def check_domain(self, username, password, ad_server_address, mode): ad_domain_info = {} try: if mode == 'admember': admember.check_server_role() ad_domain_info = admember.lookup_adds_dc(ad_server_address) ad_server_ip = ad_domain_info['DC IP'] if mode == 'admember': admember.check_domain(ad_domain_info) admember.check_connection(ad_domain_info, username, password) admember.check_ad_account(ad_domain_info, username, password) except admember.invalidUCSServerRole as exc: # check_server_role() MODULE.warn('Failure: %s' % exc) raise UMC_Error( _('The AD member mode can only be configured on a DC master server.' )) except admember.failedADConnect as exc: # lookup_adds_dc() MODULE.warn('Failure: %s' % exc) raise UMC_Error( _('Could not connect to AD Server %s. Please verify that the specified address is correct. (%s)' ) % (ad_server_address, 'check_domain: %s' % (exc, ))) except admember.domainnameMismatch as exc: # check_domain() MODULE.warn('Failure: %s' % exc) raise UMC_Error( _('The domain name of the AD Server (%(ad_domain)s) does not match the local UCS domain name (%(ucs_domain)s). For the AD member mode, it is necessary to setup a UCS system with the same domain name as the AD Server.' ) % { 'ad_domain': ad_domain_info.get("Domain"), 'ucs_domain': ucr['domainname'] }) except admember.connectionFailed as exc: # check_connection() MODULE.warn('Failure: %s' % exc) raise UMC_Error( _('Could not connect to AD Server %s. Please verify that username and password are correct. (Details:\n%s)' ) % (ad_domain_info.get('DC DNS Name'), exc)) except admember.notDomainAdminInAD as exc: # check_ad_account() MODULE.warn('Failure: %s' % exc) raise UMC_Error( _('The given user is not member of the Domain Admins group in Active Directory. This is a requirement for the Active Directory domain join.' )) # final info dict that is returned... replace spaces in the keys with '_' MODULE.info('Preparing info dict...') info = dict([(key.replace(' ', '_'), value) for key, value in ad_domain_info.iteritems()]) info['ssl_supported'] = admember.server_supports_ssl(ad_server_ip) # try to get binddn info['LDAP_BindDN'] = get_ad_binddn_from_name(info['LDAP_Base'], ad_server_ip, username, password) MODULE.info(str(info)) return info
def check_credentials_ad(nameserver, address, username, password): try: ad_domain_info = lookup_adds_dc(address, ucr={'nameserver1': nameserver}) check_connection(ad_domain_info, username, password) do_time_sync(address) check_ad_account(ad_domain_info, username, password) except failedADConnect: # Not checked... no AD! raise UMC_Error(_('The connection to the Active Directory server failed. Please recheck the address.')) except connectionFailed: # checked: failed! raise UMC_Error(_('The connection to the Active Directory server was refused. Please recheck the password.')) except notDomainAdminInAD: # check_ad_account() # checked: Not a Domain Administrator! raise UMC_Error(_("The given user is not member of the Domain Admins group in Active Directory. This is a requirement for the Active Directory domain join.")) else: return ad_domain_info['Domain']