def log_set_level(level=0):
"""Sets the log level for all components.
:param int level: log level to set
"""
for component in COMPONENTS:
ud.set_level(component, level)
def main(cls):
parser = argparse.ArgumentParser(
prog='python -m univention.admin.rest.server')
parser.add_argument('-d', '--debug', type=int, default=2)
args = parser.parse_args()
ud.init('stdout', ud.FLUSH, ud.NO_FUNCTION)
ud.set_level(ud.MAIN, args.debug)
tornado.httpclient.AsyncHTTPClient.configure(
'tornado.curl_httpclient.CurlAsyncHTTPClient')
tornado.locale.load_gettext_translations(
'/usr/share/locale', 'univention-management-console-module-udm')
cls.start_processes()
cls.register_signal_handlers()
app = tornado.web.Application(
[
(r'.*', cls),
],
serve_traceback=ucr.is_true(
'directory/manager/rest/show-tracebacks', True),
)
app.listen(
int(ucr.get('directory/manager/rest/server/port', 9979)),
ucr.get('directory/manager/rest/server/address', '127.0.0.1'))
ioloop = tornado.ioloop.IOLoop.instance()
ioloop.start()
def log_set_level(level=0):
"""Sets the log level for all components.
:param int level: log level to set
"""
for component in COMPONENTS:
ud.set_level(component, level)
def setup_logging(opt, ucr):
# type: (Namespace, ConfigRegistry) -> IO[str]
ud.init(LOGNAME, 0, 0)
try:
loglevel = int(ucr.get('update/debug/level', opt.verbose))
except ValueError:
loglevel = opt.verbose
ud.set_level(ud.NETWORK, loglevel)
if opt.silent:
global nostdout
nostdout = True
return open(LOGNAME, 'a+')
def test_level(name, parse, tmplog):
level = getattr(ud, name)
ud.set_level(ud.MAIN, level)
assert level == ud.get_level(ud.MAIN)
ud.debug(ud.MAIN, ud.ERROR, "Error in main: %%%")
ud.debug(ud.MAIN, ud.WARN, "Warning in main: %%%")
ud.debug(ud.MAIN, ud.PROCESS, "Process in main: %%%")
ud.debug(ud.MAIN, ud.INFO, "Information in main: %%%")
ud.debug(ud.MAIN, ud.ALL, "All in main: %%%")
ud.exit()
output = tmplog.read()
assert [groups['level'] for typ, groups in parse(output)
if typ == 'msg'] == LEVEL[:1 + LEVEL.index(name)]
def initialize_debug():
# Use a little hack to determine if univention.debug has been initialized
# get_level(..) returns always ud.ERROR if univention.debug is not initialized
oldLevel = ud1.get_level(ud1.ADMIN)
if oldLevel == ud1.PROCESS:
ud1.set_level(ud1.ADMIN, ud1.DEBUG)
is_ready = (ud1.get_level(ud1.ADMIN) == ud1.DEBUG)
else:
ud1.set_level(ud1.ADMIN, ud1.PROCESS)
is_ready = (ud1.get_level(ud1.ADMIN) == ud1.PROCESS)
if not is_ready:
ud1.init('/var/log/univention/directory-manager-cmd.log', ud1.FLUSH, 0)
ud1.set_level(ud1.LDAP, ud1.PROCESS)
ud1.set_level(ud1.ADMIN, ud1.PROCESS)
else:
ud1.set_level(ud1.ADMIN, oldLevel)
def doit(arglist):
ud.init('/var/log/univention/directory-manager-cmd.log', 1, 1)
out = []
opts, args = getopt.getopt(arglist[1:], '', ['binddn=', 'pwdfile=', 'user='******'pwd='])
binddn = None
pwdfile = None
user = None
pwd = None
for opt, val in opts:
if opt == '--binddn':
binddn = val
elif opt == '--pwdfile':
pwdfile = val
elif opt == '--user':
user = val
elif opt == '--pwd':
pwd = val
ud.set_level(ud.LDAP, ud.ALL)
ud.set_level(ud.ADMIN, ud.ALL)
configRegistry = univention.config_registry.ConfigRegistry()
configRegistry.load()
baseDN = configRegistry['ldap/base']
bindpw = open(pwdfile).read()
if bindpw[-1] == '\n' or bindpw[-1] == '\r':
bindpw = bindpw[0:-1]
ud.debug(ud.ADMIN, ud.WARN, 'binddn: %s; bindpwd: *************' % (binddn))
try:
lo = univention.admin.uldap.access(host=configRegistry['ldap/master'], port=int(configRegistry.get('ldap/master/port', '7389')), base=baseDN, binddn=binddn, bindpw=bindpw, start_tls=2)
except Exception, e:
ud.debug(ud.ADMIN, ud.WARN, 'authentication error: %s' % str(e))
out.append('authentication error: %s' % e)
return out
def doit(arglist):
ud.init('/var/log/univention/directory-manager-cmd.log', ud.FLUSH, ud.FUNCTION)
out = []
opts, args = getopt.getopt(arglist[1:], '', ['binddn=', 'pwdfile=', 'user='******'pwd='])
binddn = None
pwdfile = None
user = None
pwd = None
for opt, val in opts:
if opt == '--binddn':
binddn = val
elif opt == '--pwdfile':
pwdfile = val
elif opt == '--user':
user = val
elif opt == '--pwd':
pwd = val
ud.set_level(ud.LDAP, ud.ALL)
ud.set_level(ud.ADMIN, ud.ALL)
configRegistry = univention.config_registry.ConfigRegistry()
configRegistry.load()
baseDN = configRegistry['ldap/base']
with open(pwdfile) as fd:
bindpw = fd.read().rstrip()
ud.debug(ud.ADMIN, ud.WARN, 'binddn: %s; bindpwd: *************' % (binddn,))
try:
lo = univention.admin.uldap.access(host=configRegistry['ldap/master'], port=int(configRegistry.get('ldap/master/port', '7389')), base=baseDN, binddn=binddn, bindpw=bindpw, start_tls=2)
except Exception as exc:
ud.debug(ud.ADMIN, ud.WARN, 'authentication error: %s' % (exc,))
out.append('authentication error: %s' % (exc,))
return out
if isinstance(user, bytes): # python 2
user = user.decode('utf-8')
if configRegistry.get('samba/charset/unix', 'utf8') in ['utf8', 'latin']:
ud.debug(ud.ADMIN, ud.INFO, 'univention-passwd: known charset given: %s' % configRegistry.get('samba/charset/unix'))
if not isinstance(pwd, bytes): # python 3
pwd = pwd.encode('UTF-8')
pwd = pwd.decode(configRegistry.get('samba/charset/unix', 'utf8'))
else:
ud.debug(ud.ADMIN, ud.INFO, 'univention-passwd: unknown charset given, try fallback')
if isinstance(pwd, bytes): # python 2
pwd = pwd.decode('utf-8')
try:
dn = lo.searchDn(filter=filter_format(u'(&(uid=%s)(|(objectClass=posixAccount)(objectClass=sambaSamAccount)(objectClass=person)))', [user]), base=baseDN, unique=True)
position = univention.admin.uldap.position(baseDN)
module = univention.admin.modules.get('users/user')
univention.admin.modules.init(lo, position, module)
object = univention.admin.objects.get(module, None, lo, position=position, dn=dn[0])
object.open()
# hack, to prevent that attributes belonging to the samba option are changed; Bug #41530
if 'samba' in object.options:
object.options.remove('samba')
object.old_options.remove('samba')
object._ldap_object_classes = lambda ml: ml
object['password'] = pwd
ud.debug(ud.ADMIN, ud.INFO, 'univention-passwd: passwd set, modify object')
dn = object.modify()
out.append('password changed')
ud.debug(ud.ADMIN, ud.INFO, 'univention-passwd: password changed')
except univention.admin.uexceptions.pwalreadyused:
out.append('passwd error: password already used')
return out
except Exception as exc:
ud.debug(ud.ADMIN, ud.WARN, 'passwd error: %s' % (exc,))
out.append('passwd error: %s' % (exc,))
return out
try:
# check for local ldap server connection
if configRegistry.is_true('ldap/replication/preferredpassword'):
if configRegistry.get('ldap/server/type') == 'slave':
if os.path.exists('/etc/ldap/rootpw.conf'):
lo = univention.admin.uldap.access(lo=univention.uldap.getRootDnConnection())
dn = lo.searchDn(filter=filter_format(u'(&(uid=%s)(|(objectClass=posixAccount)(objectClass=sambaSamAccount)(objectClass=person)))', [user]), base=baseDN, unique=True)
position = univention.admin.uldap.position(baseDN)
module = univention.admin.modules.get('users/user')
univention.admin.modules.init(lo, position, module)
object = univention.admin.objects.get(module, None, lo, position=position, dn=dn[0])
object.open()
object['password'] = pwd
ud.debug(ud.ADMIN, ud.INFO, 'univention-passwd: passwd set, modify object')
object['overridePWHistory'] = '1'
object['overridePWLength'] = '1'
dn = object.modify()
ud.debug(ud.ADMIN, ud.INFO, 'univention-passwd: password changed')
except Exception as exc:
ud.debug(ud.ADMIN, ud.WARN, 'passwd error: %s' % (exc,))
return out
## exposure: dangerous
## roles: [domaincontroller_master]
## tags: [udm_api, skip_admember]
## packages: [python-univention-directory-manager]
## bugs: [51184]
from __future__ import print_function
from unittest import main, TestCase
import univention.debug as ud
from univention.testing.strings import random_username
from univention.udm import UDM
from univention.udm.exceptions import DeleteError
ud.init('/var/log/univention/directory-manager-cmd.log', ud.FLUSH, 0)
ud.set_level(ud.ADMIN, ud.ALL)
class TestEncoders(TestCase):
user_objects = []
@classmethod
def setUpClass(cls):
cls.udm = UDM.admin().version(2)
@classmethod
def tearDownClass(cls):
for obj in cls.user_objects:
try:
obj.delete()
print('tearDownClass(): Deleted {!r}.'.format(obj))
result = self.m.list_local_repositories(end=ver)
self.assertEqual(len(result), 1)
self.assertDeepEqual(result,
[_ for _ in self.repos if _[1] <= ver and _[2]])
def test_maintained(self):
"""Test maintained off."""
result = self.m.list_local_repositories(maintained=False)
self.assertEqual(len(result), 0)
self.assertEqual(result, [])
def test_unmaintained(self):
"""Test unmaintained on."""
result = self.m.list_local_repositories(unmaintained=True)
self.assertEqual(len(result), 6)
# Check sorted by version
self.assertDeepEqual([_[1] for _ in result],
[_[1] for _ in self.repos])
self.assertDeepEqual(sorted(result), sorted(self.repos))
if __name__ == '__main__':
if False:
import univention.debug as ud
ud.init('stderr', ud.NO_FUNCTION, ud.NO_FLUSH)
ud.set_level(ud.NETWORK, ud.ALL + 1)
if False:
import logging
logging.basicConfig(level=logging.DEBUG)
unittest.main()
self.assertEqual((server, struct, 'preup', preup_path, 'preup_content'), gen.next())
self.assertEqual((server, struct, 'postup', postup_path, 'postup_content'), gen.next())
self.assertRaises(StopIteration, gen.next)
def test_get_sh_files_bug27149(self):
"""Test preup.sh / postup.sh download for non-architecture component."""
server = MockUCSHttpServer('server')
struct = U.UCSRepoPoolNoArch(major=MAJOR, minor=MINOR, part='%s/component' % (PART,), patch='a')
preup_path = struct.path('preup.sh')
server.mock_add(preup_path, 'preup_content')
postup_path = struct.path('postup.sh')
server.mock_add(postup_path, 'postup_content')
repo = ((server, struct),)
gen = U.UniventionUpdater.get_sh_files(repo)
self.assertEqual((server, struct, 'preup', preup_path, 'preup_content'), gen.next())
self.assertEqual((server, struct, 'postup', postup_path, 'postup_content'), gen.next())
self.assertRaises(StopIteration, gen.next)
if __name__ == '__main__':
if False:
import univention.debug as ud
ud.init('stderr', ud.NO_FUNCTION, ud.NO_FLUSH)
ud.set_level(ud.NETWORK, ud.ALL+1)
if False:
import logging
logging.basicConfig(level=logging.DEBUG)
unittest.main()
def _doit(arglist):
out = []
# parse module and action
if len(arglist) < 2:
return usage() + ["OPERATION FAILED"]
module_name = arglist[1]
if module_name in ['-h', '--help', '-?']:
return usage()
if module_name == '--version':
return version()
if module_name == 'modules':
return list_available_modules()
remove_referring = 0
recursive = 1
# parse options
longopts = ['position=', 'dn=', 'set=', 'append=', 'remove=', 'superordinate=', 'option=', 'append-option=', 'remove-option=', 'filter=', 'tls=', 'ignore_exists', 'ignore_not_exists', 'logfile=', 'policies=', 'binddn=', 'bindpwd=', 'bindpwdfile=', 'policy-reference=', 'policy-dereference=', 'remove_referring', 'recursive']
try:
opts, args = getopt.getopt(arglist[3:], '', longopts)
except getopt.error as msg:
out.append(str(msg))
return out + ["OPERATION FAILED"]
if not args == [] and isinstance(args, list):
msg = "WARNING: the following arguments are ignored:"
for argument in args:
msg = '%s "%s"' % (msg, argument)
out.append(msg)
position_dn = ''
dn = ''
binddn = None
bindpwd = None
list_policies = False
policies_with_DN = False
policyOptions = []
logfile = '/var/log/univention/directory-manager-cmd.log'
tls = 2
ignore_exists = 0
ignore_not_exists = False
superordinate_dn = ''
parsed_append_options = []
parsed_remove_options = []
parsed_options = []
filter = ''
input = {}
append = {}
remove = {}
policy_reference = []
policy_dereference = []
for opt, val in opts:
if opt == '--position':
position_dn = _2utf8(val)
elif opt == '--logfile':
logfile = val
elif opt == '--policies':
list_policies = True
if val == "1":
policies_with_DN = True
else:
policyOptions = ['-s']
elif opt == '--binddn':
binddn = val
elif opt == '--bindpwd':
bindpwd = val
elif opt == '--bindpwdfile':
try:
with open(val) as fp:
bindpwd = fp.read().strip()
except IOError as e:
out.append('E: could not read bindpwd from file (%s)' % str(e))
return out + ['OPERATION FAILED']
elif opt == '--dn':
dn = _2utf8(val)
elif opt == '--tls':
tls = val
elif opt == '--ignore_exists':
ignore_exists = 1
elif opt == '--ignore_not_exists':
ignore_not_exists = True
elif opt == '--superordinate':
superordinate_dn = val
elif opt == '--option':
parsed_options.append(val)
elif opt == '--append-option':
parsed_append_options.append(val)
elif opt == '--remove-option':
parsed_remove_options.append(val)
elif opt == '--filter':
ldapFilter.parse(val)
filter = val
elif opt == '--policy-reference':
policy_reference.append(val)
elif opt == '--policy-dereference':
policy_dereference.append(val)
if logfile:
ud.init(logfile, 1, 0)
else:
out.append("WARNING: no logfile specified")
configRegistry = univention.config_registry.ConfigRegistry()
configRegistry.load()
co = None
baseDN = configRegistry['ldap/base']
if configRegistry.get('directory/manager/cmd/debug/level'):
debug_level = configRegistry['directory/manager/cmd/debug/level']
else:
debug_level = 0
ud.set_level(ud.LDAP, int(debug_level))
ud.set_level(ud.ADMIN, int(debug_level))
if binddn and bindpwd:
ud.debug(ud.ADMIN, ud.INFO, "using %s account" % binddn)
try:
lo = univention.admin.uldap.access(host=configRegistry['ldap/master'], port=int(configRegistry.get('ldap/master/port', '7389')), base=baseDN, binddn=binddn, start_tls=tls, bindpw=bindpwd)
except Exception as e:
ud.debug(ud.ADMIN, ud.WARN, 'authentication error: %s' % str(e))
out.append('authentication error: %s' % str(e))
return out + ["OPERATION FAILED"]
policyOptions.extend(['-D', binddn, '-w', bindpwd]) # FIXME not so nice
else:
if os.path.exists('/etc/ldap.secret'):
ud.debug(ud.ADMIN, ud.INFO, "using cn=admin,%s account" % baseDN)
secretFileName = '/etc/ldap.secret'
binddn = 'cn=admin,' + baseDN
policyOptions.extend(['-D', binddn, '-y', secretFileName])
elif os.path.exists('/etc/machine.secret'):
ud.debug(ud.ADMIN, ud.INFO, "using %s account" % configRegistry['ldap/hostdn'])
secretFileName = '/etc/machine.secret'
binddn = configRegistry['ldap/hostdn']
policyOptions.extend(['-D', binddn, '-y', secretFileName])
try:
secretFile = open(secretFileName, 'r')
except IOError:
out.append('E: Permission denied, try --binddn and --bindpwd')
return out + ["OPERATION FAILED"]
pwdLine = secretFile.readline()
pwd = re.sub('\n', '', pwdLine)
try:
lo = univention.admin.uldap.access(host=configRegistry['ldap/master'], port=int(configRegistry.get('ldap/master/port', '7389')), base=baseDN, binddn=binddn, bindpw=pwd, start_tls=tls)
except Exception as e:
ud.debug(ud.ADMIN, ud.WARN, 'authentication error: %s' % str(e))
out.append('authentication error: %s' % str(e))
return out + ["OPERATION FAILED"]
if not position_dn and superordinate_dn:
position_dn = superordinate_dn
elif not position_dn:
position_dn = baseDN
try:
position = univention.admin.uldap.position(baseDN)
position.setDn(position_dn)
except univention.admin.uexceptions.noObject:
out.append('E: Invalid position')
return out + ["OPERATION FAILED"]
try:
module = univention.admin.modules.get(module_name)
except:
out.append("failed to get module %s." % module_name)
out.append("")
return list_available_modules(out) + ["OPERATION FAILED"]
if not module:
out.append("unknown module %s." % module_name)
out.append("")
return list_available_modules(out) + ["OPERATION FAILED"]
# initialise modules
if module_name == 'settings/usertemplate':
univention.admin.modules.init(lo, position, univention.admin.modules.get('users/user'))
univention.admin.modules.init(lo, position, module)
information = module_information(module)
superordinate = None
if superordinate_dn and univention.admin.modules.superordinate(module):
# the superordinate itself also has a superordinate, get it!
superordinate = univention.admin.objects.get_superordinate(module, None, lo, superordinate_dn)
if superordinate is None:
out.append('E: %s is not a superordinate for %s.' % (superordinate_dn, univention.admin.modules.name(module)))
return out + ["OPERATION FAILED"]
if len(arglist) == 2:
out = usage() + module_usage(information)
return out + ["OPERATION FAILED"]
action = arglist[2]
if len(arglist) == 3 and action != 'list':
out = usage() + module_usage(information, action)
return out + ["OPERATION FAILED"]
for opt, val in opts:
if opt == '--set':
pos = val.find('=')
name = val[:pos]
value = _2utf8(val[pos + 1:])
was_set = 0
for mod, (properties, options) in information.items():
if name in properties:
if properties[name].multivalue:
if name not in input:
input[name] = []
was_set = 1
if value:
input[name].append(value)
was_set = 1
else:
input[name] = value
was_set = 1
if not was_set:
out.append("WARNING: No attribute with name '%s' in this module, value not set." % name)
elif opt == '--append':
pos = val.find('=')
name = val[:pos]
value = _2utf8(val[pos + 1:])
was_set = 0
for mod, (properties, options) in information.items():
if name in properties:
if properties[name].multivalue:
if name not in append:
append[name] = []
if value:
append[name].append(value)
was_set = 1
else:
append[name] = value
was_set = 1
if not was_set:
out.append("WARNING: No attribute with name %s in this module, value not appended." % name)
elif opt == '--remove':
pos = val.find('=')
if pos == -1:
name = val
value = None
else:
name = val[:pos]
value = _2utf8(val[pos + 1:])
was_set = False
for mod, (properties, options) in information.items():
if name in properties:
was_set = True
if properties[name].multivalue:
if value is None:
remove[name] = value
elif value:
remove.setdefault(name, [])
if remove[name] is not None:
remove[name].append(value)
else:
remove[name] = value
if not was_set:
out.append("WARNING: No attribute with name %s in this module, value not removed." % name)
elif opt == '--remove_referring':
remove_referring = 1
elif opt == '--recursive':
recursive = 1
#+++# ACTION CREATE #+++#
if action == 'create' or action == 'new':
if hasattr(module, 'operations') and module.operations:
if 'add' not in module.operations:
out.append('Create %s not allowed' % module_name)
return out + ["OPERATION FAILED"]
try:
object = module.object(co, lo, position=position, superordinate=superordinate)
except univention.admin.uexceptions.insufficientInformation as exc:
out.append('E: Insufficient information: %s' % (exc,))
return out + ["OPERATION FAILED"]
if parsed_options:
object.options = parsed_options
for option in parsed_append_options:
object.options.append(option)
for option in parsed_remove_options:
try:
object.option.remove(option)
except ValueError:
pass
object.open()
exists = 0
try:
out.extend(object_input(module, object, input, append=append))
except univention.admin.uexceptions.nextFreeIp:
if not ignore_exists:
out.append('E: No free IP address found')
return out + ['OPERATION FAILED']
except univention.admin.uexceptions.valueInvalidSyntax as err:
out.append('E: Invalid Syntax: %s' % err)
return out + ["OPERATION FAILED"]
default_containers = object.get_default_containers(lo)
if default_containers and position.isBase() and not any(lo.compare_dn(default_container, position.getDn()) for default_container in default_containers):
out.append('WARNING: The object is not going to be created underneath of its default containers.')
object.policy_reference(*policy_reference)
exists = 0
exists_msg = None
created = False
try:
dn = object.create()
created = True
except univention.admin.uexceptions.objectExists as exc:
exists_msg = '%s' % (exc,)
dn = exc.args[0]
if not ignore_exists:
out.append('E: Object exists: %s' % exists_msg)
return out + ["OPERATION FAILED"]
else:
exists = 1
except univention.admin.uexceptions.uidAlreadyUsed as user:
exists_msg = '(uid) %s' % user
if not ignore_exists:
out.append('E: Object exists: %s' % exists_msg)
return out + ["OPERATION FAILED"]
else:
exists = 1
except univention.admin.uexceptions.groupNameAlreadyUsed as group:
exists_msg = '(group) %s' % group
if not ignore_exists:
out.append('E: Object exists: %s' % exists_msg)
return out + ["OPERATION FAILED"]
else:
exists = 1
except univention.admin.uexceptions.dhcpServerAlreadyUsed as name:
exists_msg = '(dhcpserver) %s' % name
if not ignore_exists:
out.append('E: Object exists: %s' % exists_msg)
return out + ["OPERATION FAILED"]
else:
exists = 1
except univention.admin.uexceptions.macAlreadyUsed as mac:
exists_msg = '(mac) %s' % mac
if not ignore_exists:
out.append('E: Object exists: %s' % exists_msg)
return out + ["OPERATION FAILED"]
else:
exists = 1
except univention.admin.uexceptions.noLock as e:
exists_msg = '(nolock) %s' % (e,)
if not ignore_exists:
out.append('E: Object exists: %s' % exists_msg)
return out + ["OPERATION FAILED"]
else:
exists = 1
except univention.admin.uexceptions.invalidDhcpEntry:
out.append('E: The DHCP entry for this host should contain the zone dn, the ip address and the mac address.')
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.invalidOptions as e:
out.append('E: invalid Options: %s' % e)
if not ignore_exists:
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.insufficientInformation as exc:
out.append('E: Insufficient information: %s' % (exc,))
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.noObject as e:
out.append('E: object not found: %s' % e)
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.circularGroupDependency as e:
out.append('E: circular group dependency detected: %s' % e)
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.invalidChild as e:
out.append('E: %s' % e)
return out + ["OPERATION FAILED"]
if exists == 1:
if exists_msg:
out.append('Object exists: %s' % exists_msg)
else:
out.append('Object exists')
elif created:
out.append('Object created: %s' % _2utf8(dn))
#+++# ACTION MODIFY #+++#
elif action == 'modify' or action == 'edit' or action == 'move':
if not dn:
out.append('E: DN is missing')
return out + ["OPERATION FAILED"]
object_modified = 0
if hasattr(module, 'operations') and module.operations:
if 'edit' not in module.operations:
out.append('Modify %s not allowed' % module_name)
return out + ["OPERATION FAILED"]
try:
object = univention.admin.objects.get(module, co, lo, position='', dn=dn)
except univention.admin.uexceptions.noObject:
out.append('E: object not found')
return out + ["OPERATION FAILED"]
object.open()
if action == 'move':
if hasattr(module, 'operations') and module.operations:
if 'move' not in module.operations:
out.append('Move %s not allowed' % module_name)
return out + ["OPERATION FAILED"]
if not position_dn:
out.append("need new position for moving object")
else:
try: # check if destination exists
lo.get(position_dn, required=True)
except (univention.admin.uexceptions.noObject, ldap.INVALID_DN_SYNTAX):
out.append("position does not exists: %s" % position_dn)
return out + ["OPERATION FAILED"]
rdn = ldap.dn.dn2str([ldap.dn.str2dn(dn)[0]])
newdn = "%s,%s" % (rdn, position_dn)
try:
object.move(newdn)
object_modified += 1
except univention.admin.uexceptions.noObject:
out.append('E: object not found')
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.ldapError as msg:
out.append("ldap Error: %s" % msg)
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.nextFreeIp:
out.append('E: No free IP address found')
return out + ['OPERATION FAILED']
except univention.admin.uexceptions.valueInvalidSyntax as err:
out.append('E: Invalid Syntax: %s' % err)
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.invalidOperation as msg:
out.append(str(msg))
return out + ["OPERATION FAILED"]
else: # modify
if (len(input) + len(append) + len(remove) + len(parsed_append_options) + len(parsed_remove_options) + len(parsed_options) + len(policy_reference) + len(policy_dereference)) > 0:
if parsed_options:
object.options = parsed_options
for option in parsed_append_options:
object.options.append(option)
for option in parsed_remove_options[:]:
try:
object.options.remove(option)
except ValueError:
parsed_remove_options.remove(option)
out.append('WARNING: option %r is not set. Ignoring.' % (option,))
try:
out.extend(object_input(module, object, input, append, remove))
except univention.admin.uexceptions.valueMayNotChange as e:
out.append(unicode(e[0]))
return out + ["OPERATION FAILED"]
object.policy_reference(*policy_reference)
object.policy_dereference(*policy_dereference)
if object.hasChanged(input.keys()) or object.hasChanged(append.keys()) or object.hasChanged(remove.keys()) or parsed_append_options or parsed_remove_options or parsed_options or object.policiesChanged():
try:
dn = object.modify()
object_modified += 1
except univention.admin.uexceptions.noObject:
out.append('E: object not found')
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.invalidDhcpEntry:
out.append('E: The DHCP entry for this host should contain the zone dn, the ip address and the mac address.')
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.circularGroupDependency as e:
out.append('E: circular group dependency detected: %s' % e)
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.valueInvalidSyntax as e:
out.append('E: Invalid Syntax: %s' % e)
return out + ["OPERATION FAILED"]
if object_modified > 0:
out.append('Object modified: %s' % _2utf8(dn))
else:
out.append('No modification: %s' % _2utf8(dn))
elif action == 'remove' or action == 'delete':
if hasattr(module, 'operations') and module.operations:
if 'remove' not in module.operations:
out.append('Remove %s not allowed' % module_name)
return out + ["OPERATION FAILED"]
try:
if dn and filter:
object = univention.admin.modules.lookup(module, co, lo, scope='sub', superordinate=superordinate, base=dn, filter=filter, required=True, unique=True)[0]
elif dn:
object = univention.admin.modules.lookup(module, co, lo, scope='base', superordinate=superordinate, base=dn, filter=filter, required=True, unique=True)[0]
elif filter:
object = univention.admin.modules.lookup(module, co, lo, scope='sub', superordinate=superordinate, base=position.getDn(), filter=filter, required=True, unique=True)[0]
else:
out.append('E: dn or filter needed')
return out + ["OPERATION FAILED"]
except (univention.admin.uexceptions.noObject, IndexError):
if ignore_not_exists:
out.append('Object not found: %s' % _2utf8(dn or filter))
return out
out.append('E: object not found')
return out + ["OPERATION FAILED"]
object.open()
if remove_referring and univention.admin.objects.wantsCleanup(object):
univention.admin.objects.performCleanup(object)
if recursive:
try:
object.remove(recursive)
except univention.admin.uexceptions.ldapError as msg:
out.append(str(msg))
return out + ["OPERATION FAILED"]
else:
try:
object.remove()
except univention.admin.uexceptions.primaryGroupUsed:
out.append('E: object in use')
return out + ["OPERATION FAILED"]
out.append('Object removed: %s' % _2utf8(dn or object.dn))
elif action == 'list' or action == 'lookup':
if hasattr(module, 'operations') and module.operations:
if 'search' not in module.operations:
out.append('Search %s not allowed' % module_name)
return out + ["OPERATION FAILED"]
out.append(_2utf8(filter))
try:
for object in univention.admin.modules.lookup(module, co, lo, scope='sub', superordinate=superordinate, base=position.getDn(), filter=filter):
out.append('DN: %s' % _2utf8(univention.admin.objects.dn(object)))
if (hasattr(module, 'virtual') and not module.virtual) or not hasattr(module, 'virtual'):
object.open()
for key, value in sorted(object.items()):
if key == 'sambaLogonHours':
# returns a list, which breaks things here
# better show the bit string. See Bug #33703
value = module.mapping.mapValue(key, value)
s = module.property_descriptions[key].syntax
if module.property_descriptions[key].multivalue:
for v in value:
if s.tostring(v):
out.append(' %s: %s' % (_2utf8(key), _2utf8(s.tostring(v))))
else:
out.append(' %s: %s' % (_2utf8(key), None))
else:
if s.tostring(value):
if module.module == 'settings/portal' and key == 'content':
out.append(' %s:\n %s' % (_2utf8(key), _2utf8(s.tostring(value).replace('\n', '\n '))))
else:
out.append(' %s: %s' % (_2utf8(key), _2utf8(s.tostring(value))))
else:
out.append(' %s: %s' % (_2utf8(key), None))
if 'univentionPolicyReference' in lo.get(univention.admin.objects.dn(object), ['objectClass'])['objectClass']:
references = lo.get(_2utf8(univention.admin.objects.dn(object)), ['univentionPolicyReference'])
if references:
for el in references['univentionPolicyReference']:
out.append(' %s: %s' % ('univentionPolicyReference', _2utf8(s.tostring(el))))
if list_policies:
utf8_objectdn = _2utf8(univention.admin.objects.dn(object))
p1 = subprocess.Popen(['univention_policy_result'] + policyOptions + [utf8_objectdn], stdout=subprocess.PIPE)
policyResults = p1.communicate()[0].split('\n')
out.append(" Policy-based Settings:")
policy = ''
attribute = ''
value = []
client = {}
for line in policyResults:
line = line.strip()
if not line or line.startswith("DN: ") or line.startswith("POLICY "):
continue
out.append(" %s" % line)
if not policies_with_DN:
ckey, cval = line.split('=', 1)
client.setdefault(ckey, []).append(cval)
continue
ckey, cval = line.split(': ', 1)
if ckey == 'Policy':
if policy:
client[attribute] = [policy, value]
value = []
policy = cval
elif ckey == 'Attribute':
attribute = cval
elif ckey == 'Value':
value.append(cval)
if policies_with_DN:
client[attribute] = [policy, value]
value = []
out.append('')
if module_name == 'dhcp/host':
subnet_module = univention.admin.modules.get('dhcp/subnet')
# TODO: sharedsubnet_module = univention.admin.modules.get('dhcp/sharedsubnet')
ips = object['fixedaddress']
for ip in ips:
for subnet in univention.admin.modules.lookup(subnet_module, co, lo, scope='sub', superordinate=superordinate, base=superordinate_dn, filter=''):
if univention.admin.ipaddress.ip_is_in_network(subnet['subnet'], subnet['subnetmask'], ip):
utf8_subnet_dn = _2utf8(subnet.dn)
p1 = subprocess.Popen(['univention_policy_result'] + policyOptions + [utf8_subnet_dn], stdout=subprocess.PIPE)
policyResults = p1.communicate()[0].split('\n')
out.append(" Subnet-based Settings:")
ddict = {}
policy = ''
value = []
for line in policyResults:
if not (line.strip() == "" or line.strip()[:4] == "DN: " or line.strip()[:7] == "POLICY "):
out.append(" %s" % line.strip())
if policies_with_DN:
subsplit = string.split(line.strip(), ': ')
if subsplit[0] == 'Policy':
if policy:
ddict[attribute] = [policy, value]
value = []
policy = subsplit[1]
elif subsplit[0] == 'Attribute':
attribute = subsplit[1]
elif subsplit[0] == 'Value':
value.append(subsplit[1])
else:
subsplit = string.split(line.strip(), '=')
if subsplit[0] not in ddict:
ddict[subsplit[0]] = []
ddict[subsplit[0]].append(subsplit[1])
out.append('')
if policies_with_DN:
ddict[attribute] = [policy, value]
value = []
out.append(" Merged Settings:")
for key in ddict.keys():
if key not in client:
client[key] = ddict[key]
if policies_with_DN:
for key in client.keys():
out.append(" Policy: " + client[key][0])
out.append(" Attribute: " + key)
for i in range(0, len(client[key][1])):
out.append(" Value: " + client[key][1][i])
else:
for key in client.keys():
for i in range(0, len(client[key])):
out.append(" %s=%s" % (key, client[key][i]))
out.append('')
out.append('')
except univention.admin.uexceptions.ldapError as errmsg:
out.append('%s' % str(errmsg))
return out + ["OPERATION FAILED"]
except univention.admin.uexceptions.valueInvalidSyntax as errmsg:
out.append('%s' % str(errmsg.message))
return out + ["OPERATION FAILED"]
else:
out.append("Unknown or no action defined")
out.append('')
usage()
return out + ["OPERATION FAILED"]
return out # nearly the only successful return
if item.pid == service.pid:
item.update(service)
break
else:
self.append(service)
def usage():
print('Usage: {} [file]'.format(sys.argv[0]))
print('If no file is given, runs smbstatus and parses its output.')
print('(Test data: /usr/share/ucs-school-lib/smbstatus_testdata.txt)')
if __name__ == '__main__':
ud.init('/var/log/univention/smbstatus.log', 0, 0)
ud.set_level(ud.PARSER, 4)
if len(sys.argv) == 1:
status = SMB_Status()
elif len(sys.argv) == 2:
try:
testdata = open(sys.argv[1], 'rb').read()
except IOError:
print('Error: Cannot read {!r}\n'.format(sys.argv[1]))
usage()
sys.exit(1)
status = SMB_Status(testdata=testdata.split('\n'))
else:
usage()
sys.exit(1)
for process in map(str, status):
print(process)
def _doit(arglist):
out = []
# parse module and action
if len(arglist) < 2:
raise OperationFailed(usage())
module_name = arglist[1]
if module_name in ['-h', '--help', '-?']:
return usage()
if module_name == '--version':
return version()
if module_name == 'modules':
return list_available_modules()
remove_referring = 0
recursive = 1
# parse options
longopts = ['position=', 'dn=', 'set=', 'append=', 'remove=', 'superordinate=', 'option=', 'append-option=', 'remove-option=', 'filter=', 'tls=', 'ignore_exists', 'ignore_not_exists', 'logfile=', 'policies=', 'binddn=', 'bindpwd=', 'bindpwdfile=', 'policy-reference=', 'policy-dereference=', 'remove_referring', 'recursive']
try:
opts, args = getopt.getopt(arglist[3:], '', longopts)
except getopt.error as msg:
raise OperationFailed(out, str(msg))
if args and isinstance(args, list):
msg = "WARNING: the following arguments are ignored:"
for argument in args:
msg = '%s "%s"' % (msg, argument)
out.append(msg)
position_dn = ''
dn = ''
binddn = None
bindpwd = None
list_policies = False
policies_with_DN = False
policyOptions = []
logfile = '/var/log/univention/directory-manager-cmd.log'
tls = 2
ignore_exists = 0
ignore_not_exists = False
superordinate_dn = ''
parsed_append_options = []
parsed_remove_options = []
parsed_options = []
filter = ''
input = {}
append = {}
remove = {}
policy_reference = []
policy_dereference = []
for opt, val in opts:
if opt == '--position':
position_dn = val
elif opt == '--logfile':
logfile = val
elif opt == '--policies':
list_policies = True
if val == "1":
policies_with_DN = True
else:
policyOptions = ['-s']
elif opt == '--binddn':
binddn = val
elif opt == '--bindpwd':
bindpwd = val
elif opt == '--bindpwdfile':
try:
with open(val) as fp:
bindpwd = fp.read().strip()
except IOError as exc:
raise OperationFailed(out, 'E: could not read bindpwd from file (%s)' % (exc,))
elif opt == '--dn':
dn = val
elif opt == '--tls':
tls = val
elif opt == '--ignore_exists':
ignore_exists = 1
elif opt == '--ignore_not_exists':
ignore_not_exists = True
elif opt == '--superordinate':
superordinate_dn = val
elif opt == '--option':
parsed_options.append(val)
elif opt == '--append-option':
parsed_append_options.append(val)
elif opt == '--remove-option':
parsed_remove_options.append(val)
elif opt == '--filter':
ldapFilter.parse(val)
filter = val
elif opt == '--policy-reference':
policy_reference.append(val)
elif opt == '--policy-dereference':
policy_dereference.append(val)
if logfile:
ud.init(logfile, ud.FLUSH, ud.NO_FUNCTION)
else:
out.append("WARNING: no logfile specified")
configRegistry = univention.config_registry.ConfigRegistry()
configRegistry.load()
baseDN = configRegistry['ldap/base']
debug_level = int(configRegistry.get('directory/manager/cmd/debug/level', 0))
ud.set_level(ud.LDAP, debug_level)
ud.set_level(ud.ADMIN, debug_level)
if binddn and bindpwd:
ud.debug(ud.ADMIN, ud.INFO, "using %s account" % binddn)
try:
lo = univention.admin.uldap.access(host=configRegistry['ldap/master'], port=int(configRegistry.get('ldap/master/port', '7389')), base=baseDN, binddn=binddn, start_tls=tls, bindpw=bindpwd)
except Exception as exc:
ud.debug(ud.ADMIN, ud.WARN, 'authentication error: %s' % (exc,))
raise OperationFailed(out, 'authentication error: %s' % (exc,))
policyOptions.extend(['-D', binddn, '-w', bindpwd]) # FIXME not so nice
else:
if os.path.exists('/etc/ldap.secret'):
ud.debug(ud.ADMIN, ud.INFO, "using cn=admin,%s account" % baseDN)
secretFileName = '/etc/ldap.secret'
binddn = 'cn=admin,' + baseDN
policyOptions.extend(['-D', binddn, '-y', secretFileName])
elif os.path.exists('/etc/machine.secret'):
ud.debug(ud.ADMIN, ud.INFO, "using %s account" % configRegistry['ldap/hostdn'])
secretFileName = '/etc/machine.secret'
binddn = configRegistry['ldap/hostdn']
policyOptions.extend(['-D', binddn, '-y', secretFileName])
try:
with open(secretFileName, 'r') as secretFile:
pwd = secretFile.read().strip('\n')
except IOError:
raise OperationFailed(out, 'E: Permission denied, try --binddn and --bindpwd')
try:
lo = univention.admin.uldap.access(host=configRegistry['ldap/master'], port=int(configRegistry.get('ldap/master/port', '7389')), base=baseDN, binddn=binddn, bindpw=pwd, start_tls=tls)
except Exception as exc:
ud.debug(ud.ADMIN, ud.WARN, 'authentication error: %s' % (exc,))
raise OperationFailed(out, 'authentication error: %s' % (exc,))
if not position_dn and superordinate_dn:
position_dn = superordinate_dn
elif not position_dn:
position_dn = baseDN
try:
position = univention.admin.uldap.position(baseDN)
position.setDn(position_dn)
except univention.admin.uexceptions.noObject:
raise OperationFailed(out, 'E: Invalid position')
module = univention.admin.modules.get(module_name)
if not module:
out.append("unknown module %s." % module_name)
out.append("")
raise OperationFailed(list_available_modules(out))
# initialise modules
if module_name == 'settings/usertemplate':
univention.admin.modules.init(lo, position, univention.admin.modules.get('users/user'))
univention.admin.modules.init(lo, position, module)
information = module_information(module)
superordinate = None
if superordinate_dn and univention.admin.modules.superordinate(module):
# the superordinate itself also has a superordinate, get it!
superordinate = univention.admin.objects.get_superordinate(module, None, lo, superordinate_dn)
if superordinate is None:
raise OperationFailed(out, 'E: %s is not a superordinate for %s.' % (superordinate_dn, univention.admin.modules.name(module)))
if len(arglist) == 2:
out = usage() + module_usage(information)
raise OperationFailed(out)
action = arglist[2]
if len(arglist) == 3 and action != 'list':
out = usage() + module_usage(information, action)
raise OperationFailed(out)
for opt, val in opts:
if opt == '--set':
name, delim, value = val.partition('=')
for mod, (properties, options) in information.items():
if name in properties:
if properties[name].multivalue:
input.setdefault(name, [])
if value:
input[name].append(value)
else:
input[name] = value
if name not in input:
out.append("WARNING: No attribute with name '%s' in this module, value not set." % name)
elif opt == '--append':
name, delim, value = val.partition('=')
for mod, (properties, options) in information.items():
if name in properties:
if properties[name].multivalue:
append.setdefault(name, [])
if value:
append[name].append(value)
else:
append[name] = value
if name not in append:
out.append("WARNING: No attribute with name %s in this module, value not appended." % name)
elif opt == '--remove':
name, delim, value = val.partition('=')
value = value or None
for mod, (properties, options) in information.items():
if name in properties:
if properties[name].multivalue:
if value is None:
remove[name] = value
elif value:
remove.setdefault(name, [])
if remove[name] is not None:
remove[name].append(value)
else:
remove[name] = value
if name not in remove:
out.append("WARNING: No attribute with name %s in this module, value not removed." % name)
elif opt == '--remove_referring':
remove_referring = True
elif opt == '--recursive':
recursive = True
cli = CLI(module_name, module, dn, lo, position, superordinate)
if action == 'create' or action == 'new':
out.extend(cli.create(input, append, ignore_exists, parsed_options, parsed_append_options, parsed_remove_options, policy_reference))
elif action == 'modify' or action == 'edit':
out.extend(cli.modify(input, append, remove, parsed_append_options, parsed_remove_options, parsed_options, policy_reference, policy_dereference, ignore_not_exists=ignore_not_exists))
elif action == 'move':
out.extend(cli.move(position_dn))
elif action == 'remove' or action == 'delete':
out.extend(cli.remove(remove_referring=remove_referring, recursive=recursive, ignore_not_exists=ignore_not_exists, filter=filter))
elif action == 'list' or action == 'lookup':
out.extend(cli.list(list_policies, filter, superordinate_dn, policyOptions, policies_with_DN))
else:
out.append("Unknown or no action defined")
out.append('')
raise OperationFailed(out)
return out # nearly the only successful return
action="store_true",
dest="direct_resync",
default=False,
help="Filter the output of univention-ldapsearch through this module")
options = parser.parse_args()
if not options.direct_resync:
parser.error(
"The option --direct-resync is required to run this module directly"
)
sys.exit(1)
ud.init("stderr", ud.NO_FLUSH, ud.NO_FUNCTION)
ucr = ConfigRegistry()
ucr.load()
ud.set_level(ud.LISTENER, int(ucr.get('listener/debug/level', 2)))
cmd = ['/usr/bin/univention-ldapsearch', '-LLL', filter, 'objectClass']
cmd.extend(attributes)
p1 = subprocess.Popen(cmd, stdout=subprocess.PIPE)
(stdout, stderr) = p1.communicate()
class ListenerHandler(LDIFParser):
def __init__(self, input):
LDIFParser.__init__(self, input)
def handle(self, dn, entry):
handler(dn, entry, {}, 'a')
parser = ListenerHandler(io.BytesIO(stdout))
parser.parse()
def test_level_set(tmplog):
ud.set_level(ud.MAIN, ud.PROCESS)
level = ud.get_level(ud.MAIN)
assert level == ud.PROCESS
ud.exit()
def doit(arglist):
ud.init('/var/log/univention/directory-manager-cmd.log', 1, 1)
out = []
opts, args = getopt.getopt(arglist[1:], '',
['binddn=', 'pwdfile=', 'user='******'pwd='])
binddn = None
pwdfile = None
user = None
pwd = None
for opt, val in opts:
if opt == '--binddn':
binddn = val
elif opt == '--pwdfile':
pwdfile = val
elif opt == '--user':
user = val
elif opt == '--pwd':
pwd = val
ud.set_level(ud.LDAP, ud.ALL)
ud.set_level(ud.ADMIN, ud.ALL)
configRegistry = univention.config_registry.ConfigRegistry()
configRegistry.load()
baseDN = configRegistry['ldap/base']
bindpw = open(pwdfile).read()
if bindpw[-1] == '\n' or bindpw[-1] == '\r':
bindpw = bindpw[0:-1]
ud.debug(ud.ADMIN, ud.WARN,
'binddn: %s; bindpwd: *************' % (binddn))
try:
lo = univention.admin.uldap.access(
host=configRegistry['ldap/master'],
port=int(configRegistry.get('ldap/master/port', '7389')),
base=baseDN,
binddn=binddn,
bindpw=bindpw,
start_tls=2)
except Exception as e:
ud.debug(ud.ADMIN, ud.WARN, 'authentication error: %s' % str(e))
out.append('authentication error: %s' % e)
return out
try:
dn = lo.searchDn(filter=unicode(
'(&(uid=%s)(|(objectClass=posixAccount)(objectClass=sambaSamAccount)(objectClass=person)))'
% user, 'utf8'),
base=baseDN,
unique=True)
position = univention.admin.uldap.position(baseDN)
module = univention.admin.modules.get('users/user')
univention.admin.modules.init(lo, position, module)
object = univention.admin.objects.get(module,
None,
lo,
position=position,
dn=dn[0])
object.open()
# hack, to prevent that attributes belonging to the samba option are changed; Bug #41530
if 'samba' in object.options:
object.options.remove('samba')
object.old_options.remove('samba')
object._ldap_object_classes = lambda ml: ml
if 'samba/charset/unix' not in configRegistry:
ud.debug(ud.ADMIN, ud.INFO,
'univention-passwd: no unix-charset given')
object['password'] = unicode(pwd, 'utf8')
elif configRegistry['samba/charset/unix'] in ['utf8', 'latin']:
ud.debug(
ud.ADMIN, ud.INFO,
'univention-passwd: known charset given: %s' %
configRegistry['samba/charset/unix'])
object['password'] = unicode(pwd,
configRegistry['samba/charset/unix'])
else:
ud.debug(ud.ADMIN, ud.INFO,
'univention-passwd: unknown charset given, try fallback')
object['password'] = unicode(pwd)
ud.debug(ud.ADMIN, ud.INFO,
'univention-passwd: passwd set, modify object')
dn = object.modify()
out.append('password changed')
ud.debug(ud.ADMIN, ud.INFO, 'univention-passwd: password changed')
except univention.admin.uexceptions.pwalreadyused:
out.append('passwd error: password already used')
return out
except Exception as e:
ud.debug(ud.ADMIN, ud.WARN, 'passwd error: %s' % e)
out.append('passwd error: %s' % e)
return out
try:
# check for local ldap server connection
if configRegistry.is_true('ldap/replication/preferredpassword'):
if configRegistry.get('ldap/server/type') == 'slave':
if os.path.exists('/etc/ldap/rootpw.conf'):
bindpw = open('/etc/ldap/rootpw.conf').read()
bindpw = bindpw.split(' ')[1].strip('\n\r"')
lo = univention.admin.uldap.access(
host='%s.%s' % (configRegistry['hostname'],
configRegistry['domainname']),
base=baseDN,
binddn='cn=update,%s' % (baseDN),
bindpw=bindpw,
start_tls=2)
dn = lo.searchDn(filter=unicode(
'(&(uid=%s)(|(objectClass=posixAccount)(objectClass=sambaSamAccount)(objectClass=person)))'
% user, 'utf8'),
base=baseDN,
unique=True)
position = univention.admin.uldap.position(baseDN)
module = univention.admin.modules.get('users/user')
univention.admin.modules.init(lo, position, module)
object = univention.admin.objects.get(module,
None,
lo,
position=position,
dn=dn[0])
object.open()
if 'samba/charset/unix' not in configRegistry:
ud.debug(ud.ADMIN, ud.INFO,
'univention-passwd: no unix-charset given')
object['password'] = unicode(pwd, 'utf8')
elif configRegistry['samba/charset/unix'] in [
'utf8', 'latin'
]:
ud.debug(
ud.ADMIN, ud.INFO,
'univention-passwd: known charset given: %s' %
configRegistry['samba/charset/unix'])
object['password'] = unicode(
pwd, configRegistry['samba/charset/unix'])
else:
ud.debug(
ud.ADMIN, ud.INFO,
'univention-passwd: unknown charset given, try fallback'
)
object['password'] = unicode(pwd)
ud.debug(ud.ADMIN, ud.INFO,
'univention-passwd: passwd set, modify object')
object['overridePWHistory'] = '1'
object['overridePWLength'] = '1'
dn = object.modify()
ud.debug(ud.ADMIN, ud.INFO,
'univention-passwd: password changed')
except Exception as e:
ud.debug(ud.ADMIN, ud.WARN, 'passwd error: %s' % e)
return out