {hostname}', 'fr_FR page d\'accueil pour {hostname}'],
			'univentionPortalShowMenu': ['TRUE'],
			'univentionPortalShowSearch': ['TRUE'],
			'univentionPortalShowLogin': ['FALSE'],
			'univentionPortalShowApps': ['TRUE'],
			'univentionPortalShowServers': ['TRUE'],
		}
	obj = _make_obj(attrs)
	_save(dn, obj)
	_write_css(attrs)
Ejemplo n.º 17
0
    def assert_member_server(self, access):
        """Mitglieder der lokalen Administratoren duerfen den DC-Slave und Memberserver
		joinen (benoetigt Passwortaenderung)
		"""
        base_dn = self.ucr.get('ldap/base')
        attrs = [
            'krb5KeyVersionNumber',
            'krb5KDCFlags',
            'krb5Key',
            'krb5PasswordEnd',
            'sambaAcctFlags',
            'sambaPwdLastSet',
            'sambaLMPassword',
            'sambaNTPassword',
            'shadowLastChange',
            'shadowMax',
            'userPassword',
            'pwhistory',
            'sambaPwdCanChange',
            'sambaPwdMustChange',
            'sambaPasswordHistory',
        ]
        singlemaster = self.ucr.is_true('ucsschool/singlemaster')
        lo = getMachineConnection()
        if not singlemaster:
            slave_found = lo.search(
                filter=
                "(|(univentionObjectType=computers/domaincontroller_slave)(univentionObjectType=computers/memberserver))",
                base=utu.UCSTestSchool().get_ou_base_dn(self.school))
            if slave_found:
                slave_dn = slave_found[0][0]
                self.assert_acl(slave_dn, access, attrs)

        attrs = ['sOARecord']
        zoneName = lo.search(base='cn=dns,%s' % base_dn,
                             scope='base+one',
                             attr=['uid'])
        for (target_dn, d) in zoneName:
            if 'zoneName' in target_dn:
                self.assert_acl(target_dn, access, attrs)
                break
Ejemplo n.º 18
0
 def __init__(self,
              school,
              connection=None,
              ulConnection=None,
              ucr=None,
              name=None,
              description=None,
              members=None):
     self.school = school
     self.name = name if name else uts.random_string()
     self.description = description if description else uts.random_string()
     self.members = members if members else []
     self.ucr = ucr if ucr else ucr_test.UCSTestConfigRegistry()
     self.ucr.load()
     if ulConnection:
         self.ulConnection = ulConnection
     else:
         self.ulConnection = uu.getMachineConnection(ldap_master=False)
     if connection:
         self.client = connection
     else:
         self.client = Client.get_test_connection()
def main():
    usage = "usage: %prog [options]"
    parser = optparse.OptionParser(usage=usage, description=__doc__)
    parser.add_option(
        "-f",
        "--filter",
        help=
        "resync objects from master found by this filter. Default: (uid=<hostname>$)"
    )
    parser.add_option("-r",
                      "--remove",
                      action="store_true",
                      help="remove objects in local database before resync")
    parser.add_option("-s",
                      "--simulate",
                      action="store_true",
                      help="dry run, do not remove or add")
    parser.add_option("-u",
                      "--update",
                      action="store_true",
                      help="update/modify existing objects")
    opts, args = parser.parse_args()

    ucr = univention.config_registry.ConfigRegistry()
    ucr.load()
    base = ucr.get("ldap/base")
    server_role = ucr.get("server/role", "")
    if server_role == 'domaincontroller_master':
        print('local ldap is master server, nothing todo')
        return
    if server_role not in [
            'domaincontroller_backup', 'domaincontroller_slave'
    ]:
        print(
            'server role ("{}") has no ldap, nothing todo'.format(server_role))
        return

    if not opts.filter:
        opts.filter = '(uid=%s$)' % ucr['hostname']

    # get local and master connection
    local = uldap.getRootDnConnection()
    if server_role == "domaincontroller_backup":
        master = uldap.getAdminConnection()
    else:
        master = uldap.getMachineConnection(ldap_master=True)

    # delete local
    if opts.remove:
        res = local.search(base=base, filter=opts.filter)
        if not res:
            print('object does not exist local')
        for dn, data in res:
            print("remove from local: %s" % (dn, ))
            if not opts.simulate:
                local.delete(dn)

    # resync from master
    res = master.search(base=base, filter=opts.filter)
    if not res:
        print('object does not exist on master')
    for dn, data in res:
        print("resync from master: %s" % (dn, ))
        try:
            local_res = local.search(base=dn)
        except ldap.NO_SUCH_OBJECT:
            local_res = None
        if local_res and opts.remove and opts.simulate:
            local_res = None
        if not local_res and not opts.update:
            print('  ==> adding object')
            if not opts.simulate:
                local.add(dn, ldap.modlist.addModlist(data))
        elif not local_res and opts.update:
            print('  ==> object does not exist, can not update')
        elif local_res and opts.update:
            modlist = []
            local_data = local_res[0][1]
            for key in set(data.keys()) | set(local_data.keys()):
                if set(local_data.get(key, [])).symmetric_difference(
                        set(data.get(key, []))):
                    modlist.append(
                        [key, local_data.get(key, []),
                         data.get(key, [])])
            if not modlist:
                print('  ==> no change')
            else:
                print('  ==> modifying object')
                if not opts.simulate:
                    local.modify(dn, modlist)
        elif local_res and not opts.update:
            print('  ==> object does exist, can not create')
Ejemplo n.º 20
0
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
# OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
# TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


from os import system
import univention.uldap as ul
from univention_openvpn_common import maxvpnusers


lo = ul.getMachineConnection()

maxu = 5
lobs = lo.search("(univentionOpenvpnLicense=*)")
for lob in lobs:
    key = lob[1].get("univentionOpenvpnLicense", [None])[0]
    mu = maxvpnusers(0, key)
    if mu > maxu:
        maxu = mu

vpnusers = lo.search("(univentionOpenvpnAccount=1)")
if len(vpnusers) > maxu:
    exit()

vpnservers = lo.search("(&(objectClass=univentionOpenvpn)(univentionOpenvpnActive=1))")
Ejemplo n.º 21
0
from univention.uldap import getMachineConnection

lo = getMachineConnection()
for dn, attr in lo.search("(cn=admin)", attr=["dn"]):
    print(dn)
for dn in lo.searchDn("(cn=admin)"):
    print(dn)
Ejemplo n.º 22
0
def handler(dn, new, old, cmd):
    ud.debug(ud.LISTENER, ud.INFO, '1 master handler')

    if cmd == 'n':
        return

    uid = new.get('uid', [None])[0]
    uid_old = old.get('uid', [None])[0]
    home = new.get('homeDirectory', ['/dev/null'])[0]
    home_old = old.get('homeDirectory', ['/dev/null'])[0]
    trigger = new.get('univentionOpenvpnAccount', '0')[0] == '1'
    trigger_old = old.get('univentionOpenvpnAccount', '0')[0] == '1'
    flags = new.get('sambaAcctFlags', [None])[0]
    flags_old = old.get('sambaAcctFlags', [None])[0]
    if flags and ('L' in flags or not 'U' in flags):
        locked = True
    else:
        locked = False

    if flags_old and ('L' in flags_old or not 'U' in flags_old):
        locked_old = True
    else:
        locked_old = False

    listener.setuid(0)
    lo = ul.getMachineConnection()
    servers = lo.search('(univentionOpenvpnActive=1)')

    if not univention_openvpn_common.check_user_count(1):
        listener.unsetuid()
        return			# do nothing

    if (trigger and not trigger_old and uid and home and not locked) or (locked_old and not locked and uid and home and trigger):
        ud.debug(ud.LISTENER, ud.INFO, '1 Create new certificate for %s in %s' % (uid, home))

        # create a bundle for each openvpn server
        for server in servers:
            name = server[1].get('cn', [None])[0]
            port = server[1].get('univentionOpenvpnPort', [None])[0]
            addr = server[1].get('univentionOpenvpnAddress', [None])[0]

            proto = 'udp6' if addr and addr.count(':') else 'udp'

            if not name or not port or not addr:
                continue
            try:
                listener.run('/usr/lib/openvpn-int/create-bundle', ['create-bundle', 'yes', uid, home, name, addr, port, proto], uid=0)
            finally:
                listener.unsetuid()


    if (trigger_old and not trigger and uid_old and home_old) or (cmd == 'd' and uid_old and home_old) or (not locked_old and locked and uid_old and home_old):
        ud.debug(ud.LISTENER, ud.INFO, '1 Revoke certificate for %s' % (uid_old))
        listener.setuid(0)
        try:
            listener.run('/usr/sbin/univention-certificate', ['univention-certificate', 'revoke', '-name', uid_old + '.openvpn'], uid=0)
        finally:
            listener.unsetuid()

        # remove bundle for each openvpn server
        for server in servers:
            name = server[1].get('cn', [None])[0]
            if not name:
                continue
            try:
                listener.run('/usr/lib/openvpn-int/remove-bundle', ['remove-bundle', uid_old, home_old, name], uid=0)
            finally:
                listener.unsetuid()

    listener.unsetuid()