def get_registration_attributes(self):
ucr.load()
property_ids = ['PasswordRecoveryEmail', 'password']
for id_ in [attr.strip() for attr in ucr.get('umc/self-service/account-registration/udm_attributes', '').split(',') if attr.strip()]:
if id_ not in property_ids:
property_ids.append(id_)
lo, po = get_machine_connection()
users_mod = UDM_Module('users/user', True, lo, po)
properties = {prop['id']: prop for prop in users_mod.properties(None)}
not_existing = set(property_ids) - set(properties.keys())
properties = {k: v for (k, v) in properties.items() if 'dynamicValues' not in v and 'udm' not in v['type']} # filter out not supported props
not_supported = set(property_ids) - set(properties.keys()) - not_existing
if 'PasswordRecoveryEmail' in properties:
properties['PasswordRecoveryEmail']['label'] = _('Email')
properties['PasswordRecoveryEmail']['description'] = ''
self._update_required_attr_of_props_for_registration(properties)
properties = [properties[id_] for id_ in property_ids if id_ in properties]
if not_existing:
MODULE.warn("get_registration_attributes(): the following attributes defined by umc/self-service/account-registration/udm_attributes do not exist on users/user: {}".format(", ".join(not_existing)))
if not_supported:
MODULE.warn("get_registration_attributes(): the following attributes defined by umc/self-service/account-registration/udm_attributes are not supported: {}".format(", ".join(not_supported)))
return {
'widget_descriptions': properties,
'layout': [prop['id'] for prop in properties],
}
def usersmod(self):
if not self._usersmod:
univention.admin.modules.update()
self._usersmod = univention.admin.modules.get('users/user')
if not self._usersmod.initialized:
lo, po = get_machine_connection()
univention.admin.modules.init(lo, po, self._usersmod)
return self._usersmod
def get_udm_user_by_dn(self, userdn, admin=False): if admin: lo, po = get_admin_connection() else: lo, po = get_machine_connection() user = self.usersmod.object(None, lo, po, userdn) user.open() return user
def get_udm_user(self, username, admin=False):
filter_s = filter_format('(|(uid=%s)(mailPrimaryAddress=%s))',
(username, username))
base = ucr["ldap/base"]
lo, po = get_machine_connection()
dn = lo.searchDn(filter=filter_s, base=base)[0]
return self.get_udm_user_by_dn(dn, admin=admin)
def get_all_hosts(lo=None, ucr=None):
if lo is None:
lo = get_machine_connection(write=False)[0]
if lo is None:
return []
return get_hosts(domaincontroller_master, lo, ucr) + \
get_hosts(domaincontroller_backup, lo, ucr) + \
get_hosts(domaincontroller_slave, lo, ucr) + \
get_hosts(memberserver, lo, ucr)
def get_udm_user_dn(self, userdn, admin=False):
if admin:
lo, po = get_admin_connection()
else:
lo, po = get_machine_connection()
univention.admin.modules.update()
if self.usersmod is None:
self.usersmod = univention.admin.modules.get("users/user")
univention.admin.modules.init(lo, po, self.usersmod)
user = self.usersmod.object(None, lo, po, userdn)
user.open()
return user
def __canonicalize_username(self, username):
try:
lo, po = get_machine_connection(write=False)
result = None
if lo:
attr = 'mailPrimaryAddress' if '@' in username else 'uid'
result = lo.search(filter_format('(&(%s=%s)(objectClass=person))', (attr, username)), attr=['uid'], unique=True)
if result and result[0][1].get('uid'):
username = result[0][1]['uid'][0]
AUTH.info('Canonicalized username: %r' % (username,))
except (ldap.LDAPError, udm_errors.ldapError) as exc:
# /etc/machine.secret missing or LDAP server not reachable
AUTH.warn('Canonicalization of username was not possible: %s' % (exc,))
reset_cache()
except:
AUTH.error('Canonicalization of username failed: %s' % (traceback.format_exc(),))
finally: # ignore all exceptions, even in except blocks
return username
def query(self):
udm_modules.update()
lo, po = get_machine_connection()
servers = udm_modules.lookup(
'computers/computer',
None,
lo,
filter=
'(&(|(objectClass=univentionDomainController)(objectClass=univentionMemberServer))(!(univentionObjectFlag=docker)))',
base=ucr['ldap/base'],
scope='sub')
result = [
dict(
dn=i.dn,
hostname=i.info.get('name'),
domain=i.info.get('domain'),
ip=i.info.get('ip'),
version=i.info.get('operatingSystemVersion'),
serverRole=i.info.get('serverRole'),
) for i in servers
]
return result
def get_schoolinfo_master(self, school):
"""
Fetches LDAP information from master about specified OU.
This function assumes that the given arguments have already been validated!
"""
school_name = school
try:
lo, po = get_machine_connection(write=True)
school = School.from_dn(School(name=school_name).dn, None, lo)
except noObject:
exists = False
class_share_server = None
home_share_server = None
educational_slaves = []
administrative_slaves = []
except ldap.SERVER_DOWN:
raise # handled via UMC
except ldap.LDAPError as exc:
MODULE.warn('LDAP error during receiving school info: %s' % (exc,))
raise UMC_Error(_('The LDAP connection to the master system failed.'))
else:
exists = True
class_share_server = school.class_share_file_server
home_share_server = school.home_share_file_server
educational_slaves = [SchoolDCSlave.from_dn(dn, None, lo).name for dn in school.educational_servers]
administrative_slaves = [SchoolDCSlave.from_dn(dn, None, lo).name for dn in school.administrative_servers]
return {
'exists': exists,
'school': school_name,
'classShareServer': class_share_server,
'homeShareServer': home_share_server,
'educational_slaves': educational_slaves,
'administrative_slaves': administrative_slaves,
}
