def ntsd_to_ucs(s4connector, key, s4_object):
ud.debug(ud.LDAP, ud.INFO, "ntsd_to_ucs S4 object: %s" % s4_object)
ud.debug(ud.LDAP, ud.INFO, "ntsd_to_ucs S4 key: %s" % key)
# modlist
ml = []
# search Samba DS expicitly for hidden attribute
# object dn is already mapped to the UCS DN:
s4_dn = s4_object.get('dn')
if not s4_dn:
return # ignore
try:
s4_attributes = s4connector.lo_s4.get(s4_dn,
attr=['nTSecurityDescriptor'],
required=True)
except ldap.NO_SUCH_OBJECT:
ud.debug(ud.LDAP, ud.WARN,
'ntsd_to_ucs: S4 object (%s) not found' % s4_dn)
return
ntsd_ndr = s4_attributes.get('nTSecurityDescriptor')
if not ntsd_ndr:
ud.debug(ud.LDAP, ud.INFO,
'ntsd_to_ucs: nTSecurityDescriptor not found in attributes!')
return
# search in UCS/OpenLDAP DS to determine modify/add
ucs_dn = s4_dn
try:
ucs_attributes = s4connector.lo.get(ucs_dn,
attr=['msNTSecurityDescriptor'])
except ldap.NO_SUCH_OBJECT:
ud.debug(ud.LDAP, ud.WARN,
'sid_to_ucs: UCS object (%s) not found' % ucs_dn)
return
domain_sid = security.dom_sid(s4connector.s4_sid)
s4_ntsd_sddl = decode_sd_in_ndr_to_sddl(domain_sid,
ntsd_ndr[0]).encode('ASCII')
ucs_ntsd_sddl = ucs_attributes.get('msNTSecurityDescriptor', [None])[0]
if not ucs_ntsd_sddl or ucs_ntsd_sddl != s4_ntsd_sddl:
ml.append(('msNTSecurityDescriptor', ucs_ntsd_sddl, s4_ntsd_sddl))
if ml:
ud.debug(ud.LDAP, ud.INFO, 'ntsd_to_ucs: modlist = %s' % ml)
serverctrls = [PostReadControl(True, ['entryUUID', 'entryCSN'])]
response = {}
s4connector.lo.lo.modify(ucs_dn,
ml,
serverctrls=serverctrls,
response=response)
for c in response.get('ctrls',
[]): # If the modify actually did something
if c.controlType == PostReadControl.controlType:
entryUUID = c.entry['entryUUID'][0]
entryCSN = c.entry['entryCSN'][0]
s4connector._remember_entryCSN_commited_by_connector(
entryUUID, entryCSN)
def addIndex(self,
suffix,
be_name,
attr,
indexTypes,
matchingRules,
postReadCtrl=None):
"""Specify the suffix (should contain 1 local database backend),
the name of the attribute to index, and the types of indexes
to create e.g. "pres", "eq", "sub"
"""
msg_id = None
if be_name:
dn = (
'cn=%s,cn=index,cn=%s,cn=ldbm database,cn=plugins,cn=config' %
(attr, be_name))
else:
entries_backend = self.conn.backend.list(suffix=suffix)
# assume 1 local backend
dn = "cn=%s,cn=index,%s" % (attr, entries_backend[0].dn)
if postReadCtrl:
add_record = [('nsSystemIndex', ['false']), ('cn', [attr]),
('objectclass', ['top', 'nsindex']),
('nsIndexType', indexTypes)]
if matchingRules:
add_record.append(('nsMatchingRule', matchingRules))
else:
entry = Entry(dn)
entry.setValues('objectclass', 'top', 'nsIndex')
entry.setValues('cn', attr)
entry.setValues('nsSystemIndex', "false")
entry.setValues('nsIndexType', indexTypes)
if matchingRules:
entry.setValues('nsMatchingRule', matchingRules)
if MAJOR >= 3 or (MAJOR == 2 and MINOR >= 7):
try:
if postReadCtrl:
pr = PostReadControl(criticality=True, attrList=['*'])
msg_id = self.conn.add_ext(dn,
add_record,
serverctrls=[pr])
else:
self.conn.add_s(entry)
except ldap.LDAPError as e:
raise e
return msg_id
def test_ticket47920_mod_readentry_ctrl(topology_st):
_header(topology_st, 'MOD: with a readentry control')
topology_st.standalone.log.info("Check the initial value of the entry")
ent = topology_st.standalone.getEntry(ACTIVE_USER_DN, ldap.SCOPE_BASE, "(objectclass=*)", ['description'])
assert ent.hasAttr('description')
assert ensure_str(ent.getValue('description')) == INITIAL_DESC
pr = PostReadControl(criticality=True, attrList=['cn', 'description'])
_, _, _, resp_ctrls = topology_st.standalone.modify_ext_s(ACTIVE_USER_DN,
[(ldap.MOD_REPLACE, 'description', [ensure_bytes(FINAL_DESC)])],
serverctrls=[pr])
assert resp_ctrls[0].dn == ACTIVE_USER_DN
assert 'description' in resp_ctrls[0].entry
assert 'cn' in resp_ctrls[0].entry
print(resp_ctrls[0].entry['description'])
ent = topology_st.standalone.getEntry(ACTIVE_USER_DN, ldap.SCOPE_BASE, "(objectclass=*)", ['description'])
assert ent.hasAttr('description')
assert ensure_str(ent.getValue('description')) == FINAL_DESC
# Add new entry
#---------------------------------------------------------------------------
""")
new_test_dn = "uid=ablume,ou=Users,ou=schulung,dc=stroeder,dc=local"
new_test_dn2 = "uid=ablume2,ou=Users,ou=schulung,dc=stroeder,dc=local"
new_test_entry = {
'objectClass': ['account', 'posixAccount'],
'uid': ['ablume'],
'cn': ['Anna Blume'],
'uidNumber': ['10000'],
'gidNumber': ['10000'],
'homeDirectory': ['/home/ablume'],
}
pr = PostReadControl(criticality=True, attrList=['entryUUID', 'entryCSN'])
msg_id = l.add_ext(new_test_dn,
ldap.modlist.addModlist(new_test_entry),
serverctrls=[pr])
_, _, _, resp_ctrls = l.result3(msg_id)
print("resp_ctrls[0].dn:", resp_ctrls[0].dn)
print("resp_ctrls[0].entry:", pprint.pformat(resp_ctrls[0].entry))
print(
"""#---------------------------------------------------------------------------
# Modify entry
#---------------------------------------------------------------------------
""")
pr = PreReadControl(criticality=True,