def needed_objectclasses(self, entry):
dont_remove = ["organizationalPerson", "univentionPerson"]
schema_attrs = ldap.schema.SCHEMA_ATTRS
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 0)
ldap._trace_level = 0
subschemasubentry_dn, schema = ldap.schema.urlfetch("%s/cn=subschema", self.uri)
if subschemasubentry_dn is None:
univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "No sub schema sub entry found!")
return None
needed_oc = []
for attr_type, schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items():
if attr_type == "objectClasses":
for element_id in schema.listall(schema_class):
se_orig = schema.get_obj(schema_class, element_id)
attributes = se_orig.may + se_orig.must
for i in range(0, len(se_orig.names)):
if se_orig.names[i] in entry["objectClass"] and not se_orig.names[i] in needed_oc:
for j in attributes:
if (j in res[0][1] or j in dont_remove) and not se_orig.names[i] in needed_oc:
needed_oc.append(se_orig.names[i])
return needed_oc
def list_classes(uri):
subschemasubentry_dn, schema = ldap.schema.urlfetch(uri)
schema_reverse = ldap.schema.SubSchema(schema.ldap_entry())
ocs = ldap.schema.SCHEMA_CLASS_MAPPING['objectclasses']
for element_id in schema.listall(ocs):
obj = schema.get_obj(ocs, element_id)
print("%s - %s" % (obj.names[0], obj.desc or "no description"))
def list_classes(uri): # pragma: nocover
subschemasubentry_dn, schema = ldap.schema.urlfetch(uri.encode('ascii'))
schema_reverse = ldap.schema.SubSchema(schema.ldap_entry())
ocs = ldap.schema.SCHEMA_CLASS_MAPPING['objectclasses']
for element_id in schema.listall(ocs):
obj = schema.get_obj(ocs, element_id)
print("%s - %s" % (obj.names[0], obj.desc or "no description"))
def needed_objectclasses(self, entry):
dont_remove = ['organizationalPerson', 'univentionPerson']
schema_attrs = ldap.schema.SCHEMA_ATTRS
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 0)
ldap._trace_level = 0
subschemasubentry_dn, schema = ldap.schema.urlfetch(
'%s/cn=subschema', self.uri)
if subschemasubentry_dn is None:
univention.debug.debug(univention.debug.LDAP,
univention.debug.INFO,
'No sub schema sub entry found!')
return None
needed_oc = []
for attr_type, schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items(
):
if attr_type == 'objectClasses':
for element_id in schema.listall(schema_class):
se_orig = schema.get_obj(schema_class, element_id)
attributes = se_orig.may + se_orig.must
for i in range(0, len(se_orig.names)):
if se_orig.names[i] in entry[
'objectClass'] and not se_orig.names[
i] in needed_oc:
for j in attributes:
if (j in res[0][1] or j in dont_remove
) and not se_orig.names[i] in needed_oc:
needed_oc.append(se_orig.names[i])
return needed_oc
if html_output:
print("""<html>
<head>
<title>Object class tree</title>
</head>
<body bgcolor="#ffffff">
<h1>Object class tree</h1>
<dl>
""")
HTMLSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0)
print("""</dl>
<h1>Attribute type tree</h1>
<dl>
""")
for a in schema.listall(ldap.schema.AttributeType):
if at_tree[a]:
HTMLSchemaTree(schema,ldap.schema.AttributeType,at_tree,a,0)
print
print("""</dl>
</body>
</html>
""")
else:
print('*** Object class tree ***\n')
print
PrintSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0)
subschemasubentry_dn,schema = ldap.schema.urlfetch(sys.argv[-1])
if subschemasubentry_dn is None:
print('No sub schema sub entry found!')
sys.exit(1)
if schema.non_unique_oids:
print('*** Schema errors ***')
print('non-unique OIDs:\n','\r\n'.join(schema.non_unique_oids))
print('*** Schema from',repr(subschemasubentry_dn))
# Display schema
for attr_type,schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items():
print('*'*20,attr_type,'*'*20)
for element_id in schema.listall(schema_class):
se_orig = schema.get_obj(schema_class,element_id)
print(attr_type,str(se_orig))
print('*** Testing object class inetOrgPerson ***')
drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink')
if not drink is None:
print('*** drink ***')
print('drink.names',repr(drink.names))
print('drink.collective',repr(drink.collective))
inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson')
if not inetOrgPerson is None:
print(inetOrgPerson.must,inetOrgPerson.may)
print('*** person,organizationalPerson,inetOrgPerson ***')
if html_output:
print ("""<html>
<head>
<title>Object class tree</title>
</head>
<body bgcolor="#ffffff">
<h1>Object class tree</h1>
<dl>
""")
HTMLSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0)
print ("""</dl>
<h1>Attribute type tree</h1>
<dl>
""")
for a in schema.listall(ldap.schema.AttributeType):
if at_tree[a]:
HTMLSchemaTree(schema,ldap.schema.AttributeType,at_tree,a,0)
print()
print ("""</dl>
</body>
</html>
""")
else:
print ('*** Object class tree ***\n')
print()
PrintSchemaTree(schema,ldap.schema.ObjectClass,oc_tree,'2.5.6.0',0)
subschemasubentry_dn, schema = ldap.schema.urlfetch(sys.argv[-1])
if subschemasubentry_dn is None:
print('No sub schema sub entry found!')
sys.exit(1)
if schema.non_unique_oids:
print('*** Schema errors ***')
print('non-unique OIDs:\n', '\r\n'.join(schema.non_unique_oids))
print('*** Schema from', repr(subschemasubentry_dn))
# Display schema
for attr_type, schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items():
print('*' * 20, attr_type, '*' * 20)
for element_id in schema.listall(schema_class):
se_orig = schema.get_obj(schema_class, element_id)
print(attr_type, str(se_orig))
print('*** Testing object class inetOrgPerson ***')
drink = schema.get_obj(ldap.schema.AttributeType, 'favouriteDrink')
if not drink is None:
print('*** drink ***')
print('drink.names', repr(drink.names))
print('drink.collective', repr(drink.collective))
inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass, 'inetOrgPerson')
if not inetOrgPerson is None:
print(inetOrgPerson.must, inetOrgPerson.may)
print('*** person,organizationalPerson,inetOrgPerson ***')
"""
recursive. returns all attributes for a objectClass object down the hierarchy
"""
attrs.extend(oc.may + oc.must)
for oc_name in oc.sup:
sup_oc = schema.get_obj(ldap.schema.ObjectClass, oc_name)
getAttrs(sup_oc, attrs)
return attrs
def addAttrs(*ocnames):
return tuple(itertools.chain(*[hubocnames_and_attrs[name] for name in ocnames]))
isHubOC = lambda oc: oc.names[0].startswith("hub")
all_ocs = [schema.get_obj(ldap.schema.ObjectClass, oid) for oid in schema.listall(ldap.schema.ObjectClass)]
all_attrs = [schema.get_obj(ldap.schema.AttributeType, oid) for oid in schema.listall(ldap.schema.AttributeType)]
multivalue_attrs = tuple(itertools.chain(*[x.names for x in all_attrs if not x.single_value]))
hub_ocs = [oc for oc in all_ocs if isHubOC(oc)]
hub_ocs = all_ocs
hubocnames_and_attrs = dict([(oc.names[0], tuple(getAttrs(oc, []))) for oc in hub_ocs])
# aux_attrs_and_ocnames = dict([(hubocnames_and_attrs[oc.names[0]], oc.names[0]) for oc in hub_ocs if oc.kind == 2])
oc_entries = dict([(oc.names[0], (oc.names + oc.sup)) for oc in hub_ocs])
conn.unbind_s()
del all_ocs, conn, isHubOC, schema, all_attrs
def getLocalUserDNFromUid(conn, uid):
gdn = globaluserdn % uid
def get_att(name,password,host):
#if __name__=='__main__':
url = ldapurl.LDAPUrl('ldap://', host+':389', '', name)
ldap_server = ldap.initialize('ldap://'+host+':389')
ldap_server.bind_s(name, password)
subentrydn = ldap_server.search_subschemasubentry_s()
entry = ldap_server.read_subschemasubentry_s(subentrydn,url.attrs)
schema = None
attributes = {}
objectclass = {}
if subentrydn!=None:
schema = ldap.schema.SubSchema(entry)
attlist = schema.listall(ldap.schema.AttributeType)
for item in attlist:
a = schema.get_obj(ldap.schema.AttributeType, item)
attnamelist = a.names
for att in attnamelist:
attributes[att.lower()] = {"DESC": a.desc,
"SINGLE": a.single_value,
"SYNTAX": a.syntax,
"NAME": att,
"COLLECTIVE": a.collective,
"EQUALITY": a.equality,
"OBSOLETE": a.obsolete,
"OID": a.oid,
"ORDERING": a.ordering, "SUP": a.sup,
"SYNTAX_LEN": a.syntax_len,
"USAGE": a.usage}
objlist = schema.listall(ldap.schema.ObjectClass)
for oids in objlist:
a = schema.get_obj(ldap.schema.ObjectClass, oids)
kind = ""
if a.kind == 0:
kind = "STRUCTURAL"
if a.kind == 1:
kind = "ABSTRACT"
if a.kind == 2:
kind = "AUXILIARY"
desc = ""
if a.desc != None:
desc = a.desc
must = []
if len(a.must) != 0:
must = a.must
may = []
if len(a.may) != 0:
may = a.may
sup = []
for item in a.sup:
if item.lower() != 'top':
sup.append(item.lower())
numericoid = ""
if a.oid != None:
numericoid = a.oid
for name in a.names:
objectclass[name] = {"DESC":desc,"MUST":must,"MAY": may,"NAME": name,"KIND":kind,"SUP":sup,"OID": numericoid}
else:
schema = None
#print attributes
ldap_server.unbind()
return objectclass
class WorkerThreadFetch(threading.Thread):
# TODO MOVE THIS TO LUMACONNECTION
def __init__(self, serverMeta):
threading.Thread.__init__(self)
self.serverMeta = serverMeta
self.ldapConnection = None
self.FINISHED = False
self.exceptionObject = None
self.objectClassesDict = {}
self.attributeDict = {}
self.syntaxDict = {}
self.matchingDict = {}
def run(self):
try:
urlschemeVal = "ldap"
if self.serverMeta.encryptionMethod == ServerEncryptionMethod.SSL:
urlschemeVal = "ldaps"
whoVal = None
credVal = None
if not (self.serverMeta.bindAnon):
whoVal = self.serverMeta.bindDN
credVal = self.serverMeta.bindPassword
url = ldapurl.LDAPUrl(urlscheme=urlschemeVal,
hostport=self.serverMeta.hostname + ":" +
str(self.serverMeta.port),
dn=self.serverMeta.baseDN,
who=whoVal,
cred=credVal)
self.ldapServerObject = ldap.initialize(url.initializeUrl())
self.ldapServerObject.protocol_version = 3
# Check whether we want to validate the server certificate.
validateMethod = ldap.OPT_X_TLS_DEMAND
if self.serverMeta.checkServerCertificate == ServerCheckCertificate.Demand:
validateMethod = ldap.OPT_X_TLS_DEMAND
elif self.serverMeta.checkServerCertificate == ServerCheckCertificate.Never:
validateMethod = ldap.OPT_X_TLS_NEVER
elif self.serverMeta.checkServerCertificate == ServerCheckCertificate.Try:
validateMethod = ldap.OPT_X_TLS_TRY
elif self.serverMeta.checkServerCertificate == ServerCheckCertificate.Allow:
validateMethod = ldap.OPT_X_TLS_ALLOW
encryption = False
if self.serverMeta.encryptionMethod == ServerEncryptionMethod.SSL:
encryption = True
elif self.serverMeta.encryptionMethod == ServerEncryptionMethod.TLS:
encryption = True
if encryption:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, validateMethod)
#self.ldapServerObject.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, validateMethod)
# If we're going to present client certificates, this must be set as an option
if self.serverMeta.useCertificate and encryption:
try:
self.ldapServerObject.set_option(
ldap.OPT_X_TLS_CERTFILE,
self.serverMeta.clientCertFile)
self.ldapServerObject.set_option(
ldap.OPT_X_TLS_KEYFILE,
self.serverMeta.clientCertKeyfile)
except Exception, e:
message = "Certificate error. Reason:\n"
message += "Could not set client certificate and certificate keyfile. "
message += str(e)
#TODO LOGGING
print "Error:", message, "in ObjectClassAttributeInfo.WorkerThreadFetch"
print "TODO - proper logging/error-handling"
#environment.logMessage(LogObject("Error,",message))
if self.serverMeta.encryptionMethod == ServerEncryptionMethod.TLS:
self.ldapServerObject.start_tls_s()
# Enable Alias support
if self.serverMeta.followAliases:
self.ldapServerObject.set_option(ldap.OPT_DEREF,
ldap.DEREF_ALWAYS)
if self.serverMeta.bindAnon:
self.ldapServerObject.simple_bind()
elif self.serverMeta.authMethod == ServerAuthMethod.Simple:
self.ldapServerObject.simple_bind_s(whoVal, credVal)
elif not self.serverMeta == ServerAuthMethod.Simple:
sasl_cb_value_dict = {}
if not self.serverMeta.authMethod == ServerAuthMethod.SASL_GSSAPI:
sasl_cb_value_dict[ldap.sasl.CB_AUTHNAME] = whoVal
sasl_cb_value_dict[ldap.sasl.CB_PASS] = credVal
sasl_mech = None
if self.serverMeta.authMethod == ServerAuthMethod.SASL_PLAIN:
sasl_mech = "PLAIN"
elif self.serverMeta.authMethod == ServerAuthMethod.SASL_CRAM_MD5:
sasl_mech = "CRAM-MD5"
elif self.serverMeta.authMethod == ServerAuthMethod.SASL_DIGEST_MD5:
sasl_mech = "DIGEST-MD5"
elif self.serverMeta.authMethod == ServerAuthMethod.SASL_LOGIN:
sasl_mech = "LOGIN"
elif self.serverMeta.authMethod == ServerAuthMethod.SASL_GSSAPI:
sasl_mech = "GSSAPI"
elif self.serverMeta.authMethod == ServerAuthMethod.SASL_EXTERNAL:
sasl_mech = "EXTERNAL"
sasl_auth = ldap.sasl.sasl(sasl_cb_value_dict, sasl_mech)
# If python-ldap has no support for SASL, it doesn't have
# sasl_interactive_bind_s as a method.
try:
if "EXTERNAL" == sasl_mech:
#url = ldapurl.LDAPUrl(urlscheme="ldapi",
# hostport = self.serverMeta.host.replace("/", "%2f"),
# dn = self.serverMeta.baseDN)
url = "ldapi://" + self.serverMeta.hostname.replace(
"/", "%2F").replace(",", "%2C")
#self.ldapServerObject = ldap.initialize(url.initializeUrl())
self.ldapServerObject = ldap.initialize(url)
self.ldapServerObject.protocol_version = 3
# Enable Alias support
if self.serverMeta.followAliases:
self.ldapServerObject.set_option(
ldap.OPT_DEREF, ldap.DEREF_ALWAYS)
self.ldapServerObject.sasl_interactive_bind_s(
"", sasl_auth)
except AttributeError, e:
self.result = False
self.exceptionObject = e
self.FINISHED = True
return
#subschemasubentry_dn = self.ldapServerObject.search_subschemasubentry_s(url.dn)
subschemasubentry_dn = self.ldapServerObject.search_subschemasubentry_s(
)
if subschemasubentry_dn is None:
subschemasubentry_entry = None
else:
if url.attrs is None:
schema_attrs = SCHEMA_ATTRS
else:
schema_attrs = url.attrs
subschemasubentry_entry = self.ldapServerObject.read_subschemasubentry_s(
subschemasubentry_dn, attrs=schema_attrs)
self.ldapServerObject.unbind_s()
schema = None
if subschemasubentry_dn != None:
schema = ldap.schema.SubSchema(subschemasubentry_entry)
else:
schema = None
# get objectclass information
oidList = schema.listall(ldap.schema.ObjectClass)
for x in oidList:
y = schema.get_obj(ldap.schema.ObjectClass, x)
# detect kind of objectclass
kind = ""
if 0 == y.kind:
kind = "STRUCTURAL"
elif 1 == y.kind:
kind = "ABSTRACT"
elif 2 == y.kind:
kind = "AUXILIARY"
# name of objectclass
desc = ""
if not (y.desc == None):
desc = y.desc
# must attributes of the objectclass
must = []
if not (len(y.must) == 0):
must = y.must
# may attributes of the objectclass
may = []
if not (len(y.may) == 0):
may = y.may
# parents of the objectclass
# beware that not the whole class chain is given. only
# the first class above the current
parents = []
for parent in y.sup:
# filter out objectclass top. all classes are
# derived from top
if not ("top" == parent.lower()):
parents.append(parent.lower())
oid = ""
if not (y.oid == None):
oid = y.oid
# store values for each name the current class has.
# IMPORTANT: the key is always lowercase
for name in y.names:
self.objectClassesDict[name.lower()] = {
"DESC": desc,
"MUST": must,
"MAY": may,
"NAME": name,
"KIND": kind,
"PARENTS": parents,
"OID": oid
}
# get attribute information
oidList = schema.listall(ldap.schema.AttributeType)
for x in oidList:
y = schema.get_obj(ldap.schema.AttributeType, x)
nameList = y.names
for z in nameList:
self.attributeDict[z.lower()] = {
"DESC": y.desc,
"SINGLE": y.single_value,
"SYNTAX": y.syntax,
"NAME": z,
"COLLECTIVE": y.collective,
"EQUALITY": y.equality,
"OBSOLETE": y.obsolete,
"OID": y.oid,
"ORDERING": y.ordering,
"SUP": y.sup,
"SYNTAX_LEN": y.syntax_len,
"USAGE": y.usage
}
# get syntax information
oidList = schema.listall(ldap.schema.LDAPSyntax)
for x in oidList:
y = schema.get_obj(ldap.schema.LDAPSyntax, x)
self.syntaxDict[x] = {"DESC": y.desc, "OID": y.oid}
# get matching information
oidList = schema.listall(ldap.schema.MatchingRule)
for x in oidList:
y = schema.get_obj(ldap.schema.MatchingRule, x)
for z in y.names:
self.matchingDict[z.lower()] = {
"DESC": y.desc,
"OID": y.oid,
"OBSOLETE": y.obsolete,
"SYNTAX": y.syntax,
"NAME": z
}
self.FINISHED = True
