def get_registration_info(ucr):
class local:
dns = []
def _get_registration_info(attributes=None, container_without_base=None):
if container_without_base:
container_dn = '%s,%s' % (container_without_base, ucr.get('ldap/base'),)
ucr.handler_set(['umc/self-service/account-registration/usercontainer=%s' % (container_dn,)])
ucr.load()
container_dn = ucr.get('umc/self-service/account-registration/usercontainer')
username = uts.random_name()
_attributes = {
'username': username,
'lastname': username,
'password': '******',
'PasswordRecoveryEmail': 'root@localhost'
}
if attributes:
_attributes.update(attributes)
dn = "uid=%s,%s" % (_attributes['username'], container_dn)
local.dns.append(dn)
return {
'dn': dn,
'attributes': _attributes,
'data': {
'attributes': _attributes
}
}
yield _get_registration_info
lo, po = getAdminConnection()
for dn in local.dns:
try:
lo.delete(dn)
except noObject:
pass
def open_ldap_connection(self, binddn=None, bindpw=None, ldap_server=None, admin=False, machine=False):
'''Opens a new LDAP connection using the given user LDAP DN and
password. The connection is established to the given server or
(if None is given) to the server defined by the UCR variable
ldap/server/name is used.
If admin is set to True, a connection is setup by getAdminConnection().
If machine is set to True, a connection to the master is setup by getMachoneConnection().
'''
assert not (admin and machine)
account = utils.UCSTestDomainAdminCredentials()
if not ldap_server:
ldap_server = self._ucr.get('ldap/master')
port = int(self._ucr.get('ldap/server/port', 7389))
try:
if admin:
lo = udm_uldap.getAdminConnection()[0]
elif machine:
lo = udm_uldap.getMachineConnection(ldap_master=True)[0]
else:
lo = udm_uldap.access(host=ldap_server, port=port, base=self._ucr.get('ldap/base'), binddn=account.binddn, bindpw=account.bindpw, start_tls=2)
except udm_errors.noObject:
raise
except LDAPError as exc:
raise SchoolLDAPError('Opening LDAP connection failed: %s' % (exc,))
return lo
def getReadonlyAdminConnection() -> Tuple[access, position]:
def do_nothing(*a: Any, **kw: Any) -> NoReturn:
raise AssertionError('readonly connection')
lo, position = getAdminConnection()
lo.add = lo.modify = lo.rename = lo.delete = do_nothing
return lo, position
def get_admin_connection():
global _admin_connection, _admin_position
if not _admin_connection or not _admin_position:
try:
_admin_connection, _admin_position = uldap.getAdminConnection()
except IOError:
raise UcsSchoolImportFatalError(
"This script must be executed on a DC Master.")
return _admin_connection, _admin_position
def migrate_objects(_umc_instance):
lo, pos = getAdminConnection()
objs = udm_objects_without_ServerRole(lo)
for server_role in sorted(objs):
if not server_role:
continue
for dn in objs[server_role]:
changes = [('univentionServerRole', None, server_role)]
lo.modify(dn, changes)
raise ProblemFixed(buttons=[])
def migrate_objects(_umc_instance):
lo, pos = getAdminConnection()
objects = udm_objects_without_type(lo)
for dn, modules, object_classes in objects:
new_object_classes = object_classes[:]
if 'univentionObject' not in object_classes:
new_object_classes.append('univentionObject')
changes = [('objectClass', object_classes, new_object_classes), ('univentionObjectType', [], [module.module for module in modules])]
lo.modify(dn, changes)
raise ProblemFixed(buttons=[])
def cleanup(self):
lo, po = getAdminConnection()
self.log.info("Removing new unique-usernames,cn=ucsschool entries...")
for username in self.unique_basenames_to_remove:
dn = "cn={},cn=unique-usernames,cn=ucsschool,cn=univention,{}".format(escape_dn_chars(username), lo.base)
self.log.debug("Removing %r", dn)
try:
lo.delete(dn)
except noObject:
pass
except ldapError as exc:
self.log.error("DN %r -> %s", dn, exc)
super(UniqueObjectTester, self).cleanup()
def remove_object(udm_module_name, object_dn): listener.setuid(0) try: try: ldap_connection, ldap_position = udm_uldap.getAdminConnection() udm_modules.update() udm_module = udm_modules.get(udm_module_name) udm_modules.init(ldap_connection, ldap_position, udm_module) except udm_errors.ldapError as exc: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error accessing UDM: %s' % (name, exc)) raise exc try: udm_object = udm_module.object(None, ldap_connection, ldap_position, object_dn) udm_object.remove() except (udm_errors.ldapError, udm_errors.noObject) as exc: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error deleting %s: %s.' % (name, object_dn, exc)) raise exc finally: listener.unsetuid()
def run(_umc_instance):
if ucr.get('server/role') != 'domaincontroller_master':
return
lo, pos = getAdminConnection()
objects = udm_objects_without_type(lo)
if len(objects):
counted_objects = {}
details = '\n\n' + _('These objects were found:')
for dn, modules, object_classes in objects:
for module in modules:
counted_objects.setdefault(module.short_description, 0)
counted_objects[module.short_description] += 1
for module_name in sorted(counted_objects.iterkeys()):
num_objs = counted_objects[module_name]
details += '\n· ' + _('%d objects should be "%s"') % (num_objs, module_name)
raise Warning(description + details, buttons=[{
'action': 'migrate_objects',
'label': _('Migrate %d LDAP objects') % len(objects),
}])
def mark_active(self): if self._todo_list: try: lo, ldap_position = udm_uldap.getAdminConnection() udm_modules.update() udm_module = udm_modules.get(self.udm_module_name) udm_modules.init(lo, ldap_position, udm_module) for object_dn in self._todo_list: try: udm_object = udm_module.object(None, lo, ldap_position, object_dn) udm_object.open() udm_object['active'] = True udm_object.modify() except udm_errors.noObject as e: ud.debug(ud.LISTENER, ud.ERROR, 'Error modifying %s: object not found.' % (object_dn,)) except udm_errors.ldapError as e: ud.debug(ud.LISTENER, ud.ERROR, 'Error modifying %s: %s.' % (object_dn, e)) raise self._todo_list = [] except udm_errors.ldapError as e: ud.debug(ud.LISTENER, ud.ERROR, 'Error accessing UDM: %s' % (e,))
def run(_umc_instance):
if ucr.get('server/role') != 'domaincontroller_master':
return
lo, pos = getAdminConnection()
objs = udm_objects_without_ServerRole(lo)
details = '\n\n' + _('These objects were found:')
total_objs = 0
fixable_objs = 0
for server_role in sorted(objs):
num_objs = len(objs[server_role])
if num_objs:
total_objs += num_objs
if server_role:
fixable_objs += num_objs
details += '\n· ' + _(
'Number of objects that should be marked as "%s": %d') % (
server_role,
num_objs,
)
else:
details += '\n· ' + _(
'Number of unspecific Windows computer objects with inconsistent univentionObjectType: %d (Can\'t fix this automatically)'
) % (num_objs, )
if total_objs:
if fixable_objs:
raise Warning(description + details,
buttons=[{
'action':
'migrate_objects',
'label':
_('Migrate %d LDAP objects') % fixable_objs,
}])
else:
raise Warning(description + details, buttons=[])
def handler(dn, new, old):
"""Handle UDM extension modules"""
if new:
ocs = new.get('objectClass', [])
univentionUCSVersionStart = new.get('univentionUCSVersionStart',
[b''])[0].decode('UTF-8')
univentionUCSVersionEnd = new.get('univentionUCSVersionEnd',
[b''])[0].decode('UTF-8')
elif old:
ocs = old.get('objectClass', [])
if b'univentionUDMModule' in ocs:
objectclass = 'univentionUDMModule'
udm_module_name = 'settings/udm_module'
target_subdir = 'univention/admin/handlers'
elif b'univentionUDMHook' in ocs:
objectclass = 'univentionUDMHook'
udm_module_name = 'settings/udm_hook'
target_subdir = 'univention/admin/hooks.d'
elif b'univentionUDMSyntax' in ocs:
objectclass = 'univentionUDMSyntax'
udm_module_name = 'settings/udm_syntax'
target_subdir = 'univention/admin/syntax.d'
else:
ud.debug(
ud.LISTENER, ud.ERROR,
'%s: Undetermined error: unknown objectclass: %s.' % (name, ocs))
# Bug #51622 for UCS 5.0 update:
if new and not old:
if listener.configRegistry.get(
'server/role') == 'domaincontroller_master':
# Remove objects that don't signal Python3 support
cmp_start_vs_50 = apt.apt_pkg.version_compare(
univentionUCSVersionStart,
"5.0") # -1 if univentionUCSVersionStart is unset
# cmp_end_vs_499 = apt.apt_pkg.version_compare(univentionUCSVersionEnd, "4.99")
# Keep object if cmp_start_vs_50 >= 0 [i.e. Py3] or (cmp_start_vs_50 < and univentionUCSVersionEnd) [or cmp_end_vs_499 == 0]
# Otherwise remove it:
if cmp_start_vs_50 < 0 and not univentionUCSVersionEnd:
ud.debug(
ud.LISTENER, ud.WARN,
'%s: Removing incompatible extension %s (univentionUCSVersionStart=%r and univentionUCSVersionEnd not set).'
% (name, new['cn'][0].decode('UTF-8'),
univentionUCSVersionStart))
remove_object(udm_module_name, dn)
return
if new:
current_UCS_version = "%s-%s" % (
listener.configRegistry.get('version/version'),
listener.configRegistry.get('version/patchlevel'))
if univentionUCSVersionStart and UCS_Version(
current_UCS_version) < UCS_Version(univentionUCSVersionStart):
ud.debug(
ud.LISTENER, ud.INFO,
'%s: extension %s requires at least UCS version %s.' %
(name, new['cn'][0].decode('UTF-8'),
univentionUCSVersionStart))
# Trigger remove on this system
old = old or new
new = None
elif univentionUCSVersionEnd and UCS_Version(
current_UCS_version) > UCS_Version(univentionUCSVersionEnd):
ud.debug(
ud.LISTENER, ud.INFO,
'%s: extension %s specifies compatibility only up to and including UCR version %s.'
%
(name, new['cn'][0].decode('UTF-8'), univentionUCSVersionEnd))
# Trigger remove on this system
old = old or new
new = None
old_relative_filename = None
if old:
old_relative_filename = old['%sFilename' %
objectclass][0].decode('UTF-8')
if new:
new_version = new.get('univentionOwnedByPackageVersion',
[b''])[0].decode('UTF-8')
if not new_version:
return
new_pkgname = new.get('univentionOwnedByPackage', [None])[0]
if not new_pkgname:
return
if old: # check for trivial changes
diff_keys = [
key for key in new.keys()
if new.get(key) != old.get(key) and key not in (
'entryCSN', 'modifyTimestamp', 'modifiersName')
]
if diff_keys == ['%sActive' % objectclass] and new.get(
'%sActive' % objectclass)[0] == b'TRUE':
ud.debug(
ud.LISTENER, ud.INFO,
'%s: %s: activation status changed.' %
(name, new['cn'][0]))
return
elif diff_keys == ['univentionAppIdentifier']:
ud.debug(
ud.LISTENER, ud.INFO, '%s: %s: App identifier changed.' %
(name, new['cn'][0].decode('UTF-8')))
return
if new_pkgname == old.get('univentionOwnedByPackage', [None])[0]:
old_version = old.get('univentionOwnedByPackageVersion',
[b'0'])[0].decode('UTF-8')
rc = apt.apt_pkg.version_compare(new_version, old_version)
if not rc > -1:
ud.debug(
ud.LISTENER, ud.WARN,
'%s: New version is lower than version of old object (%s), skipping update.'
% (name, old_version))
return
# ok, basic checks passed, handle the data
try:
new_object_data = bz2.decompress(
new.get('%sData' % objectclass)[0])
except TypeError:
ud.debug(ud.LISTENER, ud.ERROR,
'%s: Error uncompressing data of object %s.' % (name, dn))
return
new_relative_filename = new['%sFilename' %
objectclass][0].decode('UTF-8')
listener.setuid(0)
try:
if old_relative_filename and old_relative_filename != new_relative_filename:
remove_python_file(objectclass, target_subdir,
old_relative_filename)
if not install_python_file(objectclass, target_subdir,
new_relative_filename, new_object_data):
return
install_messagecatalog(dn, new, objectclass)
install_umcmessagecatalogs(new, old)
if objectclass == 'univentionUDMModule':
install_umcregistration(dn, new)
install_umcicons(dn, new)
finally:
listener.unsetuid()
elif old:
# ok, basic checks passed, handle the change
listener.setuid(0)
try:
remove_python_file(objectclass, target_subdir,
old_relative_filename)
remove_messagecatalog(dn, old, objectclass)
remove_umcmessagecatalogs(old)
if objectclass == 'univentionUDMModule':
remove_umcicons(dn, old)
remove_umcregistration(dn, old)
finally:
listener.unsetuid()
# TODO: Kill running univention-cli-server?
# Mark new extension object active
listener.setuid(0)
try:
if new:
if not listener.configRegistry.get(
'server/role') == 'domaincontroller_master':
# Only set active flag on Primary
return
try:
lo, ldap_position = udm_uldap.getAdminConnection()
udm_modules.update()
udm_module = udm_modules.get(udm_module_name)
udm_modules.init(lo, ldap_position, udm_module)
try:
udm_object = udm_module.object(None, lo, ldap_position, dn)
udm_object.open()
udm_object['active'] = True
udm_object.modify()
except udm_errors.ldapError as exc:
ud.debug(ud.LISTENER, ud.ERROR,
'%s: Error modifying %s: %s.' % (name, dn, exc))
except udm_errors.noObject as exc:
ud.debug(ud.LISTENER, ud.ERROR,
'%s: Error modifying %s: %s.' % (name, dn, exc))
except udm_errors.ldapError as exc:
ud.debug(ud.LISTENER, ud.ERROR,
'%s: Error accessing UDM: %s' % (name, exc))
finally:
listener.unsetuid()
def handler(dn, new, old):
"""Handle UDM extension modules"""
if new:
ocs = new.get('objectClass', [])
univentionUCSVersionStart = new.get('univentionUCSVersionStart', [None])[0]
univentionUCSVersionEnd = new.get('univentionUCSVersionEnd', [None])[0]
current_UCS_version = "%s-%s" % (listener.configRegistry.get('version/version'), listener.configRegistry.get('version/patchlevel'))
if univentionUCSVersionStart and UCS_Version(current_UCS_version) < UCS_Version(univentionUCSVersionStart):
ud.debug(ud.LISTENER, ud.INFO, '%s: extension %s requires at least UCR version %s.' % (name, new['cn'][0], univentionUCSVersionStart))
new = None
elif univentionUCSVersionEnd and UCS_Version(current_UCS_version) > UCS_Version(univentionUCSVersionEnd):
ud.debug(ud.LISTENER, ud.INFO, '%s: extension %s specifies compatibility only up to and including UCR version %s.' % (name, new['cn'][0], univentionUCSVersionEnd))
new = None
elif old:
ocs = old.get('objectClass', [])
if 'univentionUDMModule' in ocs:
objectclass = 'univentionUDMModule'
udm_module_name = 'settings/udm_module'
target_subdir = 'univention/admin/handlers'
elif 'univentionUDMHook' in ocs:
objectclass = 'univentionUDMHook'
udm_module_name = 'settings/udm_hook'
target_subdir = 'univention/admin/hooks.d'
elif 'univentionUDMSyntax' in ocs:
objectclass = 'univentionUDMSyntax'
udm_module_name = 'settings/udm_syntax'
target_subdir = 'univention/admin/syntax.d'
else:
ud.debug(ud.LISTENER, ud.ERROR, '%s: Undetermined error: unknown objectclass: %s.' % (name, ocs))
if new:
new_version = new.get('univentionOwnedByPackageVersion', [None])[0]
if not new_version:
return
new_pkgname = new.get('univentionOwnedByPackage', [None])[0]
if not new_pkgname:
return
if old: # check for trivial changes
diff_keys = [key for key in new.keys() if new.get(key) != old.get(key) and key not in ('entryCSN', 'modifyTimestamp', 'modifiersName')]
if diff_keys == ['%sActive' % objectclass] and new.get('%sActive' % objectclass)[0] == 'TRUE':
ud.debug(ud.LISTENER, ud.INFO, '%s: %s: activation status changed.' % (name, new['cn'][0]))
return
elif diff_keys == ['univentionAppIdentifier']:
ud.debug(ud.LISTENER, ud.INFO, '%s: %s: App identifier changed.' % (name, new['cn'][0]))
return
if new_pkgname == old.get('univentionOwnedByPackage', [None])[0]:
old_version = old.get('univentionOwnedByPackageVersion', ['0'])[0]
rc = apt.apt_pkg.version_compare(new_version, old_version)
if not rc > -1:
ud.debug(ud.LISTENER, ud.WARN, '%s: New version is lower than version of old object (%s), skipping update.' % (name, old_version))
return
# ok, basic checks passed, handle the data
try:
new_object_data = bz2.decompress(new.get('%sData' % objectclass)[0])
except TypeError:
ud.debug(ud.LISTENER, ud.ERROR, '%s: Error uncompressing data of object %s.' % (name, dn))
return
new_relative_filename = new.get('%sFilename' % objectclass)[0]
listener.setuid(0)
try:
if not install_python_file(objectclass, target_subdir, new_relative_filename, new_object_data):
return
install_messagecatalog(dn, new, objectclass)
if objectclass == 'univentionUDMModule':
install_umcregistration(dn, new)
install_umcicons(dn, new)
finally:
listener.unsetuid()
elif old:
# ok, basic checks passed, handle the change
old_relative_filename = old.get('%sFilename' % objectclass)[0]
listener.setuid(0)
try:
remove_python_file(objectclass, target_subdir, old_relative_filename)
remove_messagecatalog(dn, old, objectclass)
if objectclass == 'univentionUDMModule':
remove_umcicons(dn, old)
remove_umcregistration(dn, old)
finally:
listener.unsetuid()
# Kill running univention-cli-server and mark new extension object active
listener.setuid(0)
try:
if new:
if not listener.configRegistry.get('server/role') == 'domaincontroller_master':
# Only set active flag on Master
return
try:
lo, ldap_position = udm_uldap.getAdminConnection()
udm_modules.update()
udm_module = udm_modules.get(udm_module_name)
udm_modules.init(lo, ldap_position, udm_module)
try:
udm_object = udm_module.object(None, lo, ldap_position, dn)
udm_object.open()
udm_object['active'] = True
udm_object.modify()
except udm_errors.ldapError as e:
ud.debug(ud.LISTENER, ud.ERROR, '%s: Error modifying %s: %s.' % (name, dn, e))
except udm_errors.noObject as e:
ud.debug(ud.LISTENER, ud.ERROR, '%s: Error modifying %s: %s.' % (name, dn, e))
except udm_errors.ldapError as e:
ud.debug(ud.LISTENER, ud.ERROR, '%s: Error accessing UDM: %s' % (name, e))
finally:
listener.unsetuid()
#!/usr/bin/env python2
from ucsschool.lib.models.user import Student
from univention.admin.uldap import getAdminConnection
import sys
lo, po = getAdminConnection()
student = Student(name='Teststudent',
firstname='Test',
lastname='Student',
school='School1')
student.create(lo)
student2 = Student(name='Teststudent2',
firstname='Test2',
lastname='Student2',
school='School2')
student2.create(lo)
student3 = Student(name='Teststudent3',
firstname='Test3',
lastname='Student3',
school='School1',
schools=['School1', 'School2'])
student3.create(lo)
s = lo.get(student.dn)
if ['School1'] != s['ucsschoolSchool']:
print('Error: Student should only be in School1')
sys.exit(1)
def get_admin_connection():
return getAdminConnection()
#!/usr/bin/python
import univention.admin.objects
import univention.admin.modules as modules
import univention.admin.uldap as uldap
import univention.admin.config as config
import univention.config_registry
import random
import time
import subprocess
import sys
lo, position = uldap.getAdminConnection()
co = config.config()
ucr = univention.config_registry.ConfigRegistry()
ucr.load()
base = ucr.get('ldap/base')
cusers = 5000
cgroups = 1050
cuseringroups = 50
cgroupsForTestUser = 50
username = "******"
groupname = "testgroup"
modules.update()
users = modules.get('users/user')
modules.init(lo, position, users)
groups = modules.get('groups/group')
modules.init(lo, position, groups)
