Exemplo n.º 1
0
 def __init__(self,
              userdn=None,
              password=None,
              host='localhost',
              base=None,
              start_tls=2,
              access=None,
              format=None):
     self._cached = {}
     self._modules = {}
     self._policies = {}
     self._format = format
     self._bc = ConfigRegistry()
     self._bc.load()
     self.__reverse = {}
     if not base:
         self._base = self._bc['ldap/base']
     else:
         self._base = base
     self._position = ua_ldap.position(self._base)
     if access:
         self._access = access
     else:
         self._access = ua_ldap.access(host=host,
                                       base=self._base,
                                       binddn=userdn,
                                       bindpw=password,
                                       start_tls=start_tls)
     ua_modules.update()
Exemplo n.º 2
0
	def open_ldap_connection(self, binddn=None, bindpw=None, ldap_server=None, admin=False, machine=False):
		'''Opens a new LDAP connection using the given user LDAP DN and
		password. The connection is established to the given server or
		(if None is given) to the server defined by the UCR variable
		ldap/server/name is used.
		If admin is set to True, a connection is setup by getAdminConnection().
		If machine is set to True, a connection to the master is setup by getMachoneConnection().
		'''

		assert not (admin and machine)

		account = utils.UCSTestDomainAdminCredentials()
		if not ldap_server:
			ldap_server = self._ucr.get('ldap/master')
		port = int(self._ucr.get('ldap/server/port', 7389))

		try:
			if admin:
				lo = udm_uldap.getAdminConnection()[0]
			elif machine:
				lo = udm_uldap.getMachineConnection(ldap_master=True)[0]
			else:
				lo = udm_uldap.access(host=ldap_server, port=port, base=self._ucr.get('ldap/base'), binddn=account.binddn, bindpw=account.bindpw, start_tls=2)
		except udm_errors.noObject:
			raise
		except LDAPError as exc:
			raise SchoolLDAPError('Opening LDAP connection failed: %s' % (exc,))

		return lo
Exemplo n.º 3
0
def get_ldap_connection(pwdfile=False, start_tls=2, decode_ignorelist=None, admin_uldap=False):
    if decode_ignorelist is None:
        decode_ignorelist = []
    ucr = univention.config_registry.ConfigRegistry()
    ucr.load()

    port = int(ucr.get('ldap/server/port', 7389))
    binddn = ucr.get('tests/domainadmin/account', 'uid=Administrator,cn=users,%s' % ucr['ldap/base'])
    bindpw = None
    ldapServers = []
    if ucr['ldap/server/name']:
        ldapServers.append(ucr['ldap/server/name'])
    if ucr['ldap/servers/addition']:
        ldapServers.extend(ucr['ldap/server/addition'].split())

    if pwdfile:
        with open(ucr['tests/domainadmin/pwdfile']) as f:
            bindpw = f.read().strip('\n')
    else:
        bindpw = ucr['tests/domainadmin/pwd']

    for ldapServer in ldapServers:
        try:
            lo = uldap.access(host=ldapServer, port=port, base=ucr['ldap/base'], binddn=binddn, bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, follow_referral=True)
            if admin_uldap:
                lo = access(lo=lo)
            return lo
        except ldap.SERVER_DOWN():
            pass
    raise ldap.SERVER_DOWN()
Exemplo n.º 4
0
def get_ldap_connection(admin_uldap=False, primary=False):
    # type: (Optional[bool], Optional[bool]) -> access
    ucr = UCR
    ucr.load()

    if primary:
        port = int(ucr.get('ldap/master/port', 7389))
        ldap_servers = [ucr['ldap/master']]
    else:
        port = int(ucr.get('ldap/server/port', 7389))
        ldap_servers = []
        if ucr['ldap/server/name']:
            ldap_servers.append(ucr['ldap/server/name'])
        if ucr['ldap/servers/addition']:
            ldap_servers.extend(ucr['ldap/server/addition'].split())

    creds = UCSTestDomainAdminCredentials()

    for ldap_server in ldap_servers:
        try:
            lo = uldap.access(host=ldap_server,
                              port=port,
                              base=ucr['ldap/base'],
                              binddn=creds.binddn,
                              bindpw=creds.bindpw,
                              start_tls=2,
                              decode_ignorelist=[],
                              follow_referral=True)
            if admin_uldap:
                lo = access(lo=lo)
            return lo
        except ldap.SERVER_DOWN:
            pass
    raise ldap.SERVER_DOWN()
Exemplo n.º 5
0
 def __testPosixDisabled(self, passwd):
     if not self.posix:
         return
     try:
         master = self.bc("ldap/master")
         ldap = uldap.access(binddn=self.dn, bindpw=passwd, host=master, base=self.dn)
         raise AccountEnabledError(self, "posix")
     except uex.authFail:
         pass
Exemplo n.º 6
0
 def open_ldap(self):
     ldap_host = self.changeset.ucr["ldap/master"]
     ldap_base = self.changeset.ucr["ldap/base"]
     self.ldap = uldap.access(
         host=ldap_host,
         base=ldap_base,
         binddn=self.binddn,
         bindpw=self.bindpwd,
     )
     self.position = uldap.position(ldap_base)
Exemplo n.º 7
0
def get_connection(userdn, password):
    port = int(ucr_get('ldap/master/port', '7389'))
    host = ucr_get('ldap/master')
    base = ucr_get('ldap/base')
    lo = base_access(host=host,
                     port=port,
                     base=base,
                     binddn=userdn,
                     bindpw=password)
    lo = access(lo=lo)
    pos = position(lo.base)
    return lo, pos
Exemplo n.º 8
0
 def __testPosixDisabled(self, passwd):
     if not self.posix:
         return
     try:
         master = self.bc('ldap/master')
         ldap = uldap.access(binddn=self.dn,
                             bindpw=passwd,
                             host=master,
                             base=self.dn)
         raise AccountEnabledError(self, 'posix')
     except uex.authFail:
         pass
Exemplo n.º 9
0
	def __initAccess(self):
		baseDN = self.bc('ldap/base')
		master = self.bc('ldap/master')
		binddn = self.__options['binddn']
		bindpw = self.__options['bindpw']
		tls = self.__options.get('tls', 2)
		try:
			return uldap.access(host = master, base = baseDN,
					    binddn = binddn, bindpw = bindpw,
					    start_tls = tls)
		except uex.authFail:
			# TODO: handle authentication failure
			return None
Exemplo n.º 10
0
    def lo(self):
        """
		LDAP connection object.

		:return: univention.admin.uldap.access object
		"""
        if not self._lo:
            ldap_credentials = self._get_ldap_credentials()
            if not ldap_credentials:
                raise ListenerModuleRuntimeError(
                    'LDAP connection of listener module {!r} has not yet been initialized.'
                    .format(self.config.get_name()))
            self._lo = access(**ldap_credentials)
        return self._lo
Exemplo n.º 11
0
 def __initAccess(self):
     baseDN = self.bc('ldap/base')
     master = self.bc('ldap/master')
     binddn = self.__options['binddn']
     bindpw = self.__options['bindpw']
     tls = self.__options.get('tls', 2)
     try:
         return uldap.access(host=master,
                             base=baseDN,
                             binddn=binddn,
                             bindpw=bindpw,
                             start_tls=tls)
     except uex.authFail:
         # TODO: handle authentication failure
         return None
Exemplo n.º 12
0
def get_user_connection(userdn, password):
	__init_users_module()
	ucr.load()

	try:
		# open an LDAP connection with the user password and credentials
		return udm_uldap.access(
			host=ucr.get('ldap/server/name'),
			base=ucr.get('ldap/base'),
			port=int(ucr.get('ldap/server/port', 7389)),
			binddn=userdn,
			bindpw=password,
			follow_referral=True
		), udm_uldap.position(ucr.get('ldap/base'))
	except (udm_errors.base, LDAPError) as exc:
		CORE.warn('Failed to get ldap connection for UDM user object %s: %s' % (userdn, exc))
		return None, None
Exemplo n.º 13
0
	def _get_user_obj(self):
		try:
			# make sure that the UDM users/user module could be initiated
			if not users_module:
				raise udm_errors.base('UDM module users/user could not be initiated')

			# open an LDAP connection with the user password and credentials
			lo = udm_uldap.access(host = ucr.get('ldap/server/name'), base = ucr.get('ldap/base'), port = int(ucr.get('ldap/server/port', '7389')), binddn = self.__user_dn, bindpw = self.__password, follow_referral=True)

			# try to open the user object
			userObj = udm_objects.get(users_module, None, lo, self.po, self.__user_dn)
			if not userObj:
				raise udm_errors.noObject()
			userObj.open()
			return userObj
		except udm_errors.noObject as e:
			CORE.warn('Failed to open UDM user object for user %s' % (self.__username))
		except (udm_errors.base, ldap.LDAPError) as e:
			CORE.warn('Failed to open UDM user object %s: %s' % (self.__user_dn, e))
		return None
Exemplo n.º 14
0
	def __init__( self, userdn = None, password = None, host = 'localhost', base = None, start_tls = 2, access = None, format = True ):
		self._cached = {}
		self._modules = {}
		self._policies = {}
		self._format = format
		self._bc = ub.baseConfig()
		self._bc.load()
		self.__reverse = {}
		if not base:
			self._base = self._bc[ 'ldap/base' ]
		else:
			self._base = base
		self._position = ua_ldap.position( self._base )
		if access:
			self._access = access
		else:
			self._access = ua_ldap.access(  host = host, base = self._base,
											binddn = userdn, bindpw = password, start_tls = start_tls )
		ua_modules.update()
		self._config = ua_config.config( host = host )
Exemplo n.º 15
0
	def wrapper_func( *args, **kwargs ):
		global _ldap_connection, _ldap_position, _user_dn, _password, _licenseCheck

		if _ldap_connection is not None:
			MODULE.info( 'Using open LDAP connection for user %s' % _user_dn )
			lo = _ldap_connection
			po = _ldap_position
		else:
			MODULE.info( 'Opening LDAP connection for user %s' % _user_dn )
			try:
				lo = udm_uldap.access( host = ucr.get( 'ldap/master' ), base = ucr.get( 'ldap/base' ), binddn = _user_dn, bindpw = _password )

				# license check (see also univention.admin.uldap.access.bind())
				if not GPLversion:
					try:
						_licenseCheck = univention.admin.license.init_select(lo, 'admin')
						if _licenseCheck in range(1, 5) or _licenseCheck in range(6,12):
							lo.allow_modify = 0
						if _licenseCheck is not None:
							lo.requireLicense()
					except univention.admin.uexceptions.licenseInvalid:
						lo.allow_modify = 0
						lo.requireLicense()
					except univention.admin.uexceptions.licenseNotFound:
						lo.allow_modify = 0
						lo.requireLicense()
					except univention.admin.uexceptions.licenseExpired:
						lo.allow_modify = 0
						lo.requireLicense()
					except univention.admin.uexceptions.licenseWrongBaseDn:
						lo.allow_modify = 0
						lo.requireLicense()

				po = udm_uldap.position( lo.base )
			except udm_errors.noObject, e:
				raise e
			except LDAPError, e:
				raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) )
Exemplo n.º 16
0
			except LDAPError, e:
				raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) )

		kwargs[ 'ldap_connection' ] = lo
		kwargs[ 'ldap_position' ] = po
		try:
			ret = func( *args, **kwargs )
			_ldap_connection = lo
			_ldap_position = po
			return ret
		except (udm_errors.ldapSizelimitExceeded, udm_errors.ldapTimeout), e:
			raise e
		except ( LDAPError, udm_errors.base ), e:
			MODULE.info( 'LDAP operation for user %s has failed' % _user_dn )
			try:
				lo = udm_uldap.access( host = ucr.get( 'ldap/master' ), base = ucr.get( 'ldap/base' ), binddn= _user_dn, bindpw = _password )
				lo.requireLicense()
				po = udm_uldap.position( lo.base )
			except udm_errors.noObject, e:
				raise e
			except ( LDAPError, udm_errors.base ), e:
				raise LDAP_ConnectionError( 'Opening LDAP connection failed: %s' % str( e ) )

			kwargs[ 'ldap_connection' ] = lo
			kwargs[ 'ldap_position' ] = po
			try:
				ret = func( *args, **kwargs )
				_ldap_connection = lo
				_ldap_position = po
				return ret
			except (udm_errors.ldapSizelimitExceeded, udm_errors.ldapTimeout), e: