def __init__(self, userdn=None, password=None, host='localhost', base=None, start_tls=2, access=None, format=None): self._cached = {} self._modules = {} self._policies = {} self._format = format self._bc = ConfigRegistry() self._bc.load() self.__reverse = {} if not base: self._base = self._bc['ldap/base'] else: self._base = base self._position = ua_ldap.position(self._base) if access: self._access = access else: self._access = ua_ldap.access(host=host, base=self._base, binddn=userdn, bindpw=password, start_tls=start_tls) ua_modules.update()
def open_ldap_connection(self, binddn=None, bindpw=None, ldap_server=None, admin=False, machine=False): '''Opens a new LDAP connection using the given user LDAP DN and password. The connection is established to the given server or (if None is given) to the server defined by the UCR variable ldap/server/name is used. If admin is set to True, a connection is setup by getAdminConnection(). If machine is set to True, a connection to the master is setup by getMachoneConnection(). ''' assert not (admin and machine) account = utils.UCSTestDomainAdminCredentials() if not ldap_server: ldap_server = self._ucr.get('ldap/master') port = int(self._ucr.get('ldap/server/port', 7389)) try: if admin: lo = udm_uldap.getAdminConnection()[0] elif machine: lo = udm_uldap.getMachineConnection(ldap_master=True)[0] else: lo = udm_uldap.access(host=ldap_server, port=port, base=self._ucr.get('ldap/base'), binddn=account.binddn, bindpw=account.bindpw, start_tls=2) except udm_errors.noObject: raise except LDAPError as exc: raise SchoolLDAPError('Opening LDAP connection failed: %s' % (exc,)) return lo
def get_ldap_connection(pwdfile=False, start_tls=2, decode_ignorelist=None, admin_uldap=False): if decode_ignorelist is None: decode_ignorelist = [] ucr = univention.config_registry.ConfigRegistry() ucr.load() port = int(ucr.get('ldap/server/port', 7389)) binddn = ucr.get('tests/domainadmin/account', 'uid=Administrator,cn=users,%s' % ucr['ldap/base']) bindpw = None ldapServers = [] if ucr['ldap/server/name']: ldapServers.append(ucr['ldap/server/name']) if ucr['ldap/servers/addition']: ldapServers.extend(ucr['ldap/server/addition'].split()) if pwdfile: with open(ucr['tests/domainadmin/pwdfile']) as f: bindpw = f.read().strip('\n') else: bindpw = ucr['tests/domainadmin/pwd'] for ldapServer in ldapServers: try: lo = uldap.access(host=ldapServer, port=port, base=ucr['ldap/base'], binddn=binddn, bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, follow_referral=True) if admin_uldap: lo = access(lo=lo) return lo except ldap.SERVER_DOWN(): pass raise ldap.SERVER_DOWN()
def get_ldap_connection(admin_uldap=False, primary=False): # type: (Optional[bool], Optional[bool]) -> access ucr = UCR ucr.load() if primary: port = int(ucr.get('ldap/master/port', 7389)) ldap_servers = [ucr['ldap/master']] else: port = int(ucr.get('ldap/server/port', 7389)) ldap_servers = [] if ucr['ldap/server/name']: ldap_servers.append(ucr['ldap/server/name']) if ucr['ldap/servers/addition']: ldap_servers.extend(ucr['ldap/server/addition'].split()) creds = UCSTestDomainAdminCredentials() for ldap_server in ldap_servers: try: lo = uldap.access(host=ldap_server, port=port, base=ucr['ldap/base'], binddn=creds.binddn, bindpw=creds.bindpw, start_tls=2, decode_ignorelist=[], follow_referral=True) if admin_uldap: lo = access(lo=lo) return lo except ldap.SERVER_DOWN: pass raise ldap.SERVER_DOWN()
def __testPosixDisabled(self, passwd): if not self.posix: return try: master = self.bc("ldap/master") ldap = uldap.access(binddn=self.dn, bindpw=passwd, host=master, base=self.dn) raise AccountEnabledError(self, "posix") except uex.authFail: pass
def open_ldap(self): ldap_host = self.changeset.ucr["ldap/master"] ldap_base = self.changeset.ucr["ldap/base"] self.ldap = uldap.access( host=ldap_host, base=ldap_base, binddn=self.binddn, bindpw=self.bindpwd, ) self.position = uldap.position(ldap_base)
def get_connection(userdn, password): port = int(ucr_get('ldap/master/port', '7389')) host = ucr_get('ldap/master') base = ucr_get('ldap/base') lo = base_access(host=host, port=port, base=base, binddn=userdn, bindpw=password) lo = access(lo=lo) pos = position(lo.base) return lo, pos
def __testPosixDisabled(self, passwd): if not self.posix: return try: master = self.bc('ldap/master') ldap = uldap.access(binddn=self.dn, bindpw=passwd, host=master, base=self.dn) raise AccountEnabledError(self, 'posix') except uex.authFail: pass
def __initAccess(self): baseDN = self.bc('ldap/base') master = self.bc('ldap/master') binddn = self.__options['binddn'] bindpw = self.__options['bindpw'] tls = self.__options.get('tls', 2) try: return uldap.access(host = master, base = baseDN, binddn = binddn, bindpw = bindpw, start_tls = tls) except uex.authFail: # TODO: handle authentication failure return None
def lo(self): """ LDAP connection object. :return: univention.admin.uldap.access object """ if not self._lo: ldap_credentials = self._get_ldap_credentials() if not ldap_credentials: raise ListenerModuleRuntimeError( 'LDAP connection of listener module {!r} has not yet been initialized.' .format(self.config.get_name())) self._lo = access(**ldap_credentials) return self._lo
def __initAccess(self): baseDN = self.bc('ldap/base') master = self.bc('ldap/master') binddn = self.__options['binddn'] bindpw = self.__options['bindpw'] tls = self.__options.get('tls', 2) try: return uldap.access(host=master, base=baseDN, binddn=binddn, bindpw=bindpw, start_tls=tls) except uex.authFail: # TODO: handle authentication failure return None
def get_user_connection(userdn, password): __init_users_module() ucr.load() try: # open an LDAP connection with the user password and credentials return udm_uldap.access( host=ucr.get('ldap/server/name'), base=ucr.get('ldap/base'), port=int(ucr.get('ldap/server/port', 7389)), binddn=userdn, bindpw=password, follow_referral=True ), udm_uldap.position(ucr.get('ldap/base')) except (udm_errors.base, LDAPError) as exc: CORE.warn('Failed to get ldap connection for UDM user object %s: %s' % (userdn, exc)) return None, None
def _get_user_obj(self): try: # make sure that the UDM users/user module could be initiated if not users_module: raise udm_errors.base('UDM module users/user could not be initiated') # open an LDAP connection with the user password and credentials lo = udm_uldap.access(host = ucr.get('ldap/server/name'), base = ucr.get('ldap/base'), port = int(ucr.get('ldap/server/port', '7389')), binddn = self.__user_dn, bindpw = self.__password, follow_referral=True) # try to open the user object userObj = udm_objects.get(users_module, None, lo, self.po, self.__user_dn) if not userObj: raise udm_errors.noObject() userObj.open() return userObj except udm_errors.noObject as e: CORE.warn('Failed to open UDM user object for user %s' % (self.__username)) except (udm_errors.base, ldap.LDAPError) as e: CORE.warn('Failed to open UDM user object %s: %s' % (self.__user_dn, e)) return None
def __init__( self, userdn = None, password = None, host = 'localhost', base = None, start_tls = 2, access = None, format = True ): self._cached = {} self._modules = {} self._policies = {} self._format = format self._bc = ub.baseConfig() self._bc.load() self.__reverse = {} if not base: self._base = self._bc[ 'ldap/base' ] else: self._base = base self._position = ua_ldap.position( self._base ) if access: self._access = access else: self._access = ua_ldap.access( host = host, base = self._base, binddn = userdn, bindpw = password, start_tls = start_tls ) ua_modules.update() self._config = ua_config.config( host = host )
def wrapper_func( *args, **kwargs ): global _ldap_connection, _ldap_position, _user_dn, _password, _licenseCheck if _ldap_connection is not None: MODULE.info( 'Using open LDAP connection for user %s' % _user_dn ) lo = _ldap_connection po = _ldap_position else: MODULE.info( 'Opening LDAP connection for user %s' % _user_dn ) try: lo = udm_uldap.access( host = ucr.get( 'ldap/master' ), base = ucr.get( 'ldap/base' ), binddn = _user_dn, bindpw = _password ) # license check (see also univention.admin.uldap.access.bind()) if not GPLversion: try: _licenseCheck = univention.admin.license.init_select(lo, 'admin') if _licenseCheck in range(1, 5) or _licenseCheck in range(6,12): lo.allow_modify = 0 if _licenseCheck is not None: lo.requireLicense() except univention.admin.uexceptions.licenseInvalid: lo.allow_modify = 0 lo.requireLicense() except univention.admin.uexceptions.licenseNotFound: lo.allow_modify = 0 lo.requireLicense() except univention.admin.uexceptions.licenseExpired: lo.allow_modify = 0 lo.requireLicense() except univention.admin.uexceptions.licenseWrongBaseDn: lo.allow_modify = 0 lo.requireLicense() po = udm_uldap.position( lo.base ) except udm_errors.noObject, e: raise e except LDAPError, e: raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) )
except LDAPError, e: raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) ) kwargs[ 'ldap_connection' ] = lo kwargs[ 'ldap_position' ] = po try: ret = func( *args, **kwargs ) _ldap_connection = lo _ldap_position = po return ret except (udm_errors.ldapSizelimitExceeded, udm_errors.ldapTimeout), e: raise e except ( LDAPError, udm_errors.base ), e: MODULE.info( 'LDAP operation for user %s has failed' % _user_dn ) try: lo = udm_uldap.access( host = ucr.get( 'ldap/master' ), base = ucr.get( 'ldap/base' ), binddn= _user_dn, bindpw = _password ) lo.requireLicense() po = udm_uldap.position( lo.base ) except udm_errors.noObject, e: raise e except ( LDAPError, udm_errors.base ), e: raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) ) kwargs[ 'ldap_connection' ] = lo kwargs[ 'ldap_position' ] = po try: ret = func( *args, **kwargs ) _ldap_connection = lo _ldap_position = po return ret except (udm_errors.ldapSizelimitExceeded, udm_errors.ldapTimeout), e: