Esempio n. 1
0
File: dhcp.py Progetto: B-Rich/smart
def postrun():
	ucr = ConfigRegistry()
	ucr.load()

	if ucr.is_true("dhcpd/autostart", False):
		if ucr.is_true('dhcpd/restart/listener', False):
			ud.debug(ud.LISTENER, ud.INFO, 'DHCP: Restarting server')
			try:
				listener.run('/etc/init.d/univention-dhcp', ['univention-dhcp', 'restart'], uid=0)
			except Exception, e:
				ud.debug(ud.ADMIN, ud.WARN, 'The restart of the DHCP server failed: %s' % str(e))
		else:
			ud.debug(ud.ADMIN, ud.INFO, 'DHCP: the automatic restart of the dhcp server by the listener is disabled. Set dhcpd/restart/listener to true to enable this option.')
Esempio n. 2
0
def main() -> None:
    """
    Set repository server.
    """
    ucr = ConfigRegistry()
    ucr.load()

    hostdn = ucr.get('ldap/hostdn')
    if not hostdn:
        # can't query policy without host-dn
        exit(0)

    online_server = ucr.get('repository/online/server')
    mirror_server = ucr.get('repository/mirror/server')
    fqdn = '%(hostname)s.%(domainname)s' % ucr
    self_update = '%(version/version)s-%(version/patchlevel)s' % ucr

    ucr_variables = []  # type: List[str]

    new_server, policy_update = query_policy(hostdn)
    policy_update or self_update  # FIXME: not used - should be pass to `univention-repository-update --updateto=`

    if ucr.is_true('local/repository'):
        # on a repository server
        if not new_server:
            ucr_variables.append('repository/online/server?%s' % fqdn)
        elif new_server != mirror_server and new_server != fqdn:
            ucr_variables.append('repository/mirror/server=%s' % new_server)
    else:
        # without a local repository
        if new_server and new_server != online_server:
            ucr_variables.append('repository/online/server=%s' % new_server)

    if ucr_variables:
        handler_set(ucr_variables)
def write_cron_job(configRegistry: ConfigRegistry, cron: str, updateto: str,
                   reboot: str, try_release_update: bool) -> None:
    with open(CRON_D, 'w') as file:
        file.write('# cron job for update\n')
        file.write('PATH=/sbin:/usr/sbin:/usr/bin:/bin\n')
        if cron == '* * * * * ':
            return
        cmd = ['/usr/sbin/jitter 600 true']
        if try_release_update:
            cmd.append(
                '/usr/share/univention-updater/univention-updater %s %s --silent --noninteractive'
                % (
                    'local'
                    if configRegistry.is_true('local/repository') else 'net',
                    '--updateto=%s' % (quote(updateto), ) if updateto else '',
                ))
        cmd.append(
            '/usr/share/univention-updater/univention-actualise --dist-upgrade --silent'
        )
        if reboot:
            cmd.append(
                'if [ -f /run/univention-updater-reboot ];then '
                'at -f /var/lib/univention-updater/reboot.at -- %s 2>/dev/null;'
                'rm -f /run/univention-updater-reboot;'
                'fi' % (quote(reboot), ))
        print('%s\troot\t%s' % (cron, ';'.join(cmd)), file=file)
Esempio n. 4
0
def postrun():
	baseConfig = ConfigRegistry()
	baseConfig.load()

	if baseConfig.is_true('nscd/group/invalidate_cache_on_changes', False) and baseConfig.is_false('nss/group/cachefile', True):
		listener.setuid(0)
		try:
			univention.debug.debug(univention.debug.LISTENER, univention.debug.INFO, "calling 'nscd -i group'")
			listener.run('/usr/sbin/nscd', ['nscd', '-i', 'group'], uid=0)
		except:
			univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR, "nscd -i group was not successful")
		listener.unsetuid()
Esempio n. 5
0
def postrun():
    ucr = ConfigRegistry()
    ucr.load()

    if ucr.is_true("dhcpd/autostart", False):
        if ucr.is_true('dhcpd/restart/listener', False):
            ud.debug(ud.LISTENER, ud.INFO, 'DHCP: Restarting server')
            try:
                listener.run('/etc/init.d/univention-dhcp',
                             ['univention-dhcp', 'restart'],
                             uid=0)
            except Exception as e:
                ud.debug(ud.ADMIN, ud.WARN,
                         'The restart of the DHCP server failed: %s' % str(e))
        else:
            ud.debug(
                ud.ADMIN, ud.INFO,
                'DHCP: the automatic restart of the dhcp server by the listener is disabled. Set dhcpd/restart/listener to true to enable this option.'
            )
    else:
        ud.debug(ud.LISTENER, ud.INFO,
                 'DHCP: dcpd disabled in config_registry - not started.')
def postrun():
    # type: () -> None
    configRegistry = ConfigRegistry()  # TODO: why not listener.configRegistry?
    configRegistry.load()

    if configRegistry.is_true('nscd/group/invalidate_cache_on_changes',
                              False) and configRegistry.is_false(
                                  'nss/group/cachefile', True):
        listener.setuid(0)
        try:
            ud.debug(ud.LISTENER, ud.INFO, "calling 'nscd -i group'")
            listener.run('/usr/sbin/nscd', ['nscd', '-i', 'group'], uid=0)
        except Exception:
            ud.debug(ud.LISTENER, ud.ERROR, "nscd -i group was not successful")
        finally:
            listener.unsetuid()
Esempio n. 7
0
def s4connector_present():
    # type: () -> bool
    ucr = ConfigRegistry()
    ucr.load()

    if ucr.is_true('directory/manager/samba3/legacy', False):
        return False
    if ucr.is_false('directory/manager/samba3/legacy', False):
        return True

    for dn, attr in get_ldap_connection().search(
            filter=
            '(&(|(objectClass=univentionDomainController)(objectClass=univentionMemberServer))(univentionService=S4 Connector))',
            attr=['aRecord']):
        if 'aRecord' in attr:
            return True
    return False
 def is_true(self, key):
     value = self.get(key)
     if value:
         value = value.lower()
     ucr = ConfigRegistry()
     return ucr.is_true(value=value)
        sys.exit(1)
    if '%s/ad/ldap/port' % CONFIGBASENAME not in baseConfig:
        print '%s/ad/ldap/port not set' % CONFIGBASENAME
        sys.exit(1)
    if '%s/ad/ldap/base' % CONFIGBASENAME not in baseConfig:
        print '%s/ad/ldap/base not set' % CONFIGBASENAME
        sys.exit(1)
    if '%s/ad/ldap/binddn' % CONFIGBASENAME not in baseConfig:
        print '%s/ad/ldap/binddn not set' % CONFIGBASENAME
        sys.exit(1)
    if '%s/ad/ldap/bindpw' % CONFIGBASENAME not in baseConfig:
        print '%s/ad/ldap/bindpw not set' % CONFIGBASENAME
        sys.exit(1)

    ca_file = baseConfig.get('%s/ad/ldap/certificate' % CONFIGBASENAME)
    if baseConfig.is_true('%s/ad/ldap/ssl' % CONFIGBASENAME,
                          True) or baseConfig.is_true(
                              '%s/ad/ldap/ldaps' % CONFIGBASENAME, False):
        if ca_file:
            # create a new CAcert file, which contains the UCS CA and the AD CA,
            # see Bug #17768 for details
            #  https://forge.univention.org/bugzilla/show_bug.cgi?id=17768
            new_ca_filename = '/var/cache/univention-ad-connector/CAcert-%s.pem' % CONFIGBASENAME
            new_ca = open(new_ca_filename, 'w')

            ca = open('/etc/univention/ssl/ucsCA/CAcert.pem', 'r')
            new_ca.write(string.join(ca.readlines(), ''))
            ca.close()

            ca = open(baseConfig['%s/ad/ldap/certificate' % CONFIGBASENAME])
            new_ca.write(string.join(ca.readlines(), ''))
            ca.close()
Esempio n. 10
0
def connect():
	print(time.ctime())

	baseConfig = ConfigRegistry()
	baseConfig.load()

	if '%s/ad/ldap/host' % CONFIGBASENAME not in baseConfig:
		print('%s/ad/ldap/host not set' % CONFIGBASENAME)
		sys.exit(1)
	if '%s/ad/ldap/port' % CONFIGBASENAME not in baseConfig:
		print('%s/ad/ldap/port not set' % CONFIGBASENAME)
		sys.exit(1)
	if '%s/ad/ldap/base' % CONFIGBASENAME not in baseConfig:
		print('%s/ad/ldap/base not set' % CONFIGBASENAME)
		sys.exit(1)
	if '%s/ad/ldap/binddn' % CONFIGBASENAME not in baseConfig:
		print('%s/ad/ldap/binddn not set' % CONFIGBASENAME)
		sys.exit(1)
	if '%s/ad/ldap/bindpw' % CONFIGBASENAME not in baseConfig:
		print('%s/ad/ldap/bindpw not set' % CONFIGBASENAME)
		sys.exit(1)

	ca_file = baseConfig.get('%s/ad/ldap/certificate' % CONFIGBASENAME)
	if baseConfig.is_true('%s/ad/ldap/ssl' % CONFIGBASENAME, True) or baseConfig.is_true('%s/ad/ldap/ldaps' % CONFIGBASENAME, False):
		if ca_file:
			# create a new CAcert file, which contains the UCS CA and the AD CA,
			# see Bug #17768 for details
			#  https://forge.univention.org/bugzilla/show_bug.cgi?id=17768
			new_ca_filename = '/var/cache/univention-ad-connector/CAcert-%s.pem' % CONFIGBASENAME
			new_ca = open(new_ca_filename, 'w')

			ca = open('/etc/univention/ssl/ucsCA/CAcert.pem', 'r')
			new_ca.write(''.join(ca.readlines()))
			ca.close()

			ca = open(baseConfig['%s/ad/ldap/certificate' % CONFIGBASENAME])
			new_ca.write(''.join(ca.readlines()))
			ca.close()

			new_ca.close()

			ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, new_ca_filename)
		else:
			ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)

	if '%s/ad/listener/dir' % CONFIGBASENAME not in baseConfig:
		print('%s/ad/listener/dir not set' % CONFIGBASENAME)
		sys.exit(1)

	if '%s/ad/retryrejected' % CONFIGBASENAME not in baseConfig:
		baseconfig_retry_rejected = 10
	else:
		baseconfig_retry_rejected = baseConfig['%s/ad/retryrejected' % CONFIGBASENAME]

	ad_ldap_bindpw = open(baseConfig['%s/ad/ldap/bindpw' % CONFIGBASENAME]).read()
	if ad_ldap_bindpw[-1] == '\n':
		ad_ldap_bindpw = ad_ldap_bindpw[0:-1]

	poll_sleep = int(baseConfig['%s/ad/poll/sleep' % CONFIGBASENAME])
	ad_init = None
	while not ad_init:
		try:
			ad = univention.connector.ad.ad(
				CONFIGBASENAME,
				mapping.ad_mapping,
				baseConfig,
				baseConfig['%s/ad/ldap/host' % CONFIGBASENAME],
				baseConfig['%s/ad/ldap/port' % CONFIGBASENAME],
				baseConfig['%s/ad/ldap/base' % CONFIGBASENAME],
				baseConfig['%s/ad/ldap/binddn' % CONFIGBASENAME],
				ad_ldap_bindpw,
				baseConfig['%s/ad/ldap/certificate' % CONFIGBASENAME],
				baseConfig['%s/ad/listener/dir' % CONFIGBASENAME]
			)
			ad_init = True
		except ldap.SERVER_DOWN:
			print("Warning: Can't initialize LDAP-Connections, wait...")
			sys.stdout.flush()
			time.sleep(poll_sleep)

	# Initialisierung auf UCS und AD Seite durchfuehren
	ad_init = None
	ucs_init = None

	while not ucs_init:
		try:
			ad.initialize_ucs()
			ucs_init = True
		except ldap.SERVER_DOWN:
			print("Can't contact LDAP server during ucs-poll, sync not possible.")
			sys.stdout.flush()
			time.sleep(poll_sleep)
			ad.open_ad()
			ad.open_ucs()

	while not ad_init:
		try:
			ad.initialize()
			ad_init = True
		except ldap.SERVER_DOWN:
			print("Can't contact LDAP server during ucs-poll, sync not possible.")
			sys.stdout.flush()
			time.sleep(poll_sleep)
			ad.open_ad()
			ad.open_ucs()

	retry_rejected = 0
	connected = True
	while connected:
		print(time.ctime())
		# Aenderungen pollen
		sys.stdout.flush()
		while True:
			# Read changes from OpenLDAP
			try:
				change_counter = ad.poll_ucs()
				if change_counter > 0:
					# UCS changes, read again from UCS
					retry_rejected = 0
					time.sleep(1)
					continue
				else:
					break
			except ldap.SERVER_DOWN:
				print("Can't contact LDAP server during ucs-poll, sync not possible.")
				connected = False
				sys.stdout.flush()
				break

		while True:
			try:
				change_counter = ad.poll()
				if change_counter > 0:
					# AD changes, read again from AD
					retry_rejected = 0
					time.sleep(1)
					continue
				else:
					break
			except ldap.SERVER_DOWN:
				print("Can't contact LDAP server during ad-poll, sync not possible.")
				connected = False
				sys.stdout.flush()
				break

		try:
			if str(retry_rejected) == baseconfig_retry_rejected:
				ad.resync_rejected_ucs()
				ad.resync_rejected()
				retry_rejected = 0
			else:
				retry_rejected += 1
		except ldap.SERVER_DOWN:
			print("Can't contact LDAP server during resync rejected, sync not possible.")
			connected = False
			sys.stdout.flush()
			change_counter = 0
			retry_rejected += 1

		print('- sleep %s seconds (%s/%s until resync) -' % (poll_sleep, retry_rejected, baseconfig_retry_rejected))
		sys.stdout.flush()
		time.sleep(poll_sleep)
	ad.close_debug()
 def is_enabled():
     ucr = ConfigRegistry()
     ucr.load()
     return ucr.is_true("umc/self-service/passwordreset/email/enabled")
Esempio n. 12
0
def handler(*args, **kw):
    log.info("kolab.handler(args(%d): %r, kw: %r)" % (len(args), args, kw))

    auth = Auth()
    auth.connect()

    if len(args) == 4:
        # moddn
        dn = args[0]
        new = utils.normalize(args[1])
        old = utils.normalize(args[2])
        command = args[4]
        pass

    elif len(args) == 3:
        dn = args[0]
        new = utils.normalize(args[1])
        old = utils.normalize(args[2])

        if isinstance(old, dict) and len(old.keys()) > 0:
            # Two options:
            # - entry changed
            # - entry deleted
            log.info("user %r, old is dict" % (dn))

            if isinstance(new, dict) and len(new.keys()) > 0:
                log.info("Modify entry %r" % (dn))

                mailserver_attribute = conf.get('ldap', 'mailserver_attribute').lower()

                if mailserver_attribute == None:
                    log.error("Mail server attribute is not set")
                    return

                if old.has_key(mailserver_attribute):
                    log.info("Modified entry %r has mail server attribute %s: %r" % (dn, mailserver_attribute, new[mailserver_attribute]))

                    if not old[mailserver_attribute] == constants.fqdn:
                        # Even though the new mailserver can be us, it is the
                        # *current* mail server that needs to push for the XFER.
                        log.info("The mail server for user %r is set, and it is not me (%r)" % (dn, old[mailserver_attribute]))
                        return

                else:
                    # If old has no mailserver attribute, but new does, we need to create
                    # the user locally.
                    if new.has_key(mailserver_attribute):
                        if not new[mailserver_attribute] == constants.fqdn:
                            log.info("The mail server for user %r is set (in new, not old), but it is not me (%r)" % (dn, new[mailserver_attribute]))
                            return
                    else:
                        log.info("Entry %r does not have a mail server attribute." % (dn))
                        return

                auth._auth._synchronize_callback(
                        change_type = 'modify',
                        previous_dn = None,
                        change_number = None,
                        dn = dn,
                        entry = new
                    )

            else:
                log.info("Delete entry %r" % (dn))

                # See if the mailserver_attribute exists
                mailserver_attribute = conf.get('ldap', 'mailserver_attribute').lower()

                if mailserver_attribute == None:
                    log.error("Mail server attribute is not set")
                    # TODO: Perhaps, query for IMAP servers. If there is only one,
                    #       we know what to do.
                    return

                if old.has_key(mailserver_attribute):
                    log.info("Deleted entry %r has mail server attribute %s: %r" % (dn, mailserver_attribute, old[mailserver_attribute]))

                    if not old[mailserver_attribute] == constants.fqdn:
                        log.info("The mail server for user %r is set, and it is not me (%r)" % (dn, old[mailserver_attribute]))
                        return

                else:
                    log.info("Entry deletion notification for %r does not have a mail server attribute specified." % (dn))

                cfg = ConfigRegistry()
                cfg.load()

                if cfg.is_true('mail/cyrus/mailbox/delete', True):
                    auth._auth._synchronize_callback(
                            change_type = 'delete',
                            previous_dn = None,
                            change_number = None,
                            dn = dn,
                            entry = old
                        )

        elif isinstance(new, dict) and len(new.keys()) > 0:
            # Old is not a dict (or empty), so the entry is just created
            log.info("Add entry %r" % (dn))

            # See if the mailserver_attribute exists
            mailserver_attribute = conf.get('ldap', 'mailserver_attribute').lower()

            if mailserver_attribute == None:
                log.error("Mail server attribute is not set")
                # TODO: Perhaps, query for IMAP servers. If there is only one,
                #       we know what to do.
                return

            if new.has_key(mailserver_attribute):
                log.info("Added entry %r has mail server attribute %s: %r" % (dn, mailserver_attribute, new[mailserver_attribute]))

                if not new[mailserver_attribute] == constants.fqdn:
                    log.info("The mail server for user %r is set, and it is not me (%r)" % (dn, new[mailserver_attribute]))
                    return

            else:
                log.info("Added entry %r does not have a mail server attribute set." % (dn))
                return

            auth._auth._synchronize_callback(
                    change_type = 'add',
                    previous_dn = None,
                    change_number = None,
                    dn = dn,
                    entry = new
                )

        else:
            log.info("entry %r changed, but no new or old attributes" % (dn))
			),
		},
		ucs_create_functions=[
			univention.connector.set_ucs_passwd_user,
			univention.connector.check_ucs_lastname_user,
			univention.connector.set_primary_group_user
		],
		post_con_modify_functions=list(filter(None, [
			univention.connector.ad.set_userPrincipalName_from_ucr,
			univention.connector.ad.password.password_sync_ucs if configRegistry.is_false('connector/ad/mapping/user/password/disabled', True) else None,
			univention.connector.ad.primary_group_sync_from_ucs,
			univention.connector.ad.object_memberships_sync_from_ucs,
			univention.connector.ad.disable_user_from_ucs,
		])),
		post_ucs_modify_functions=list(filter(None, [
			univention.connector.ad.password.password_sync_kinit if configRegistry.is_false('connector/ad/mapping/user/password/disabled', True) and configRegistry.is_true('connector/ad/mapping/user/password/kinit', False) else None,
			univention.connector.ad.password.password_sync if configRegistry.is_false('connector/ad/mapping/user/password/disabled', True) and not configRegistry.is_true('connector/ad/mapping/user/password/kinit', False) else None,
			univention.connector.ad.set_univentionObjectFlag_to_synced,
			univention.connector.ad.primary_group_sync_to_ucs,
			univention.connector.ad.object_memberships_sync_to_ucs,
			univention.connector.ad.disable_user_to_ucs,
		])),
		post_attributes={
			'organisation': univention.connector.attribute(
				ucs_attribute='organisation',
				ldap_attribute='o',
				con_attribute=configRegistry.get('connector/ad/mapping/organisation', 'company'),
			),
			'Exchange-Homeserver': univention.connector.attribute(
				ucs_attribute='Exchange-Homeserver',
				ldap_attribute='univentionADmsExchHomeServerName',
Esempio n. 14
0
import pytest
import subprocess
import time

from univention.admin.rest.client import UDM as UDMClient, Forbidden, Unauthorized, PreconditionFailed
from univention.config_registry import ConfigRegistry, handler_set
from univention.testing.utils import UCSTestDomainAdminCredentials
from univention.testing.udm import UDM
from univention.lib.misc import custom_groupname


ucr = ConfigRegistry()
ucr.load()


if ucr.is_true('ad/member'):
	# REST server needs to reload UCR variables for "Domain Adminis" group name
	subprocess.call(['service', 'univention-directory-manager-rest', 'restart'])


class UDMClient(UDMClient):

	@classmethod
	def master_connection(cls, username, password):
		return cls.http('https://%s/univention/udm/' % (ucr['ldap/master'],), username, password)

	@classmethod
	def test_connection(cls):
		account = UCSTestDomainAdminCredentials(ucr)
		return cls.master_connection(account.username, account.bindpw)
Esempio n. 15
0
def handler(*args, **kw):
    log.info("kolab.handler(args(%d): %r, kw: %r)" % (len(args), args, kw))

    auth = Auth()
    auth.connect()

    if len(args) == 4:
        # moddn
        dn = args[0]
        new = utils.normalize(args[1])
        old = utils.normalize(args[2])
        command = args[4]
        pass

    elif len(args) == 3:
        dn = args[0]
        new = utils.normalize(args[1])
        old = utils.normalize(args[2])

        if isinstance(old, dict) and len(old.keys()) > 0:
            # Two options:
            # - entry changed
            # - entry deleted
            log.info("user %r, old is dict" % (dn))

            if isinstance(new, dict) and len(new.keys()) > 0:
                log.info("Modify entry %r" % (dn))

                mailserver_attribute = conf.get(
                    'ldap', 'mailserver_attribute').lower()

                if mailserver_attribute is None:
                    log.error("Mail server attribute is not set")
                    return

                if mailserver_attribute in old:
                    log.info(
                        "Modified entry %r has mail server attribute %s: %r" %
                        (dn, mailserver_attribute, new[mailserver_attribute]))

                    if not old[mailserver_attribute] == constants.fqdn:
                        # Even though the new mailserver can be us, it is the
                        # *current* mail server that needs to push for the XFER.
                        log.info(
                            "The mail server for user %r is set, and it is not me (%r)"
                            % (dn, old[mailserver_attribute]))
                        return

                else:
                    # If old has no mailserver attribute, but new does, we need to create
                    # the user locally.
                    if mailserver_attribute in new:
                        if not new[mailserver_attribute] == constants.fqdn:
                            log.info(
                                "The mail server for user %r is set (in new, not old), but it is not me (%r)"
                                % (dn, new[mailserver_attribute]))
                            return
                    else:
                        log.info(
                            "Entry %r does not have a mail server attribute." %
                            (dn))
                        return

                auth._auth._synchronize_callback(change_type='modify',
                                                 previous_dn=None,
                                                 change_number=None,
                                                 dn=dn,
                                                 entry=new)

            else:
                log.info("Delete entry %r" % (dn))

                # See if the mailserver_attribute exists
                mailserver_attribute = conf.get(
                    'ldap', 'mailserver_attribute').lower()

                if mailserver_attribute is None:
                    log.error("Mail server attribute is not set")
                    # TODO: Perhaps, query for IMAP servers. If there is only one,
                    #       we know what to do.
                    return

                if mailserver_attribute in old:
                    log.info(
                        "Deleted entry %r has mail server attribute %s: %r" %
                        (dn, mailserver_attribute, old[mailserver_attribute]))

                    if not old[mailserver_attribute] == constants.fqdn:
                        log.info(
                            "The mail server for user %r is set, and it is not me (%r)"
                            % (dn, old[mailserver_attribute]))
                        return

                else:
                    log.info(
                        "Entry deletion notification for %r does not have a mail server attribute specified."
                        % (dn))

                cfg = ConfigRegistry()
                cfg.load()

                if cfg.is_true('mail/cyrus/mailbox/delete', True):
                    auth._auth._synchronize_callback(change_type='delete',
                                                     previous_dn=None,
                                                     change_number=None,
                                                     dn=dn,
                                                     entry=old)

        elif isinstance(new, dict) and len(new.keys()) > 0:
            # Old is not a dict (or empty), so the entry is just created
            log.info("Add entry %r" % (dn))

            # See if the mailserver_attribute exists
            mailserver_attribute = conf.get('ldap',
                                            'mailserver_attribute').lower()

            if mailserver_attribute is None:
                log.error("Mail server attribute is not set")
                # TODO: Perhaps, query for IMAP servers. If there is only one,
                #       we know what to do.
                return

            if mailserver_attribute in new:
                log.info("Added entry %r has mail server attribute %s: %r" %
                         (dn, mailserver_attribute, new[mailserver_attribute]))

                if not new[mailserver_attribute] == constants.fqdn:
                    log.info(
                        "The mail server for user %r is set, and it is not me (%r)"
                        % (dn, new[mailserver_attribute]))
                    return

            else:
                log.info(
                    "Added entry %r does not have a mail server attribute set."
                    % (dn))
                return

            auth._auth._synchronize_callback(change_type='add',
                                             previous_dn=None,
                                             change_number=None,
                                             dn=dn,
                                             entry=new)

        else:
            log.info("entry %r changed, but no new or old attributes" % (dn))
parser.add_option("-t",
                  "--test",
                  dest="test",
                  help="test run",
                  action="store_true",
                  default=False)
options, args = parser.parse_args()

syslog.openlog(ident="listfilter",
               logoption=syslog.LOG_PID,
               facility=syslog.LOG_MAIL)
ucr = ConfigRegistry()
ucr.load()
univention.admin.modules.update()
usersmod = univention.admin.modules.get("users/user")
check_sasl_username = ucr.is_true(
    "mail/postfix/policy/listfilter/use_sasl_username", True)
_do_debug = ucr.is_true("mail/postfix/policy/listfilter/debug", False)


def debug(msg, *args):
    if _do_debug:
        msg = "listfilter: {}".format(msg % args)
        if options.test:
            sys.stderr.write("{}\n".format(msg))
        else:
            syslog.syslog(syslog.LOG_DEBUG, msg)


def listfilter(attrib):
    if check_sasl_username:
        sender = attrib.get("sasl_username", None)
Esempio n. 17
0
                         WARN=ud.WARN,
                         WARNING=ud.WARN,
                         INFO=ud.PROCESS,
                         DEBUG=ud.ALL,
                         NOTSET=ud.ALL)
LOGGING_TO_SYSLOG = dict(CRITICAL=syslog.LOG_CRIT,
                         ERROR=syslog.LOG_ERR,
                         WARN=syslog.LOG_WARNING,
                         WARNING=syslog.LOG_WARNING,
                         INFO=syslog.LOG_INFO,
                         DEBUG=syslog.LOG_DEBUG,
                         NOTSET=syslog.LOG_DEBUG)

ucr = ConfigRegistry()
ucr.load()
_werror = ucr.is_true("office365/debug/werror", False)


def get_logger(logger_name, short_name=None, udebug_facility=ud.LISTENER):
    logger = logging.getLogger(logger_name)
    if not any(map(lambda x: isinstance(x, UDebugHandler), logger.handlers)):
        handler = UDebugHandler(udebug_facility=udebug_facility)
        handler.set_name(short_name or logger_name)
        handler.setFormatter(LevelDependentFormatter())
        handler.setLevel(logging.DEBUG)
        logger.addHandler(handler)
        logger.setLevel(logging.DEBUG)
    return logger


class LevelDependentFormatter(logging.Formatter):
Esempio n. 18
0
IMPORT_USER_DATA_DIR = '/var/lib/ucs-school-import'
SHARE_DIR = '/usr/share/ucs-school-import-http-api'
VAR_LIB_DIR = '/var/lib/ucs-school-import-http-api'
SPOOL_DIR = '/var/spool/ucs-school-import'

POSTGRES_USER = '******'
POSTGRES_DB = 'importhttpapi'
POSTGRES_HOST = 'localhost'
POSTGRES_PORT = '5432'
RABBITMQ_VHOST = "importhttpapi"

with open(os.path.join(CONF_DIR, 'django_key.secret'), 'rb') as fp:
    SECRET_KEY = fp.read().strip()

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = ucr.is_true('ucsschool/import/http_api/django_debug')

if 'ucsschool/import/http_api/ALLOWED_HOSTS' in ucr:
    ALLOWED_HOSTS = [
        h.strip()
        for h in ucr.get('ucsschool/import/http_api/ALLOWED_HOSTS').split(',')
    ]
else:
    ALLOWED_HOSTS = [
        '127.0.0.1', 'localhost', '{}.{}'.format(ucr['hostname'],
                                                 ucr['domainname'])
    ]
    for k, v in ucr.items():
        if re.match(r'^interfaces/.*/address$', k):
            ALLOWED_HOSTS.append(v)
     },
 },
 "attribute_map_dir":
 os.path.dirname(saml2.attributemaps.__file__),
 "key_file":
 "/etc/univention/ssl/%s/private.key" % (fqdn, ),
 "cert_file":
 "/etc/univention/ssl/%s/cert.pem" % (fqdn, ),
 "xmlsec_binary":
 "/usr/bin/xmlsec1",
 "metadata": {
     "local":
     glob.glob('/usr/share/univention-management-console/saml/idp/*.xml'),
 },
 "debug":
 ucr.is_true('umc/saml/debug', False),
 "contact_person": [{
     "givenname":
     ucr.get('umc/saml/contact-person/%s/givenname' % (type_, ), ''),
     "surname":
     ucr.get('umc/saml/contact-person/%s/surname' % (type_, ), ''),
     "company":
     ucr.get('umc/saml/contact-person/%s/company' % (type_, ), ''),
     "mail": [
         x.strip()
         for x in ucr.get('umc/saml/contact-person/%s/mail' %
                          (type_, ), '').split(',') if x.strip()
     ],
     "type":
     type_,
 } for type_ in ('technical', 'administrative')