def check_domain(self, username, password, ad_server_address, mode):
ad_domain_info = {}
try:
if mode == 'admember':
admember.check_server_role()
ad_domain_info = admember.lookup_adds_dc(ad_server_address)
ad_server_ip = ad_domain_info['DC IP']
if mode == 'admember':
admember.check_domain(ad_domain_info)
admember.check_connection(ad_domain_info, username, password)
admember.check_ad_account(ad_domain_info, username, password)
except admember.invalidUCSServerRole as exc: # check_server_role()
MODULE.warn('Failure: %s' % exc)
raise UMC_Error(
_('The AD member mode can only be configured on a DC master server.'
))
except admember.failedADConnect as exc: # lookup_adds_dc()
MODULE.warn('Failure: %s' % exc)
raise UMC_Error(
_('Could not connect to AD Server %s. Please verify that the specified address is correct. (%s)'
) % (ad_server_address, 'check_domain: %s' % (exc, )))
except admember.domainnameMismatch as exc: # check_domain()
MODULE.warn('Failure: %s' % exc)
raise UMC_Error(
_('The domain name of the AD Server (%(ad_domain)s) does not match the local UCS domain name (%(ucs_domain)s). For the AD member mode, it is necessary to setup a UCS system with the same domain name as the AD Server.'
) % {
'ad_domain': ad_domain_info.get("Domain"),
'ucs_domain': ucr['domainname']
})
except admember.connectionFailed as exc: # check_connection()
MODULE.warn('Failure: %s' % exc)
raise UMC_Error(
_('Could not connect to AD Server %s. Please verify that username and password are correct. (Details:\n%s)'
) % (ad_domain_info.get('DC DNS Name'), exc))
except admember.notDomainAdminInAD as exc: # check_ad_account()
MODULE.warn('Failure: %s' % exc)
raise UMC_Error(
_('The given user is not member of the Domain Admins group in Active Directory. This is a requirement for the Active Directory domain join.'
))
# final info dict that is returned... replace spaces in the keys with '_'
MODULE.info('Preparing info dict...')
info = dict([(key.replace(' ', '_'), value)
for key, value in ad_domain_info.iteritems()])
info['ssl_supported'] = admember.server_supports_ssl(ad_server_ip)
# try to get binddn
info['LDAP_BindDN'] = get_ad_binddn_from_name(info['LDAP_Base'],
ad_server_ip, username,
password)
MODULE.info(str(info))
return info
def check_credentials_ad(nameserver, address, username, password):
try:
ad_domain_info = lookup_adds_dc(address, ucr={'nameserver1': nameserver})
check_connection(ad_domain_info, username, password)
do_time_sync(address)
check_ad_account(ad_domain_info, username, password)
except failedADConnect:
# Not checked... no AD!
raise UMC_Error(_('The connection to the Active Directory server failed. Please recheck the address.'))
except connectionFailed:
# checked: failed!
raise UMC_Error(_('The connection to the Active Directory server was refused. Please recheck the password.'))
except notDomainAdminInAD: # check_ad_account()
# checked: Not a Domain Administrator!
raise UMC_Error(_("The given user is not member of the Domain Admins group in Active Directory. This is a requirement for the Active Directory domain join."))
else:
return ad_domain_info['Domain']