def get_ldap_connection(pwdfile=False, start_tls=2, decode_ignorelist=None, admin_uldap=False):
if decode_ignorelist is None:
decode_ignorelist = []
ucr = univention.config_registry.ConfigRegistry()
ucr.load()
port = int(ucr.get('ldap/server/port', 7389))
binddn = ucr.get('tests/domainadmin/account', 'uid=Administrator,cn=users,%s' % ucr['ldap/base'])
bindpw = None
ldapServers = []
if ucr['ldap/server/name']:
ldapServers.append(ucr['ldap/server/name'])
if ucr['ldap/servers/addition']:
ldapServers.extend(ucr['ldap/server/addition'].split())
if pwdfile:
with open(ucr['tests/domainadmin/pwdfile']) as f:
bindpw = f.read().strip('\n')
else:
bindpw = ucr['tests/domainadmin/pwd']
for ldapServer in ldapServers:
try:
lo = uldap.access(host=ldapServer, port=port, base=ucr['ldap/base'], binddn=binddn, bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, follow_referral=True)
if admin_uldap:
lo = access(lo=lo)
return lo
except ldap.SERVER_DOWN():
pass
raise ldap.SERVER_DOWN()
def get_ldap_connection(admin_uldap=False, primary=False):
# type: (Optional[bool], Optional[bool]) -> access
ucr = UCR
ucr.load()
if primary:
port = int(ucr.get('ldap/master/port', 7389))
ldap_servers = [ucr['ldap/master']]
else:
port = int(ucr.get('ldap/server/port', 7389))
ldap_servers = []
if ucr['ldap/server/name']:
ldap_servers.append(ucr['ldap/server/name'])
if ucr['ldap/servers/addition']:
ldap_servers.extend(ucr['ldap/server/addition'].split())
creds = UCSTestDomainAdminCredentials()
for ldap_server in ldap_servers:
try:
lo = uldap.access(host=ldap_server,
port=port,
base=ucr['ldap/base'],
binddn=creds.binddn,
bindpw=creds.bindpw,
start_tls=2,
decode_ignorelist=[],
follow_referral=True)
if admin_uldap:
lo = access(lo=lo)
return lo
except ldap.SERVER_DOWN:
pass
raise ldap.SERVER_DOWN()
def main():
usage = "usage: %prog [options]"
parser = optparse.OptionParser(usage=usage, description=__doc__)
parser.add_option("-f",
"--filter",
help="resync objects from master found by this filter")
parser.add_option("-r",
"--remove",
action="store_true",
help="remove objects in local database before resync")
parser.add_option("-s",
"--simulate",
action="store_true",
help="dry run, do not remove or add")
opts, args = parser.parse_args()
ucr = univention.config_registry.ConfigRegistry()
ucr.load()
base = ucr.get("ldap/base")
binddn = "cn=update,%s" % base
with open("/etc/ldap/rootpw.conf", "r") as fh:
for line in fh:
line = line.strip()
if line.startswith('rootpw '):
bindpw = line[7:].strip('"')
break
else:
exit(1)
if not opts.filter:
opts.filter = '(uid=%s$)' % ucr['hostname']
# get local and master connection
local = uldap.access(binddn=binddn,
bindpw=bindpw,
start_tls=0,
host="localhost",
port=389)
if ucr.get("server/role", "") == "domaincontroller_backup":
master = uldap.getAdminConnection()
else:
master = uldap.getMachineConnection(ldap_master=True)
# delete local
if opts.remove:
res = local.search(base=base, filter=opts.filter)
for dn, data in res:
print("remove from local: %s" % (dn, ))
if not opts.simulate:
local.delete(dn)
# resync from master
res = master.search(base=base, filter=opts.filter)
for dn, data in res:
print("resync from master: %s" % (dn, ))
if not opts.simulate:
local.add(dn, ldap.modlist.addModlist(data))