def get_registration_info(ucr): class local: dns = [] def _get_registration_info(attributes=None, container_without_base=None): if container_without_base: container_dn = '%s,%s' % (container_without_base, ucr.get('ldap/base'),) ucr.handler_set(['umc/self-service/account-registration/usercontainer=%s' % (container_dn,)]) ucr.load() container_dn = ucr.get('umc/self-service/account-registration/usercontainer') username = uts.random_name() _attributes = { 'username': username, 'lastname': username, 'password': '******', 'PasswordRecoveryEmail': 'root@localhost' } if attributes: _attributes.update(attributes) dn = "uid=%s,%s" % (_attributes['username'], container_dn) local.dns.append(dn) return { 'dn': dn, 'attributes': _attributes, 'data': { 'attributes': _attributes } } yield _get_registration_info lo, po = getAdminConnection() for dn in local.dns: try: lo.delete(dn) except noObject: pass
def open_ldap_connection(self, binddn=None, bindpw=None, ldap_server=None, admin=False, machine=False): '''Opens a new LDAP connection using the given user LDAP DN and password. The connection is established to the given server or (if None is given) to the server defined by the UCR variable ldap/server/name is used. If admin is set to True, a connection is setup by getAdminConnection(). If machine is set to True, a connection to the master is setup by getMachoneConnection(). ''' assert not (admin and machine) account = utils.UCSTestDomainAdminCredentials() if not ldap_server: ldap_server = self._ucr.get('ldap/master') port = int(self._ucr.get('ldap/server/port', 7389)) try: if admin: lo = udm_uldap.getAdminConnection()[0] elif machine: lo = udm_uldap.getMachineConnection(ldap_master=True)[0] else: lo = udm_uldap.access(host=ldap_server, port=port, base=self._ucr.get('ldap/base'), binddn=account.binddn, bindpw=account.bindpw, start_tls=2) except udm_errors.noObject: raise except LDAPError as exc: raise SchoolLDAPError('Opening LDAP connection failed: %s' % (exc,)) return lo
def getReadonlyAdminConnection() -> Tuple[access, position]: def do_nothing(*a: Any, **kw: Any) -> NoReturn: raise AssertionError('readonly connection') lo, position = getAdminConnection() lo.add = lo.modify = lo.rename = lo.delete = do_nothing return lo, position
def get_admin_connection(): global _admin_connection, _admin_position if not _admin_connection or not _admin_position: try: _admin_connection, _admin_position = uldap.getAdminConnection() except IOError: raise UcsSchoolImportFatalError( "This script must be executed on a DC Master.") return _admin_connection, _admin_position
def migrate_objects(_umc_instance): lo, pos = getAdminConnection() objs = udm_objects_without_ServerRole(lo) for server_role in sorted(objs): if not server_role: continue for dn in objs[server_role]: changes = [('univentionServerRole', None, server_role)] lo.modify(dn, changes) raise ProblemFixed(buttons=[])
def migrate_objects(_umc_instance): lo, pos = getAdminConnection() objects = udm_objects_without_type(lo) for dn, modules, object_classes in objects: new_object_classes = object_classes[:] if 'univentionObject' not in object_classes: new_object_classes.append('univentionObject') changes = [('objectClass', object_classes, new_object_classes), ('univentionObjectType', [], [module.module for module in modules])] lo.modify(dn, changes) raise ProblemFixed(buttons=[])
def cleanup(self): lo, po = getAdminConnection() self.log.info("Removing new unique-usernames,cn=ucsschool entries...") for username in self.unique_basenames_to_remove: dn = "cn={},cn=unique-usernames,cn=ucsschool,cn=univention,{}".format(escape_dn_chars(username), lo.base) self.log.debug("Removing %r", dn) try: lo.delete(dn) except noObject: pass except ldapError as exc: self.log.error("DN %r -> %s", dn, exc) super(UniqueObjectTester, self).cleanup()
def remove_object(udm_module_name, object_dn): listener.setuid(0) try: try: ldap_connection, ldap_position = udm_uldap.getAdminConnection() udm_modules.update() udm_module = udm_modules.get(udm_module_name) udm_modules.init(ldap_connection, ldap_position, udm_module) except udm_errors.ldapError as exc: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error accessing UDM: %s' % (name, exc)) raise exc try: udm_object = udm_module.object(None, ldap_connection, ldap_position, object_dn) udm_object.remove() except (udm_errors.ldapError, udm_errors.noObject) as exc: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error deleting %s: %s.' % (name, object_dn, exc)) raise exc finally: listener.unsetuid()
def run(_umc_instance): if ucr.get('server/role') != 'domaincontroller_master': return lo, pos = getAdminConnection() objects = udm_objects_without_type(lo) if len(objects): counted_objects = {} details = '\n\n' + _('These objects were found:') for dn, modules, object_classes in objects: for module in modules: counted_objects.setdefault(module.short_description, 0) counted_objects[module.short_description] += 1 for module_name in sorted(counted_objects.iterkeys()): num_objs = counted_objects[module_name] details += '\n· ' + _('%d objects should be "%s"') % (num_objs, module_name) raise Warning(description + details, buttons=[{ 'action': 'migrate_objects', 'label': _('Migrate %d LDAP objects') % len(objects), }])
def mark_active(self): if self._todo_list: try: lo, ldap_position = udm_uldap.getAdminConnection() udm_modules.update() udm_module = udm_modules.get(self.udm_module_name) udm_modules.init(lo, ldap_position, udm_module) for object_dn in self._todo_list: try: udm_object = udm_module.object(None, lo, ldap_position, object_dn) udm_object.open() udm_object['active'] = True udm_object.modify() except udm_errors.noObject as e: ud.debug(ud.LISTENER, ud.ERROR, 'Error modifying %s: object not found.' % (object_dn,)) except udm_errors.ldapError as e: ud.debug(ud.LISTENER, ud.ERROR, 'Error modifying %s: %s.' % (object_dn, e)) raise self._todo_list = [] except udm_errors.ldapError as e: ud.debug(ud.LISTENER, ud.ERROR, 'Error accessing UDM: %s' % (e,))
def run(_umc_instance): if ucr.get('server/role') != 'domaincontroller_master': return lo, pos = getAdminConnection() objs = udm_objects_without_ServerRole(lo) details = '\n\n' + _('These objects were found:') total_objs = 0 fixable_objs = 0 for server_role in sorted(objs): num_objs = len(objs[server_role]) if num_objs: total_objs += num_objs if server_role: fixable_objs += num_objs details += '\n· ' + _( 'Number of objects that should be marked as "%s": %d') % ( server_role, num_objs, ) else: details += '\n· ' + _( 'Number of unspecific Windows computer objects with inconsistent univentionObjectType: %d (Can\'t fix this automatically)' ) % (num_objs, ) if total_objs: if fixable_objs: raise Warning(description + details, buttons=[{ 'action': 'migrate_objects', 'label': _('Migrate %d LDAP objects') % fixable_objs, }]) else: raise Warning(description + details, buttons=[])
def handler(dn, new, old): """Handle UDM extension modules""" if new: ocs = new.get('objectClass', []) univentionUCSVersionStart = new.get('univentionUCSVersionStart', [b''])[0].decode('UTF-8') univentionUCSVersionEnd = new.get('univentionUCSVersionEnd', [b''])[0].decode('UTF-8') elif old: ocs = old.get('objectClass', []) if b'univentionUDMModule' in ocs: objectclass = 'univentionUDMModule' udm_module_name = 'settings/udm_module' target_subdir = 'univention/admin/handlers' elif b'univentionUDMHook' in ocs: objectclass = 'univentionUDMHook' udm_module_name = 'settings/udm_hook' target_subdir = 'univention/admin/hooks.d' elif b'univentionUDMSyntax' in ocs: objectclass = 'univentionUDMSyntax' udm_module_name = 'settings/udm_syntax' target_subdir = 'univention/admin/syntax.d' else: ud.debug( ud.LISTENER, ud.ERROR, '%s: Undetermined error: unknown objectclass: %s.' % (name, ocs)) # Bug #51622 for UCS 5.0 update: if new and not old: if listener.configRegistry.get( 'server/role') == 'domaincontroller_master': # Remove objects that don't signal Python3 support cmp_start_vs_50 = apt.apt_pkg.version_compare( univentionUCSVersionStart, "5.0") # -1 if univentionUCSVersionStart is unset # cmp_end_vs_499 = apt.apt_pkg.version_compare(univentionUCSVersionEnd, "4.99") # Keep object if cmp_start_vs_50 >= 0 [i.e. Py3] or (cmp_start_vs_50 < and univentionUCSVersionEnd) [or cmp_end_vs_499 == 0] # Otherwise remove it: if cmp_start_vs_50 < 0 and not univentionUCSVersionEnd: ud.debug( ud.LISTENER, ud.WARN, '%s: Removing incompatible extension %s (univentionUCSVersionStart=%r and univentionUCSVersionEnd not set).' % (name, new['cn'][0].decode('UTF-8'), univentionUCSVersionStart)) remove_object(udm_module_name, dn) return if new: current_UCS_version = "%s-%s" % ( listener.configRegistry.get('version/version'), listener.configRegistry.get('version/patchlevel')) if univentionUCSVersionStart and UCS_Version( current_UCS_version) < UCS_Version(univentionUCSVersionStart): ud.debug( ud.LISTENER, ud.INFO, '%s: extension %s requires at least UCS version %s.' % (name, new['cn'][0].decode('UTF-8'), univentionUCSVersionStart)) # Trigger remove on this system old = old or new new = None elif univentionUCSVersionEnd and UCS_Version( current_UCS_version) > UCS_Version(univentionUCSVersionEnd): ud.debug( ud.LISTENER, ud.INFO, '%s: extension %s specifies compatibility only up to and including UCR version %s.' % (name, new['cn'][0].decode('UTF-8'), univentionUCSVersionEnd)) # Trigger remove on this system old = old or new new = None old_relative_filename = None if old: old_relative_filename = old['%sFilename' % objectclass][0].decode('UTF-8') if new: new_version = new.get('univentionOwnedByPackageVersion', [b''])[0].decode('UTF-8') if not new_version: return new_pkgname = new.get('univentionOwnedByPackage', [None])[0] if not new_pkgname: return if old: # check for trivial changes diff_keys = [ key for key in new.keys() if new.get(key) != old.get(key) and key not in ( 'entryCSN', 'modifyTimestamp', 'modifiersName') ] if diff_keys == ['%sActive' % objectclass] and new.get( '%sActive' % objectclass)[0] == b'TRUE': ud.debug( ud.LISTENER, ud.INFO, '%s: %s: activation status changed.' % (name, new['cn'][0])) return elif diff_keys == ['univentionAppIdentifier']: ud.debug( ud.LISTENER, ud.INFO, '%s: %s: App identifier changed.' % (name, new['cn'][0].decode('UTF-8'))) return if new_pkgname == old.get('univentionOwnedByPackage', [None])[0]: old_version = old.get('univentionOwnedByPackageVersion', [b'0'])[0].decode('UTF-8') rc = apt.apt_pkg.version_compare(new_version, old_version) if not rc > -1: ud.debug( ud.LISTENER, ud.WARN, '%s: New version is lower than version of old object (%s), skipping update.' % (name, old_version)) return # ok, basic checks passed, handle the data try: new_object_data = bz2.decompress( new.get('%sData' % objectclass)[0]) except TypeError: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error uncompressing data of object %s.' % (name, dn)) return new_relative_filename = new['%sFilename' % objectclass][0].decode('UTF-8') listener.setuid(0) try: if old_relative_filename and old_relative_filename != new_relative_filename: remove_python_file(objectclass, target_subdir, old_relative_filename) if not install_python_file(objectclass, target_subdir, new_relative_filename, new_object_data): return install_messagecatalog(dn, new, objectclass) install_umcmessagecatalogs(new, old) if objectclass == 'univentionUDMModule': install_umcregistration(dn, new) install_umcicons(dn, new) finally: listener.unsetuid() elif old: # ok, basic checks passed, handle the change listener.setuid(0) try: remove_python_file(objectclass, target_subdir, old_relative_filename) remove_messagecatalog(dn, old, objectclass) remove_umcmessagecatalogs(old) if objectclass == 'univentionUDMModule': remove_umcicons(dn, old) remove_umcregistration(dn, old) finally: listener.unsetuid() # TODO: Kill running univention-cli-server? # Mark new extension object active listener.setuid(0) try: if new: if not listener.configRegistry.get( 'server/role') == 'domaincontroller_master': # Only set active flag on Primary return try: lo, ldap_position = udm_uldap.getAdminConnection() udm_modules.update() udm_module = udm_modules.get(udm_module_name) udm_modules.init(lo, ldap_position, udm_module) try: udm_object = udm_module.object(None, lo, ldap_position, dn) udm_object.open() udm_object['active'] = True udm_object.modify() except udm_errors.ldapError as exc: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error modifying %s: %s.' % (name, dn, exc)) except udm_errors.noObject as exc: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error modifying %s: %s.' % (name, dn, exc)) except udm_errors.ldapError as exc: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error accessing UDM: %s' % (name, exc)) finally: listener.unsetuid()
def handler(dn, new, old): """Handle UDM extension modules""" if new: ocs = new.get('objectClass', []) univentionUCSVersionStart = new.get('univentionUCSVersionStart', [None])[0] univentionUCSVersionEnd = new.get('univentionUCSVersionEnd', [None])[0] current_UCS_version = "%s-%s" % (listener.configRegistry.get('version/version'), listener.configRegistry.get('version/patchlevel')) if univentionUCSVersionStart and UCS_Version(current_UCS_version) < UCS_Version(univentionUCSVersionStart): ud.debug(ud.LISTENER, ud.INFO, '%s: extension %s requires at least UCR version %s.' % (name, new['cn'][0], univentionUCSVersionStart)) new = None elif univentionUCSVersionEnd and UCS_Version(current_UCS_version) > UCS_Version(univentionUCSVersionEnd): ud.debug(ud.LISTENER, ud.INFO, '%s: extension %s specifies compatibility only up to and including UCR version %s.' % (name, new['cn'][0], univentionUCSVersionEnd)) new = None elif old: ocs = old.get('objectClass', []) if 'univentionUDMModule' in ocs: objectclass = 'univentionUDMModule' udm_module_name = 'settings/udm_module' target_subdir = 'univention/admin/handlers' elif 'univentionUDMHook' in ocs: objectclass = 'univentionUDMHook' udm_module_name = 'settings/udm_hook' target_subdir = 'univention/admin/hooks.d' elif 'univentionUDMSyntax' in ocs: objectclass = 'univentionUDMSyntax' udm_module_name = 'settings/udm_syntax' target_subdir = 'univention/admin/syntax.d' else: ud.debug(ud.LISTENER, ud.ERROR, '%s: Undetermined error: unknown objectclass: %s.' % (name, ocs)) if new: new_version = new.get('univentionOwnedByPackageVersion', [None])[0] if not new_version: return new_pkgname = new.get('univentionOwnedByPackage', [None])[0] if not new_pkgname: return if old: # check for trivial changes diff_keys = [key for key in new.keys() if new.get(key) != old.get(key) and key not in ('entryCSN', 'modifyTimestamp', 'modifiersName')] if diff_keys == ['%sActive' % objectclass] and new.get('%sActive' % objectclass)[0] == 'TRUE': ud.debug(ud.LISTENER, ud.INFO, '%s: %s: activation status changed.' % (name, new['cn'][0])) return elif diff_keys == ['univentionAppIdentifier']: ud.debug(ud.LISTENER, ud.INFO, '%s: %s: App identifier changed.' % (name, new['cn'][0])) return if new_pkgname == old.get('univentionOwnedByPackage', [None])[0]: old_version = old.get('univentionOwnedByPackageVersion', ['0'])[0] rc = apt.apt_pkg.version_compare(new_version, old_version) if not rc > -1: ud.debug(ud.LISTENER, ud.WARN, '%s: New version is lower than version of old object (%s), skipping update.' % (name, old_version)) return # ok, basic checks passed, handle the data try: new_object_data = bz2.decompress(new.get('%sData' % objectclass)[0]) except TypeError: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error uncompressing data of object %s.' % (name, dn)) return new_relative_filename = new.get('%sFilename' % objectclass)[0] listener.setuid(0) try: if not install_python_file(objectclass, target_subdir, new_relative_filename, new_object_data): return install_messagecatalog(dn, new, objectclass) if objectclass == 'univentionUDMModule': install_umcregistration(dn, new) install_umcicons(dn, new) finally: listener.unsetuid() elif old: # ok, basic checks passed, handle the change old_relative_filename = old.get('%sFilename' % objectclass)[0] listener.setuid(0) try: remove_python_file(objectclass, target_subdir, old_relative_filename) remove_messagecatalog(dn, old, objectclass) if objectclass == 'univentionUDMModule': remove_umcicons(dn, old) remove_umcregistration(dn, old) finally: listener.unsetuid() # Kill running univention-cli-server and mark new extension object active listener.setuid(0) try: if new: if not listener.configRegistry.get('server/role') == 'domaincontroller_master': # Only set active flag on Master return try: lo, ldap_position = udm_uldap.getAdminConnection() udm_modules.update() udm_module = udm_modules.get(udm_module_name) udm_modules.init(lo, ldap_position, udm_module) try: udm_object = udm_module.object(None, lo, ldap_position, dn) udm_object.open() udm_object['active'] = True udm_object.modify() except udm_errors.ldapError as e: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error modifying %s: %s.' % (name, dn, e)) except udm_errors.noObject as e: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error modifying %s: %s.' % (name, dn, e)) except udm_errors.ldapError as e: ud.debug(ud.LISTENER, ud.ERROR, '%s: Error accessing UDM: %s' % (name, e)) finally: listener.unsetuid()
#!/usr/bin/env python2 from ucsschool.lib.models.user import Student from univention.admin.uldap import getAdminConnection import sys lo, po = getAdminConnection() student = Student(name='Teststudent', firstname='Test', lastname='Student', school='School1') student.create(lo) student2 = Student(name='Teststudent2', firstname='Test2', lastname='Student2', school='School2') student2.create(lo) student3 = Student(name='Teststudent3', firstname='Test3', lastname='Student3', school='School1', schools=['School1', 'School2']) student3.create(lo) s = lo.get(student.dn) if ['School1'] != s['ucsschoolSchool']: print('Error: Student should only be in School1') sys.exit(1)
def get_admin_connection(): return getAdminConnection()
#!/usr/bin/python import univention.admin.objects import univention.admin.modules as modules import univention.admin.uldap as uldap import univention.admin.config as config import univention.config_registry import random import time import subprocess import sys lo, position = uldap.getAdminConnection() co = config.config() ucr = univention.config_registry.ConfigRegistry() ucr.load() base = ucr.get('ldap/base') cusers = 5000 cgroups = 1050 cuseringroups = 50 cgroupsForTestUser = 50 username = "******" groupname = "testgroup" modules.update() users = modules.get('users/user') modules.init(lo, position, users) groups = modules.get('groups/group') modules.init(lo, position, groups)