def get_registration_attributes(self): ucr.load() property_ids = ['PasswordRecoveryEmail', 'password'] for id_ in [attr.strip() for attr in ucr.get('umc/self-service/account-registration/udm_attributes', '').split(',') if attr.strip()]: if id_ not in property_ids: property_ids.append(id_) lo, po = get_machine_connection() users_mod = UDM_Module('users/user', True, lo, po) properties = {prop['id']: prop for prop in users_mod.properties(None)} not_existing = set(property_ids) - set(properties.keys()) properties = {k: v for (k, v) in properties.items() if 'dynamicValues' not in v and 'udm' not in v['type']} # filter out not supported props not_supported = set(property_ids) - set(properties.keys()) - not_existing if 'PasswordRecoveryEmail' in properties: properties['PasswordRecoveryEmail']['label'] = _('Email') properties['PasswordRecoveryEmail']['description'] = '' self._update_required_attr_of_props_for_registration(properties) properties = [properties[id_] for id_ in property_ids if id_ in properties] if not_existing: MODULE.warn("get_registration_attributes(): the following attributes defined by umc/self-service/account-registration/udm_attributes do not exist on users/user: {}".format(", ".join(not_existing))) if not_supported: MODULE.warn("get_registration_attributes(): the following attributes defined by umc/self-service/account-registration/udm_attributes are not supported: {}".format(", ".join(not_supported))) return { 'widget_descriptions': properties, 'layout': [prop['id'] for prop in properties], }
def usersmod(self): if not self._usersmod: univention.admin.modules.update() self._usersmod = univention.admin.modules.get('users/user') if not self._usersmod.initialized: lo, po = get_machine_connection() univention.admin.modules.init(lo, po, self._usersmod) return self._usersmod
def get_udm_user_by_dn(self, userdn, admin=False): if admin: lo, po = get_admin_connection() else: lo, po = get_machine_connection() user = self.usersmod.object(None, lo, po, userdn) user.open() return user
def get_udm_user(self, username, admin=False): filter_s = filter_format('(|(uid=%s)(mailPrimaryAddress=%s))', (username, username)) base = ucr["ldap/base"] lo, po = get_machine_connection() dn = lo.searchDn(filter=filter_s, base=base)[0] return self.get_udm_user_by_dn(dn, admin=admin)
def get_all_hosts(lo=None, ucr=None): if lo is None: lo = get_machine_connection(write=False)[0] if lo is None: return [] return get_hosts(domaincontroller_master, lo, ucr) + \ get_hosts(domaincontroller_backup, lo, ucr) + \ get_hosts(domaincontroller_slave, lo, ucr) + \ get_hosts(memberserver, lo, ucr)
def get_udm_user_dn(self, userdn, admin=False): if admin: lo, po = get_admin_connection() else: lo, po = get_machine_connection() univention.admin.modules.update() if self.usersmod is None: self.usersmod = univention.admin.modules.get("users/user") univention.admin.modules.init(lo, po, self.usersmod) user = self.usersmod.object(None, lo, po, userdn) user.open() return user
def __canonicalize_username(self, username): try: lo, po = get_machine_connection(write=False) result = None if lo: attr = 'mailPrimaryAddress' if '@' in username else 'uid' result = lo.search(filter_format('(&(%s=%s)(objectClass=person))', (attr, username)), attr=['uid'], unique=True) if result and result[0][1].get('uid'): username = result[0][1]['uid'][0] AUTH.info('Canonicalized username: %r' % (username,)) except (ldap.LDAPError, udm_errors.ldapError) as exc: # /etc/machine.secret missing or LDAP server not reachable AUTH.warn('Canonicalization of username was not possible: %s' % (exc,)) reset_cache() except: AUTH.error('Canonicalization of username failed: %s' % (traceback.format_exc(),)) finally: # ignore all exceptions, even in except blocks return username
def query(self): udm_modules.update() lo, po = get_machine_connection() servers = udm_modules.lookup( 'computers/computer', None, lo, filter= '(&(|(objectClass=univentionDomainController)(objectClass=univentionMemberServer))(!(univentionObjectFlag=docker)))', base=ucr['ldap/base'], scope='sub') result = [ dict( dn=i.dn, hostname=i.info.get('name'), domain=i.info.get('domain'), ip=i.info.get('ip'), version=i.info.get('operatingSystemVersion'), serverRole=i.info.get('serverRole'), ) for i in servers ] return result
def get_schoolinfo_master(self, school): """ Fetches LDAP information from master about specified OU. This function assumes that the given arguments have already been validated! """ school_name = school try: lo, po = get_machine_connection(write=True) school = School.from_dn(School(name=school_name).dn, None, lo) except noObject: exists = False class_share_server = None home_share_server = None educational_slaves = [] administrative_slaves = [] except ldap.SERVER_DOWN: raise # handled via UMC except ldap.LDAPError as exc: MODULE.warn('LDAP error during receiving school info: %s' % (exc,)) raise UMC_Error(_('The LDAP connection to the master system failed.')) else: exists = True class_share_server = school.class_share_file_server home_share_server = school.home_share_file_server educational_slaves = [SchoolDCSlave.from_dn(dn, None, lo).name for dn in school.educational_servers] administrative_slaves = [SchoolDCSlave.from_dn(dn, None, lo).name for dn in school.administrative_servers] return { 'exists': exists, 'school': school_name, 'classShareServer': class_share_server, 'homeShareServer': home_share_server, 'educational_slaves': educational_slaves, 'administrative_slaves': administrative_slaves, }