def doit(options, lo): groups = lo.search('objectClass=univentionGroup', attr=['uniqueMember', 'cn', 'gidNumber']) if options.verbose: print('Found %d ldap groups' % len(groups)) if len(groups) < 1: print('Abort: Did not found any LDAP group.') sys.exit(1) # Write to a temporary file (fdtemp, fdname) = tempfile.mkstemp() fd = os.fdopen(fdtemp, 'w') for group in groups: rdn = ldap.explode_rdn(group[0]) groupname = string.join(string.split(rdn[0], '=')[1:], '=') members = _get_members(lo, group, [], options.check_member) # The list(set(members)) call removes all duplicates from the group members fd.write('%s:*:%s:%s\n' % (groupname, group[1].get( 'gidNumber', [''])[0], string.join(list(set(members)), ','))) fd.close() os.chmod(fdname, 0o644) # Move the file shutil.move(fdname, options.file) if options.verbose: print('The file %s was created.' % options.file) _run_hooks(options) sys.exit(0)
def test_connection(): '''Search a query that should never fail: RDN of connector/ad/ldap/base''' base = ucr.get('connector/ad/ldap/base') rdn = explode_rdn(base)[0] p1, stdout, stderr = adsearch(rdn) if stderr: MODULE.warn(stderr) if p1.returncode != 0: raise ADNotAvailable() return True
def get_samba_home_path_server(self): if configRegistry.get('ucsschool/import/set/sambahome'): print 'get_samba_home_path_server: UCR variable ucsschool/import/set/sambahome is set' return configRegistry.get('ucsschool/import/set/sambahome') if configRegistry.is_true('ucsschool/singlemaster', False): print 'get_samba_home_path_server: Singlemaster' return configRegistry.get('hostname') lo = univention.uldap.getMachineConnection() result = lo.search(base=self.school_base, scope=ldap.SCOPE_BASE, attr=['ucsschoolHomeShareFileServer']) if result: share_file_server_dn = result[0][1].get('ucsschoolHomeShareFileServer')[0] return ldap.explode_rdn(share_file_server_dn, notypes=1)[0] return None
def _get_members(lo, g, recursion_list, check_member=False): result = [] for m in g[1].get('uniqueMember', []): if m.startswith('uid='): # Does the member exist? if check_member: try: res = lo.search(base=m, scope=ldap.SCOPE_BASE, filter='uid=*', attr=['uid']) if len(res) < 1: # Not found continue except ldap.NO_SUCH_OBJECT: continue mrdn = ldap.explode_rdn(m) mname = string.join(string.split(mrdn[0], '=')[1:], '=') result.append(mname) elif m.startswith('cn='): try: members = lo.search( base=m, scope=ldap.SCOPE_BASE, filter='objectClass=*', attr=['uniqueMember', 'gidNumber', 'objectClass', 'cn']) except ldap.NO_SUCH_OBJECT: # Member not found continue if len(members) == 1: member = members[0] elif len(members) > 1: # Not possible continue else: # Member not found continue if 'univentionGroup' in member[1].get('objectClass', []): if member[0] not in recursion_list: recursion_list.append(g[0]) result += _get_members(lo, member, recursion_list, check_member) else: # Recursion !!! pass else: result.append(member[1].get('cn')[0] + '$') return result
def rdn_dict(dn, charset='utf-8'): rdn, rest = SplitRDN(dn) if not rdn: return {} if type(rdn) == UnicodeType: rdn = rdn.encode(charset) result = {} for i in ldap.explode_rdn(rdn.strip()): attr_type, attr_value = explode_rdn_attr(i) # attr_value = unicode(attr_value,charset) if result.has_key(attr_type): result[attr_type].append(attr_value) else: result[attr_type] = [attr_value] return result
def update(self, **kwargs): for key in kwargs: if key == 'dn': self.username = ldap.explode_rdn(kwargs[key], notypes=1)[0] self.dn = kwargs[key] if key == 'username': self.username = kwargs[key] self.dn = self.make_dn() elif key == 'school': self._set_school(kwargs[key]) elif key == 'schools': if not self.school and 'school' not in kwargs: self._set_school(sorted(kwargs[key])[0]) self.schools = kwargs[key] elif hasattr(self, key): setattr(self, key, kwargs[key]) else: print 'ERROR: cannot update Person(): unknown option %r=%r' % (key, kwargs[key])
def _get_members(lo, g, recursion_list, check_member = False): result = [] for m in g[1].get('uniqueMember', []): if m.startswith('uid='): # Does the member exist? if check_member: try: res = lo.search(base=m, scope=ldap.SCOPE_BASE, filter='uid=*', attr=['uid']) if len(res) < 1: # Not found continue except ldap.NO_SUCH_OBJECT: continue mrdn = ldap.explode_rdn(m) mname = string.join( string.split(mrdn[0],'=')[1:], '=') result.append(mname) elif m.startswith('cn='): try: members = lo.search(base=m, scope=ldap.SCOPE_BASE, filter='objectClass=*', attr=['uniqueMember', 'gidNumber', 'objectClass', 'cn']) except ldap.NO_SUCH_OBJECT: # Member not found continue if len(members) == 1: member = members[0] elif len(members) > 1: # Not possible continue else: # Member not found continue if 'univentionGroup' in member[1].get('objectClass', []): if member[0] not in recursion_list: recursion_list.append(g[0]) result += _get_members(lo, member, recursion_list, options.check_member) else: # Recursion !!! pass else: result.append(member[1].get('cn')[0]+'$') return result
def activate(): """ this function define if the module "base" can be activated. @return: return True if this module can be activate @rtype: boolean """ config = SambaConfig("samba") if config.disabled: logger.info("samba plugin disabled by configuration.") return False if config.defaultSharesPath: if config.defaultSharesPath.endswith("/"): logger.error("Trailing / is not allowed in defaultSharesPath") return False if not os.path.exists(config.defaultSharesPath): logger.error("The default shares path '%s' does not exist" % config.defaultSharesPath) return False for cpath in config.authorizedSharePaths: if cpath.endswith("/"): logger.error("Trailing / is not allowed in authorizedSharePaths") return False if not os.path.exists(cpath): logger.error("The authorized share path '%s' does not exist" % cpath) return False # Verify if samba conf file exist conf = config.samba_conf_file if not os.path.exists(conf): logger.error(conf + " does not exist") return False # validate smb.conf smbconf = SambaConf() if not smbconf.validate(conf): logger.error("SAMBA configuration file is not valid") return False # For each share, test if it sharePath exists for share in getDetailedShares(): shareName = share[0] infos = shareInfo(shareName) if infos: sharePath = infos['sharePath'] if sharePath and not '%' in sharePath and not os.path.exists( sharePath): # only show error logger.error("The samba share path '%s' does not exist." % sharePath) else: return False try: ldapObj = ldapUserGroupControl() except ldap.INVALID_CREDENTIALS: logger.error("Can't bind to LDAP: invalid credentials.") return False # Test if the Samba LDAP schema is available in the directory try: schema = ldapObj.getSchema("sambaSamAccount") if len(schema) <= 0: logger.error("Samba schema is not included in LDAP directory") return False except: logger.exception("invalid schema") return False # Verify if init script exist init = config.samba_init_script if not os.path.exists(init): logger.error(init + " does not exist") return False # If SAMBA is defined as a PDC, make extra checks if smbconf.isPdc(): samba = SambaLDAP() # Create SAMBA computers account OU if it doesn't exist head, path = samba.baseComputersDN.split(",", 1) ouName = head.split("=")[1] samba.addOu(ouName, path) # Check that a sambaDomainName entry is in LDAP directory domainInfos = samba.getDomain() # Set domain policy samba.setDomainPolicy() if not domainInfos: logger.error( "Can't find sambaDomainName entry in LDAP for domain %s. Please check your SAMBA LDAP configuration." % smbconf.getContent("global", "workgroup")) return False smbconfbasesuffix = smbconf.getContent("global", "ldap suffix") if not smbconfbasesuffix: logger.error("SAMBA 'ldap suffix' option is not setted.") return False if ldap.explode_dn(samba.baseDN) != ldap.explode_dn(smbconfbasesuffix): logger.error( "SAMBA 'ldap suffix' option is not equal to MMC 'baseDN' option." ) return False # Check that SAMBA and MMC given OU are in sync for option in [ ("ldap user suffix", "baseUsersDN", samba.baseUsersDN), ("ldap group suffix", "baseGroupsDN", samba.baseGroupsDN), ("ldap machine suffix", "baseComputersDN", samba.baseComputersDN) ]: smbconfsuffix = smbconf.getContent("global", option[0]) if not smbconfsuffix: logger.error("SAMBA '" + option[0] + "' option is not setted") return False # Do a case insensitive comparison of the corresponding MMC / SAMBA options if ldap.explode_rdn(smbconfsuffix)[0].lower() != ldap.explode_rdn( option[2])[0].lower(): logger.error("SAMBA option '" + option[0] + "' is not equal to MMC '" + option[1] + "' option.") return False # Check that "ldap delete dn" SAMBA option is set to "No" smbconfdeletedn = smbconf.isValueTrue( smbconf.getContent("global", "ldap delete dn")) if smbconfdeletedn == 1: logger.error("SAMBA option 'ldap delete dn' must be disabled.") return False # Check that Domain Computers group exists # We need it to put a machine account in the right group when joigning it to the domain if not samba.getDomainComputersGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Computers' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Admins group exists if not samba.getDomainAdminsGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Admins' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Guests group exists if not samba.getDomainGuestsGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Guests' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Users group exists if not samba.getDomainUsersGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Users' group. Please check your SAMBA LDAP configuration." ) return False # Check that add machine script option is set, and that the given script exist addMachineScript = smbconf.getContent("global", "add machine script") if not addMachineScript: logger.error("SAMBA 'add machine script' option is not set.") return False else: script = addMachineScript.split(" ")[0] if not os.path.exists(script): logger.error( "SAMBA 'add machine script' option is set to a non existing file: " + script) return False # Issue a warning if NSCD is running if os.path.exists("/var/run/nscd.pid") or os.path.exists( "/var/run/.nscd_socket") or os.path.exists("/var/run/nscd"): logger.warning( "Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server." ) # Check that os level is set to 255 oslevel = smbconf.getContent("global", "os level") if int(oslevel) < 255: logger.debug("Set SAMBA os level to 255.") smbconf.setContent("global", "os level", "255") smbconf.save() reloadSamba() try: from mmc.plugins.dashboard.manager import DashboardManager from mmc.plugins.samba.panel import SambaPanel DM = DashboardManager() DM.register_panel(SambaPanel("samba")) except ImportError: pass return True
def activate(): """ this function define if the module "base" can be activated. @return: return True if this module can be activate @rtype: boolean """ config = SambaConfig("samba") if config.disabled: logger.info("samba plugin disabled by configuration.") return False if config.defaultSharesPath: if config.defaultSharesPath.endswith("/"): logger.error("Trailing / is not allowed in defaultSharesPath") return False if not os.path.exists(config.defaultSharesPath): logger.error("The default shares path '%s' does not exist" % config.defaultSharesPath) return False for cpath in config.authorizedSharePaths: if cpath.endswith("/"): logger.error("Trailing / is not allowed in authorizedSharePaths") return False if not os.path.exists(cpath): logger.error("The authorized share path '%s' does not exist" % cpath) return False # Verify if samba conf file exist conf = config.samba_conf_file if not os.path.exists(conf): logger.error(conf + " does not exist") return False # validate smb.conf smbconf = SambaConf() if not smbconf.validate(conf): logger.error("SAMBA configuration file is not valid") return False # For each share, test if it sharePath exists for share in getDetailedShares(): shareName = share[0] infos = shareInfo(shareName) if infos: sharePath = infos["sharePath"] if sharePath and not "%" in sharePath and not os.path.exists(sharePath): # only show error logger.error("The samba share path '%s' does not exist." % sharePath) else: return False try: ldapObj = ldapUserGroupControl() except ldap.INVALID_CREDENTIALS: logger.error("Can't bind to LDAP: invalid credentials.") return False # Test if the Samba LDAP schema is available in the directory try: schema = ldapObj.getSchema("sambaSamAccount") if len(schema) <= 0: logger.error("Samba schema is not included in LDAP directory") return False except: logger.exception("invalid schema") return False # Verify if init script exist init = config.samba_init_script if not os.path.exists(init): logger.error(init + " does not exist") return False # If SAMBA is defined as a PDC, make extra checks if smbconf.isPdc(): samba = SambaLDAP() # Create SAMBA computers account OU if it doesn't exist head, path = samba.baseComputersDN.split(",", 1) ouName = head.split("=")[1] samba.addOu(ouName, path) # Check that a sambaDomainName entry is in LDAP directory domainInfos = samba.getDomain() # Set domain policy samba.setDomainPolicy() if not domainInfos: logger.error( "Can't find sambaDomainName entry in LDAP for domain %s. Please check your SAMBA LDAP configuration." % smbconf.getContent("global", "workgroup") ) return False smbconfbasesuffix = smbconf.getContent("global", "ldap suffix") if not smbconfbasesuffix: logger.error("SAMBA 'ldap suffix' option is not setted.") return False if ldap.explode_dn(samba.baseDN) != ldap.explode_dn(smbconfbasesuffix): logger.error("SAMBA 'ldap suffix' option is not equal to MMC 'baseDN' option.") return False # Check that SAMBA and MMC given OU are in sync for option in [ ("ldap user suffix", "baseUsersDN", samba.baseUsersDN), ("ldap group suffix", "baseGroupsDN", samba.baseGroupsDN), ("ldap machine suffix", "baseComputersDN", samba.baseComputersDN), ]: smbconfsuffix = smbconf.getContent("global", option[0]) if not smbconfsuffix: logger.error("SAMBA '" + option[0] + "' option is not setted") return False # Do a case insensitive comparison of the corresponding MMC / SAMBA options if ldap.explode_rdn(smbconfsuffix)[0].lower() != ldap.explode_rdn(option[2])[0].lower(): logger.error("SAMBA option '" + option[0] + "' is not equal to MMC '" + option[1] + "' option.") return False # Check that "ldap delete dn" SAMBA option is set to "No" smbconfdeletedn = smbconf.isValueTrue(smbconf.getContent("global", "ldap delete dn")) if smbconfdeletedn == 1: logger.error("SAMBA option 'ldap delete dn' must be disabled.") return False # Check that Domain Computers group exists # We need it to put a machine account in the right group when joigning it to the domain if not samba.getDomainComputersGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Computers' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Admins group exists if not samba.getDomainAdminsGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Admins' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Guests group exists if not samba.getDomainGuestsGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Guests' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Users group exists if not samba.getDomainUsersGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Users' group. Please check your SAMBA LDAP configuration." ) return False # Check that add machine script option is set, and that the given script exist addMachineScript = smbconf.getContent("global", "add machine script") if not addMachineScript: logger.error("SAMBA 'add machine script' option is not set.") return False else: script = addMachineScript.split(" ")[0] if not os.path.exists(script): logger.error("SAMBA 'add machine script' option is set to a non existing file: " + script) return False # Issue a warning if NSCD is running if ( os.path.exists("/var/run/nscd.pid") or os.path.exists("/var/run/.nscd_socket") or os.path.exists("/var/run/nscd") ): logger.warning("Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server.") # Check that os level is set to 255 oslevel = smbconf.getContent("global", "os level") if int(oslevel) < 255: logger.debug("Set SAMBA os level to 255.") smbconf.setContent("global", "os level", "255") smbconf.save() reloadSamba() try: from mmc.plugins.dashboard.manager import DashboardManager from mmc.plugins.samba.panel import SambaPanel DM = DashboardManager() DM.register_panel(SambaPanel("samba")) except ImportError: pass return True
result = [] groups = lo.search('objectClass=univentionGroup', attr=['uniqueMember', 'cn', 'gidNumber']) if options.verbose: print 'Found %d ldap groups' % len(groups) if len(groups) < 1: print 'Abort: Did not found any LDAP group.' sys.exit(1) # Write to a temporary file (fdtemp, fdname) = tempfile.mkstemp() fd = os.fdopen(fdtemp, 'w') for group in groups: rdn = ldap.explode_rdn(group[0]) groupname = string.join(string.split(rdn[0], '=')[1:], '=') members = _get_members(lo, group, [], options.check_member) # The list(set(members)) call removes all duplicates from the group members fd.write('%s:*:%s:%s\n' % (groupname, group[1].get( 'gidNumber', [''])[0], string.join(list(set(members)), ','))) fd.close() os.chmod(fdname, 0o644) # Move the file shutil.move(fdname, options.file) if options.verbose: print 'The file %s was created.' % options.file _run_hooks(options)
result = [] groups = lo.search('objectClass=univentionGroup', attr=['uniqueMember', 'cn', 'gidNumber']) if options.verbose: print 'Found %d ldap groups' % len(groups) if len(groups) < 1: print 'Abort: Did not found any LDAP group.' sys.exit(1) # Write to a temporary file (fdtemp, fdname) = tempfile.mkstemp() fd = os.fdopen(fdtemp, 'w') for group in groups: rdn = ldap.explode_rdn(group[0]) groupname = string.join( string.split(rdn[0],'=')[1:], '=') members=_get_members(lo, group, [], options.check_member) # The list(set(members)) call removes all duplicates from the group members fd.write('%s:*:%s:%s\n' % (groupname, group[1].get('gidNumber', [''])[0], string.join(list(set(members)), ','))) fd.close() os.chmod(fdname, 0644) # Move the file shutil.move(fdname, options.file) if options.verbose: print 'The file %s was created.' % options.file sys.exit(0)
try: timeout = int(optdict.get('-t')) except ValueError, e: print "Invalid value for timeout. Should be integer (-1 for unlimited, the default)", e else: print "Missing arguments" return try: outdict = {} # Data to be added # Get data from input DN # TODO: encoding dn_comps = ldap.explode_dn(dn) # There may be more than one component to the RDN rdn_comps = ldap.explode_rdn(dn_comps[0]) for comp in rdn_comps: parts = comp.split('=') outdict[parts[0]] = [parts[1]] outdict['objectClass'] = ocs try: # Get attributes for each object class specified must, may = self.schema.get_oc_info(ocs) # Add a * to the front of mandatory attributes # This identifies them and makes them sort at the front for attr in must: if outdict.has_key(attr): values = outdict[attr][:] del outdict[attr]