def test_check_univentionDefaultGroup_membership_after_create(udm): """Check default primary group membership after users/user create""" # from users/user: lookup univentionDefaultGroup lo = utils.get_ldap_connection() pos = position(lo.base) searchResult = lo.search(filter='(objectClass=univentionDefault)', base='cn=univention,' + pos.getDomain(), attr=['univentionDefaultGroup']) if not searchResult or not searchResult[0][1]: utils.fail( 'Test system is broken: univentionDefaultGroup value not found') groupdn = searchResult[0][1]['univentionDefaultGroup'][0].decode('utf-8') # lookup previous members for comparison searchResult = lo.search(base=groupdn, scope='base', attr=['uniqueMember', 'memberUid']) if not searchResult or not searchResult[0][1]: utils.fail( 'Test system is broken: univentionDefaultGroup object missing: %s' % groupdn) uniqueMember = searchResult[0][1]['uniqueMember'] memberUid = searchResult[0][1]['memberUid'] # now create users/user object userdn, uid = udm.create_user(primaryGroup=groupdn) # and check if the object has been added to univentionDefaultGroup uniqueMember.append(userdn.encode('utf-8')) memberUid.append(uid.encode('utf-8')) utils.verify_ldap_object(groupdn, {'uniqueMember': uniqueMember}) utils.verify_ldap_object(groupdn, {'memberUid': memberUid})
def create_without_hooks(self, lo, validate): if self.exists(lo): return False logger.info('Creating %r', self) if validate: self.validate(lo) if self.errors: raise ValidationError(self.errors.copy()) pos = udm_uldap.position(ucr.get('ldap/base')) container = self.position if not container: logger.error('%r cannot determine a container. Unable to create!', self) return False try: pos.setDn(container) udm_obj = udm_modules.get(self._meta.udm_module).object( None, lo, pos, superordinate=self.get_superordinate(lo)) udm_obj.open() # here is the real logic self.do_create(udm_obj, lo) # get it fresh from the database (needed for udm_obj._exists ...) self.set_dn(self.dn) logger.info('%r successfully created', self) return True finally: self.invalidate_cache()
def __init__(self, userdn=None, password=None, host='localhost', base=None, start_tls=2, access=None, format=None): self._cached = {} self._modules = {} self._policies = {} self._format = format self._bc = ConfigRegistry() self._bc.load() self.__reverse = {} if not base: self._base = self._bc['ldap/base'] else: self._base = base self._position = ua_ldap.position(self._base) if access: self._access = access else: self._access = ua_ldap.access(host=host, base=self._base, binddn=userdn, bindpw=password, start_tls=start_tls) ua_modules.update()
def po(self): """ Get a LDAP position object for the base DN (ldap/base). :return: univention.admin.uldap.position object """ if not self._po: self._po = position(self.lo.base) return self._po
def open_ldap(self): ldap_host = self.changeset.ucr["ldap/master"] ldap_base = self.changeset.ucr["ldap/base"] self.ldap = uldap.access( host=ldap_host, base=ldap_base, binddn=self.binddn, bindpw=self.bindpwd, ) self.position = uldap.position(ldap_base)
def get_connection(userdn, password): port = int(ucr_get('ldap/master/port', '7389')) host = ucr_get('ldap/master') base = ucr_get('ldap/base') lo = base_access(host=host, port=port, base=base, binddn=userdn, bindpw=password) lo = access(lo=lo) pos = position(lo.base) return lo, pos
def create_roleshare_on_server(role, school_ou, share_container_dn, serverfqdn, teacher_group=None, ucr=None, ldap_user_read=None, ldap_user_write=None, ldap_position=None): if not ucr: ucr = univention.config_registry.ConfigRegistry() ucr.load() if not teacher_group: teacher_groupname = '-'.join( (ucs_school_name_i18n(role_teacher), school_ou)) teacher_group = Group(name=teacher_groupname, school=school_ou).get_udm_object(ldap_user_read) if not teacher_group: raise univention.admin.uexceptions.noObject( 'Group not found: %s.' % teacher_groupname) else: teacher_groupname = teacher_group['name'] custom_groupname_domainadmins = custom_groupname('Domain Admins') try: udm_module_name = 'shares/share' udm_modules.init(ldap_user_write, ldap_position, udm_modules.get(udm_module_name)) share_container = udm_uldap.position(share_container_dn) udm_obj = udm_modules.get(udm_module_name).object( None, ldap_user_write, share_container) udm_obj.open() udm_obj.options = ['samba'] udm_obj['name'] = roleshare_name(role, school_ou, ucr) udm_obj['path'] = os.path.join('/home', roleshare_path(role, school_ou, ucr)) udm_obj['host'] = serverfqdn udm_obj['group'] = teacher_group['gidNumber'] udm_obj['sambaBrowseable'] = "0" udm_obj['sambaWriteable'] = "0" udm_obj['sambaValidUsers'] = '@"%s" @"%s"' % ( teacher_groupname, custom_groupname_domainadmins) udm_obj['sambaCustomSettings'] = [ ('admin users', '@"%s" @"%s"' % (teacher_groupname, custom_groupname_domainadmins)) ] udm_obj.create() except univention.admin.uexceptions.objectExists as exc: print 'Object exists: %s' % (exc.args[0], ) else: print 'Object created: %s' % _2utf8(udm_obj.dn)
def create(self, lo, validate=True): logger.info('Creating %r', self) pos = udm_uldap.position(ucr.get('ldap/base')) pos.setDn(self.position) udm_obj = udm_modules.get(self._meta.udm_module).object(None, lo, pos) udm_obj.open() udm_obj['name'] = self.name try: self.do_create(udm_obj, lo) except objectExists as exc: return exc.args[0] else: return udm_obj.dn
def get_user_connection(userdn, password): __init_users_module() ucr.load() try: # open an LDAP connection with the user password and credentials return udm_uldap.access( host=ucr.get('ldap/server/name'), base=ucr.get('ldap/base'), port=int(ucr.get('ldap/server/port', 7389)), binddn=userdn, bindpw=password, follow_referral=True ), udm_uldap.position(ucr.get('ldap/base')) except (udm_errors.base, LDAPError) as exc: CORE.warn('Failed to get ldap connection for UDM user object %s: %s' % (userdn, exc)) return None, None
def __init__( self, userdn = None, password = None, host = 'localhost', base = None, start_tls = 2, access = None, format = True ): self._cached = {} self._modules = {} self._policies = {} self._format = format self._bc = ub.baseConfig() self._bc.load() self.__reverse = {} if not base: self._base = self._bc[ 'ldap/base' ] else: self._base = base self._position = ua_ldap.position( self._base ) if access: self._access = access else: self._access = ua_ldap.access( host = host, base = self._base, binddn = userdn, bindpw = password, start_tls = start_tls ) ua_modules.update() self._config = ua_config.config( host = host )
def wrapper_func( *args, **kwargs ): global _ldap_connection, _ldap_position, _user_dn, _password, _licenseCheck if _ldap_connection is not None: MODULE.info( 'Using open LDAP connection for user %s' % _user_dn ) lo = _ldap_connection po = _ldap_position else: MODULE.info( 'Opening LDAP connection for user %s' % _user_dn ) try: lo = udm_uldap.access( host = ucr.get( 'ldap/master' ), base = ucr.get( 'ldap/base' ), binddn = _user_dn, bindpw = _password ) # license check (see also univention.admin.uldap.access.bind()) if not GPLversion: try: _licenseCheck = univention.admin.license.init_select(lo, 'admin') if _licenseCheck in range(1, 5) or _licenseCheck in range(6,12): lo.allow_modify = 0 if _licenseCheck is not None: lo.requireLicense() except univention.admin.uexceptions.licenseInvalid: lo.allow_modify = 0 lo.requireLicense() except univention.admin.uexceptions.licenseNotFound: lo.allow_modify = 0 lo.requireLicense() except univention.admin.uexceptions.licenseExpired: lo.allow_modify = 0 lo.requireLicense() except univention.admin.uexceptions.licenseWrongBaseDn: lo.allow_modify = 0 lo.requireLicense() po = udm_uldap.position( lo.base ) except udm_errors.noObject, e: raise e except LDAPError, e: raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) )
def _create_new_network(self, forward_zone, reverse_zone, dhcp_service): ipv4 = self.changeset.new_interfaces.get_default_ipv4_address() network_position = uldap.position(self.position.getDn()) network_position.setDn("cn=networks,%(ldap/base)s" % self.changeset.ucr) network_module = modules.get("networks/network") modules.init(self.ldap, self.position, network_module) network = network_module.object(None, self.ldap, network_position) network.info["name"] = "default" network.info["network"] = str(ipv4.network) network.info["netmask"] = str(ipv4.netmask) if forward_zone: network.info["dnsEntryZoneForward"] = forward_zone if reverse_zone: network.info["dnsEntryZoneReverse"] = reverse_zone if dhcp_service: network.info["dhcpEntryZone"] = dhcp_service self.logger.info("Creating '%s' with '%r'...", network.position.getDn(), network.info) if not self.changeset.no_act: network.create()
kwargs[ 'ldap_connection' ] = lo kwargs[ 'ldap_position' ] = po try: ret = func( *args, **kwargs ) _ldap_connection = lo _ldap_position = po return ret except (udm_errors.ldapSizelimitExceeded, udm_errors.ldapTimeout), e: raise e except ( LDAPError, udm_errors.base ), e: MODULE.info( 'LDAP operation for user %s has failed' % _user_dn ) try: lo = udm_uldap.access( host = ucr.get( 'ldap/master' ), base = ucr.get( 'ldap/base' ), binddn= _user_dn, bindpw = _password ) lo.requireLicense() po = udm_uldap.position( lo.base ) except udm_errors.noObject, e: raise e except ( LDAPError, udm_errors.base ), e: raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) ) kwargs[ 'ldap_connection' ] = lo kwargs[ 'ldap_position' ] = po try: ret = func( *args, **kwargs ) _ldap_connection = lo _ldap_position = po return ret except (udm_errors.ldapSizelimitExceeded, udm_errors.ldapTimeout), e: raise e except udm_errors.base, e:
def init_udm_module(cls, lo): if cls._meta.udm_module in cls._initialized_udm_modules: return pos = udm_uldap.position(lo.base) udm_modules.init(lo, pos, udm_modules.get(cls._meta.udm_module)) cls._initialized_udm_modules.append(cls._meta.udm_module)