def _alter_udm_obj(self, udm_obj):
super(SchoolComputer, self)._alter_udm_obj(udm_obj)
inventory_numbers = self.get_inventory_numbers()
if inventory_numbers:
udm_obj['inventoryNumber'] = inventory_numbers
ipv4_network = self.get_ipv4_network()
if ipv4_network:
if self._ip_is_set_to_subnet(ipv4_network):
logger.info(
'IP was set to subnet. Unsetting it on the computer so that UDM can do some magic: Assign next free IP!'
)
udm_obj['ip'] = ''
else:
udm_obj['ip'] = str(ipv4_network.ip)
# set network after ip. Otherwise UDM does not do any
# nextIp magic...
network = self.get_network()
if network:
# reset network, so that next line triggers free ip
udm_obj.old_network = None
try:
udm_obj['network'] = network.dn
except nextFreeIp:
logger.error(
'Tried to set IP automatically, but failed! %r is full',
network)
raise nextFreeIp(
_('There are no free addresses left in the subnet!'))
def add_domain_controllers(self, lo):
logger.info('School.add_domain_controllers(): ou_name=%r', self.name)
school_dcs = ucr.get('ucsschool/ldap/default/dcs', 'edukativ').split()
for dc in school_dcs:
administrative = dc == 'verwaltung'
dc_name = self.get_dc_name(administrative=administrative)
server = AnyComputer.get_first_udm_obj(lo, 'cn=%s' % escape_filter_chars(dc_name))
logger.info('School.add_domain_controllers(): administrative=%r dc_name=%s self.dc_name=%r server=%r', administrative, dc_name, self.dc_name, server)
if not server and not self.dc_name:
if administrative:
administrative_type = 'administrative'
else:
administrative_type = 'educational'
group_dn = self.get_administrative_group_name(administrative_type, ou_specific=True, as_dn=True)
try:
hostlist = lo.get(group_dn, ['uniqueMember']).get('uniqueMember', [])
except ldap.NO_SUCH_OBJECT:
hostlist = []
except Exception, e:
logger.error('cannot read %s: %s', group_dn, e)
return
if hostlist:
continue # if at least one DC has control over this OU then jump to next 'school_dcs' item ==> do not create default slave objects
self.create_dc_slave(lo, dc_name, administrative=administrative)
dhcp_service = self.get_dhcp_service(dc_name)
dhcp_service.create(lo)
dhcp_service.add_server(dc_name, lo)
return True
def create_without_hooks(self, lo, validate):
if self.exists(lo):
return False
logger.info('Creating %r', self)
if validate:
self.validate(lo)
if self.errors:
raise ValidationError(self.errors.copy())
pos = udm_uldap.position(ucr.get('ldap/base'))
container = self.position
if not container:
logger.error('%r cannot determine a container. Unable to create!',
self)
return False
try:
pos.setDn(container)
udm_obj = udm_modules.get(self._meta.udm_module).object(
None, lo, pos, superordinate=self.get_superordinate(lo))
udm_obj.open()
# here is the real logic
self.do_create(udm_obj, lo)
# get it fresh from the database (needed for udm_obj._exists ...)
self.set_dn(self.dn)
logger.info('%r successfully created', self)
return True
finally:
self.invalidate_cache()
def create_default_groups(self, lo):
# DC groups
administrative_group_container = 'cn=ucsschool,cn=groups,%s' % ucr.get('ldap/base')
# DC-Edukativnetz
# OU%s-DC-Edukativnetz
# Member-Edukativnetz
# OU%s-Member-Edukativnetz
administrative_group_names = self.get_administrative_group_name('educational', domain_controller='both', ou_specific='both')
if self.shall_create_administrative_objects():
administrative_group_names.extend(self.get_administrative_group_name('administrative', domain_controller='both', ou_specific='both')) # same with Verwaltungsnetz
for administrative_group_name in administrative_group_names:
group = BasicGroup.cache(name=administrative_group_name, container=administrative_group_container)
group.create(lo)
# cn=ouadmins
admin_group_container = 'cn=ouadmins,cn=groups,%s' % ucr.get('ldap/base')
group = BasicGroup.cache(self.group_name('admins', 'admins-'), container=admin_group_container)
group.create(lo)
group.add_umc_policy(self.get_umc_policy_dn('admins'), lo)
try:
udm_obj = group.get_udm_object(lo)
except noObject:
logger.error('Could not load OU admin group %r for adding "school" value', group.dn)
else:
admin_option = 'ucsschoolAdministratorGroup'
if admin_option not in udm_obj.options:
udm_obj.options.append(admin_option)
udm_obj['school'] = [self.name]
udm_obj.modify()
# cn=schueler
group = Group.cache(self.group_name('pupils', 'schueler-'), self.name)
group.create(lo)
group.add_umc_policy(self.get_umc_policy_dn('pupils'), lo)
# cn=lehrer
group = Group.cache(self.group_name('teachers', 'lehrer-'), self.name)
group.create(lo)
group.add_umc_policy(self.get_umc_policy_dn('teachers'), lo)
# cn=mitarbeiter
if self.shall_create_administrative_objects():
group = Group.cache(self.group_name('staff', 'mitarbeiter-'), self.name)
group.create(lo)
group.add_umc_policy(self.get_umc_policy_dn('staff'), lo)
if ucr.is_true('ucsschool/import/attach/policy/default-umc-users', True):
# cn=Domain Users %s
group = Group.cache("Domain Users %s" % (self.name,), self.name)
group.create(lo)
group.add_umc_policy("cn=default-umc-users,cn=UMC,cn=policies,%s" % (ucr.get('ldap/base'),), lo)
def do_modify(self, udm_obj, lo):
self.create_mail_domain(lo)
self.password = self.password or None
removed_schools = set(udm_obj['school']) - set(self.schools)
if removed_schools:
# change self.schools back, so schools can be removed by remove_from_school()
self.schools = udm_obj['school']
for removed_school in removed_schools:
logger.info('Removing %r from school %r...', self, removed_school)
if not self.remove_from_school(removed_school, lo):
logger.error('Error removing %r from school %r.', self,
removed_school)
return False
mandatory_groups = self.groups_used(lo)
for group_dn in udm_obj['groups'][:]:
logger.debug('Checking group %s for removal', group_dn)
if group_dn not in mandatory_groups:
logger.debug('Group not mandatory! Part of a school?')
try:
school_class = SchoolClass.from_dn(group_dn, None, lo)
except noObject:
logger.debug('No. Leaving it alone...')
continue
logger.debug('Yes, part of %s!', school_class.school)
if school_class.school not in self.school_classes:
continue # if the key isn't set we don't change anything to the groups. to remove the groups it has to be an empty list
classes = self.school_classes[school_class.school]
remove = school_class.name not in classes and school_class.get_relative_name(
) not in classes
if remove:
logger.debug('Removing it!')
udm_obj['groups'].remove(group_dn)
else:
logger.debug(
'Leaving it alone: Part of own school and either non-school class or new school classes were not defined at all'
)
for group_dn in mandatory_groups:
logger.debug('Checking group %s for adding', group_dn)
if group_dn not in udm_obj['groups']:
logger.debug('Group is not yet part of the user. Adding...')
udm_obj['groups'].append(group_dn)
return super(User, self).do_modify(udm_obj, lo)
def create_dc_slave(self, lo, name, administrative=False):
if administrative and not self.shall_create_administrative_objects():
logger.warning('Not creating %s: An administrative DC shall not be created as by UCR variable %r', name, 'ucsschool/ldap/noneducational/create/objects')
return False
if not self.exists(lo):
logger.error('%r does not exist. Cannot create %s', self, name)
return False
if administrative:
groups = self.get_administrative_group_name('administrative', ou_specific='both', as_dn=True)
else:
groups = self.get_administrative_group_name('educational', ou_specific='both', as_dn=True)
logger.debug('DC shall become member of %r', groups)
dc = SchoolDCSlave(name=name, school=self.name, groups=groups)
if dc.exists(lo):
logger.info('%r exists. Setting groups, do not move to %r!', dc, self)
# call dc.move() if really necessary to move
return dc.modify(lo, move_if_necessary=False)
else:
existing_host = AnyComputer.get_first_udm_obj(lo, 'cn=%s' % escape_filter_chars(name))
if existing_host:
logger.error('Given host name "%s" is already in use and no domaincontroller slave system. Please choose another name.', name)
return False
return dc.create(lo)
def move_without_hooks(self, lo, udm_obj=None, force=False):
try:
if udm_obj is None:
try:
udm_obj = self.get_only_udm_obj(
lo, 'cn=%s' % escape_filter_chars(self.name))
except MultipleObjectsError:
logger.error(
'Found more than one DC Slave with hostname "%s"',
self.name)
return False
if udm_obj is None:
logger.error('Cannot find DC Slave with hostname "%s"',
self.name)
return False
old_dn = udm_obj.dn
school = self.get_school_obj(lo)
group_dn = school.get_administrative_group_name('educational',
ou_specific=True,
as_dn=True)
if group_dn not in udm_obj['groups']:
logger.error('%r has no LDAP access to %r', self, school)
return False
if old_dn == self.dn:
logger.info(
'DC Slave "%s" is already located in "%s" - stopping here',
self.name, self.school)
self.set_dn(old_dn)
if self.exists_outside_school(lo):
if not force:
logger.error('DC Slave "%s" is located in another OU - %s',
self.name, udm_obj.dn)
logger.error('Use force=True to override')
return False
if school is None:
logger.error(
'Cannot move DC Slave object - School does not exist: %r',
school)
return False
self.modify_without_hooks(lo)
if school.class_share_file_server == old_dn:
school.class_share_file_server = self.dn
if school.home_share_file_server == old_dn:
school.home_share_file_server = self.dn
school.modify_without_hooks(lo)
removed = False
# find dhcp server object by checking all dhcp service objects
for dhcp_service in AnyDHCPService.get_all(lo, None):
for dhcp_server in dhcp_service.get_servers(lo):
if dhcp_server.name == self.name and not dhcp_server.dn.endswith(
',%s' % school.dn):
dhcp_server.remove(lo)
removed = True
if removed:
own_dhcp_service = school.get_dhcp_service()
dhcp_server = DHCPServer(name=self.name,
school=self.school,
dhcp_service=own_dhcp_service)
dhcp_server.create(lo)
logger.info('Move complete')
logger.warning('The DC Slave has to be rejoined into the domain!')
finally:
self.invalidate_cache()
return True