def do_explode_dn(self, argstr): """Explode DN. usage: explode_dn dn """ if not argstr: print "error: No DN specified" print ldap.explode_dn(argstr)
def swap(self): """Make the conflict entry the real valid entry. Delete old valid entry, and rename the conflict """ # Get the conflict entry info conflict_value = self.get_attr_val_utf8('nsds5ReplConflict') entry_dn = conflict_value.split(' ', 2)[2] entry_rdn = ldap.explode_dn(entry_dn, 1)[0] # Gather the RDN details rdn_attr = entry_dn.split('=', 1)[0] new_rdn = "{}={}".format(rdn_attr, entry_rdn) tmp_rdn = new_rdn + 'tmp' # Delete valid entry and its children (to be replaced by conflict entry) original_entry = DSLdapObject(self._instance, dn=entry_dn) original_entry._protected = False filterstr = "(|(objectclass=*)(objectclass=ldapsubentry))" ents = self._instance.search_s(original_entry._dn, ldap.SCOPE_SUBTREE, filterstr, escapehatch='i am sure') for ent in sorted(ents, key=lambda e: len(e.dn), reverse=True): self._instance.delete_ext_s(ent.dn, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure') # Rename conflict entry to tmp rdn so we can clean up the rdn attr self.rename(tmp_rdn, deloldrdn=False) # Cleanup entry self.remove(rdn_attr, entry_rdn) if self.present('objectclass', 'ldapsubentry'): self.remove('objectclass', 'ldapsubentry') self.remove_all('nsds5ReplConflict') # Rename to the final/correct rdn self.rename(new_rdn, deloldrdn=True)
def rename(self, new_rdn, newsuperior=None, deloldrdn=True): """Renames the object within the tree. If you provide a newsuperior, this will move the object in the tree. If you only provide a new_rdn, it stays in the same branch, but just changes the rdn. Note, if you use newsuperior, you may move this object outside of the scope of the related DSLdapObjects manager, which may cause it not to appear in .get() requests. :param new_rdn: RDN of the new entry :type new_rdn: str :param newsuperior: New parent DN :type newsuperior: str """ # When we are finished with this, we need to update our DN # To do this, we probably need to search the new rdn as a filter, # and the superior as the base (if it changed) if self._protected: return self._instance.rename_s(self._dn, new_rdn, newsuperior, serverctrls=self._server_controls, clientctrls=self._client_controls, delold=deloldrdn, escapehatch='i am sure') if newsuperior is not None: # Well, the new DN should be rdn + newsuperior. self._dn = '%s,%s' % (new_rdn, newsuperior) else: old_dn_parts = ldap.explode_dn(self._dn) # Replace the rdn old_dn_parts[0] = new_rdn self._dn = ",".join(old_dn_parts) assert self.exists()
def cleanDN(self, dnString): tmpList = [] for x in ldap.explode_dn(dnString): tmpList.append(self.escape_dn_chars(x)) return ",".join(tmpList)
def getusers_searchbase(self, config, data): for ldapuser in data: self.count += 1 ldapuser = ldapuser[1] try: firstname = ldapuser[config.ldap_attrs['firstname']][0] lastname = ldapuser[config.ldap_attrs['lastname']][0] username = ldap_get_username(config.ldap_attrs['username'], config.google_apps_domain, ldapuser) if 'userAccountControl' in config.ldap_attrs and config.ldap_exclude_disabled: # AD uses the second bit of userAccountControl to indicate a disabled account. if 2 & int(ldapuser[config.ldap_attrs['userAccountControl']][0]): print "disabled: %s %s,%s" % (username, lastname, firstname) continue # drop the timezone portion of whenChanged (example: '20110526184938.0Z' -> '20110526184938' whenchanged = ldapuser[config.ldap_attrs['whenchanged']][0].split('.')[0] ous = ['/'] if 'ous' in config.ldap_attrs: ous = ldap.explode_dn(ldapuser[config.ldap_attrs['ous']][0].lower()) ous = map(lambda x: x[3:], filter(lambda x: re.match('ou=', x), ous)) ous.reverse() #sys.stdout.write("%s %s %s: " % (ldapuser['givenName'][0], ldapuser['sn'][0], ldapuser['sAMAccountName'][0])) except KeyError, inst: print "exception: %s:%s" % (type(inst), inst) print ldapuser continue except AssertionError, inst: print "exception: %s:%s" % (type(inst), inst) print ldapuser continue
def get_name_from_dn(cls, dn): if dn: try: name = explode_dn(dn, 1)[0] except ldap.DECODING_ERROR: name = '' return cls._meta.ldap_unmap_function([name])
def udm_remove_dns_record_object(module, object_dn): superordinate = ",".join(ldap.explode_dn(object_dn)[1:]) cmd = [ '/usr/sbin/udm-test', module, 'remove', '--dn', object_dn, '--superordinate', superordinate ] return subprocess.call(cmd)
def move(self, dn, new_parent, new_rdn=None): """ Move and/or rename an LDAP entry. """ if not new_rdn: new_rdn = ldap.explode_dn(dn)[0] self.ldap_handle.rename_s(dn, new_rdn, newsuperior=new_parent, delold=1)
def comment_by_query(jira_instance, query, comment, cc_to_manager, ldap_server, basedn): """Adds a comment to tickets of the specified epic that are in the TODO state. and adds a CC to the users manager""" print("Add Comment to tickets in query results") for issue in jira_instance.search_issues(query, maxResults=400): assignee = issue.fields.assignee.key if cc_to_manager: # this is here because it is only required for this part of this # function. So it is not a requirement for the whole script import ldap l = ldap.initialize(ldap_server) l_filter = "uid=%s" % assignee l_attr = ["manager"] l_scope = ldap.SCOPE_SUBTREE ldap_result_id = l.search(basedn, l_scope, l_filter, l_attr) # only expecting a single result per query result_type, result_data = l.result(ldap_result_id, 0) if result_data: manager_dn = result_data[0][1]["manager"][0] manager = ldap.explode_dn(manager_dn)[0].split("=")[1] newcomment = "CC: [~%s]\n\n%s" % \ (manager, comment) else: newcomment = comment jira_instance.add_comment(issue.key, newcomment)
def open(self): univention.admin.handlers.simpleLdap.open(self) if self.dn: self['name'] = ldap.explode_dn(self.dn, 1)[0] self['dnsForwardZone'] = '' self['dnsReverseZone'] = '' forward = self.lo.searchDn( base=self.dn, scope='domain', filter= '(&(objectClass=dNSZone)(relativeDomainName=@)(!(zoneName=*.in-addr.arpa)))' ) for f in forward: self['dnsForwardZone'].append(f) reverse = self.lo.searchDn( base=self.dn, scope='domain', filter= '(&(objectClass=dNSZone)(relativeDomainName=@)(zoneName=*.in-addr.arpa))' ) for r in reverse: self['dnsReverseZone'].append(r) if not 'krb5Realm' in self.oldattr.get('objectClass', []): iself._remove_option('kerberos')
def normalizeDN(dn, usespace=False): # not great, but will do until we use a newer version of python-ldap # that has DN utilities ary = ldap.explode_dn(dn.lower()) joinstr = "," if usespace: joinstr = ", " return joinstr.join(ary)
def computerdn(dn1,dn2): """return the rdn part of dn1 based on dn2""" a=ldap.explode_dn(dn1) b=ldap.explode_dn(dn2) if b=="": return dn1 l_a=len(a) l_b=len(b) if l_a<l_b: raise RdnError, "Lenth of base dn is longer than the compared one." if a[l_a-l_b:]==b: if l_a!=l_b: return reduce(lambda x,y:x+", "+y, a[:l_a-l_b]) else: return "" else: raise RdnError, "The dn is mismatch."
def computerdn(dn1, dn2): """return the rdn part of dn1 based on dn2""" a = ldap.explode_dn(dn1) b = ldap.explode_dn(dn2) if b == "": return dn1 l_a = len(a) l_b = len(b) if l_a < l_b: raise RdnError, "Lenth of base dn is longer than the compared one." if a[l_a - l_b:] == b: if l_a != l_b: return reduce(lambda x, y: x + ", " + y, a[:l_a - l_b]) else: return "" else: raise RdnError, "The dn is mismatch."
def __split_s4_dn(dn): # split zone dn = ldap.explode_dn(dn) # split the DC= from the zoneName zoneName = string.join(dn[1].split('=')[1:], '=') relativeDomainName = string.join(dn[0].split('=')[1:], '=') return (zoneName, relativeDomainName)
def __split_s4_dn(dn): # split zone dn=ldap.explode_dn(dn) # split the DC= from the zoneName zoneName=string.join(dn[1].split('=')[1:], '=') relativeDomainName=string.join(dn[0].split('=')[1:], '=') return (zoneName, relativeDomainName)
def getdn(self, section, option): """ Like get, but interpret the value as a LDAP DN, and sanitize it by removing the extra spaces. If the value is not a valid DN, a ldap.LDAPError exception will be raised. """ return ",".join(ldap.explode_dn(self.get(section, option)))
def explode_dn(self, dn, notypes=0): """ Indirection to avoid need for importing ldap elsewhere """ exploded = [] for dn_part in ldap.explode_dn(dn, notypes): if isinstance(dn_part, six.text_type): exploded.append(dn_part.encode('UTF-8')) else: exploded.append(dn_part) return exploded
def normalizedn(self, dn): """ normalizedn Returns ------- string """ explodeddn = ldap.explode_dn(dn) return string.join(explodeddn, ',')
def __init__(self, db, dn, attributes): AbstractResultEntry.__init__(self, db) self.name = dn self.attributes = attributes # Get the tag explodeddn = ldap.explode_dn(dn) rdn = explodeddn[0] matchobj = _Att.match(rdn) if matchobj is None: raise IndexError(InvalidEntryName + dn) self.tag = matchobj.group(1)
def __init__(self, db, dn, attributes): AbstractResultEntry.__init__(self, db) self.name = dn self.attributes = attributes # Get the tag explodeddn = ldap.explode_dn(dn) rdn = explodeddn[0] matchobj = _Att.match(rdn) if matchobj is None: raise IndexError, InvalidEntryName + dn self.tag = matchobj.group(1)
def explode_dn(dn, charset='utf-8'): """ Wrapper function for explode_dn() which returns [] for a zero-length DN """ if not dn: return [] if type(dn) == UnicodeType: dn = dn.encode(charset) dn_list = ldap.explode_dn(dn.strip()) if dn_list and dn_list != ['']: return [unicode(dn.strip(), charset) for dn in dn_list] else: return []
def open(self): univention.admin.handlers.simpleLdap.open(self) if self.exists(): self['name'] = ldap.explode_dn(self.dn, 1)[0] self['dnsForwardZone'] = '' self['dnsReverseZone'] = '' forward = self.lo.searchDn(base=self.dn, scope='domain', filter='(&(objectClass=dNSZone)(relativeDomainName=@)(!(zoneName=*.in-addr.arpa)))') for f in forward: self['dnsForwardZone'].append(f) reverse = self.lo.searchDn(base=self.dn, scope='domain', filter='(&(objectClass=dNSZone)(relativeDomainName=@)(zoneName=*.in-addr.arpa))') for r in reverse: self['dnsReverseZone'].append(r)
def getParcPrinters (self, parc): """ Return a list of all parc's printers """ printers = [] dnList = self.__search (self.__parcsRdn, "(&(cn=%s)(objectClass=groupOfNames))" \ % parc, "member") defaultPrinterDnList = \ self.__search (self.__parcsRdn, "(&(cn=%s)(objectClass=groupOfNames))" \ % parc, "owner") if len ((defaultPrinterDnList)): defaultPrinter = ldap.explode_dn (defaultPrinterDnList[0], 1)[0] else: defaultPrinter = "" for dn in dnList: rdnList = ldap.explode_dn (dn, 1) if rdnList[1] == "Printers": if rdnList[0] == defaultPrinter: printers.insert (0, defaultPrinter) else: printers.append (rdnList[0]) return printers
def do_cd(self, argstr): """Change default location in directory.""" if argstr: args = split_args(argstr) dn = args[0] if args[0] == "..": dn_comps = ldap.explode_dn(self.dn) dn = ",".join(dn_comps[1:]) self.dn = dn elif args[0] == ".": return else: dn = self.get_dn(dn) self.dn = dn self.prompt = "ldapsh %s> " % dn
def getObjFromDataset(self, dn): # Get the parent dataset explodeddn = ldap.explode_dn(dn) dsetdn = string.join(explodeddn[1:],',') # Dataset node is parent of variable dset = self.getDataset(dsetdn) rdn = explodeddn[0] matchobj = _Att.match(rdn) if matchobj is None: raise CDMSError, InvalidEntryName + dn tag, id = matchobj.groups() # Get the correct dictionary for this tag dict = dset.dictdict[tag] obj = dict[id] return obj
def getObjFromDataset(self, dn): # Get the parent dataset explodeddn = ldap.explode_dn(dn) # Dataset node is parent of variable dsetdn = string.join(explodeddn[1:], ',') dset = self.getDataset(dsetdn) rdn = explodeddn[0] matchobj = _Att.match(rdn) if matchobj is None: raise CDMSError(InvalidEntryName + dn) tag, id = matchobj.groups() # Get the correct dictionary for this tag dict = dset.dictdict[tag] obj = dict[id] return obj
def open(self): univention.admin.handlers.simpleLdap.open(self) if self.dn: self['name']=ldap.explode_dn(self.dn,1)[0] self['dnsForwardZone']='' self['dnsReverseZone']='' forward=self.lo.searchDn(base=self.dn, scope='domain', filter='(&(objectClass=dNSZone)(relativeDomainName=@)(!(zoneName=*.in-addr.arpa)))') for f in forward: self['dnsForwardZone'].append(f) reverse=self.lo.searchDn(base=self.dn, scope='domain', filter='(&(objectClass=dNSZone)(relativeDomainName=@)(zoneName=*.in-addr.arpa))') for r in reverse: self['dnsReverseZone'].append(r) if not 'krb5Realm' in self.oldattr.get('objectClass', []): iself._remove_option('kerberos')
def addouent(ds,dn): pdns = [dn] while len(pdns) > 0: dn = pdns.pop() ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') try: ds.add_s(ent) print "added entry", ent.dn except ldap.ALREADY_EXISTS: continue except ldap.NO_SUCH_OBJECT: pdns.append(dn) rdns = ldap.explode_dn(dn) pdn = ','.join(rdns[1:]) pdns.append(pdn) except Exception, e: print "Could not add entry", ent.dn, str(e) raise e
def addouent(ds, dn): pdns = [dn] while len(pdns) > 0: dn = pdns.pop() ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') try: ds.add_s(ent) print "added entry", ent.dn except ldap.ALREADY_EXISTS: continue except ldap.NO_SUCH_OBJECT: pdns.append(dn) rdns = ldap.explode_dn(dn) pdn = ','.join(rdns[1:]) pdns.append(pdn) except Exception, e: print "Could not add entry", ent.dn, str(e) raise e
def create(self, rdn=None, properties=None, basedn=None): """Create the link entry, and the mapping tree entry(if needed) """ # Create chaining entry super(ChainingLink, self).create(rdn, properties, basedn) # Create mapping tree entry dn_comps = ldap.explode_dn(properties['nsslapd-suffix'][0]) parent_suffix = ','.join(dn_comps[1:]) mt_properties = { 'cn': properties['nsslapd-suffix'][0], 'nsslapd-state': 'backend', 'nsslapd-backend': properties['cn'][0], 'nsslapd-parent-suffix': parent_suffix } try: self._mts.ensure_state(properties=mt_properties) except ldap.ALREADY_EXISTS: pass
def get_users(self, l, key, keyword): """ Get all members of a given groupname returns a list of uids """ base = group_base(self) scope = ldap.SCOPE_SUBTREE filter = key + "=" + "*" + keyword + "*" retrieve_attributes = ('uniqueMember', ) count = 0 result_set = [] timeout = 0 try: result_id = l.search(base, scope, filter, retrieve_attributes) while l: result_type, result_data = l.result(result_id, timeout) if (result_data == []): break else: if result_type == ldap.RES_SEARCH_ENTRY: result_set.append(result_data) if len(result_set) == 0: print "No Results." uids = [] #print "len",len(result_set) uids = [] for i in range(len(result_set)): for entry in result_set[i]: try: for member in entry[1]['uniqueMember']: uid = ldap.explode_dn(member, notypes=1)[0] #print uid uids.append(uid) count = count + 1 except: pass except ldap.LDAPError, error_message: print error_message
def getadminport(cfgconn, cfgdn, args): """Return a 2-tuple (asport, True) if the admin server is using SSL, False otherwise. Get the admin server port so we can contact it via http. We get this from the configuration entry using the CFGSUFFIX and cfgconn. Also get any other information we may need from that entry. """ asport = 0 secure = False if cfgconn: dn = cfgdn if 'admin_domain' in args: dn = "cn=%s,ou=%s, %s" % ( args[SER_HOST], args['admin_domain'], cfgdn) filt = "(&(objectclass=nsAdminServer)(serverHostName=%s)" % args[ SER_HOST] if 'sroot' in args: filt += "(serverRoot=%s)" % args['sroot'] filt += ")" ent = cfgconn.getEntry( dn, ldap.SCOPE_SUBTREE, filt, ['serverRoot']) if ent: if 'sroot' not in args and ent.serverRoot: args['sroot'] = ent.serverRoot if 'admin_domain' not in args: ary = ldap.explode_dn(ent.dn, 1) args['admin_domain'] = ary[-2] dn = "cn=configuration, " + ent.dn ent = cfgconn.getEntry(dn, ldap.SCOPE_BASE, '(objectclass=*)', ['nsServerPort', 'nsSuiteSpotUser', 'nsServerSecurity']) if ent: asport = ent.nsServerPort secure = (ent.nsServerSecurity and ( ent.nsServerSecurity == 'on')) if 'newuserid' not in args: args['newuserid'] = ent.nsSuiteSpotUser cfgconn.unbind() return asport, secure
def __init__(self, dn, attrs=None, connection=None, isNew=0): self.id=ldap.explode_dn(dn)[0] #split the DN into a list. self.dn=dn #Our actually unique ID in tree self._p_jar=None #actually, the connection self._setConnection(None) if attrs is None and connection is not None: self._init(connection) elif attrs and connection is not None: self._data=attrs self._p_jar=connection self._setConnection(connection) else: self._data={} self._isNew=isNew if isNew: get_transaction().register(self) self._registered=1 self._isDeleted=0 #deletion flag self._clearSubentries() self._mod_delete=[]
def __init__(self, dn, attrs=None, connection=None, isNew=0): self.id = ldap.explode_dn(dn)[0] #split the DN into a list. self.dn = dn #Our actually unique ID in tree self._p_jar = None #actually, the connection self._setConnection(None) if attrs is None and connection is not None: self._init(connection) elif attrs and connection is not None: self._data = attrs self._p_jar = connection self._setConnection(connection) else: self._data = {} self._isNew = isNew if isNew: transaction.get().register(self) self._registered = 1 self._isDeleted = 0 #deletion flag self._clearSubentries() self._mod_delete = []
def getusers_searchbase(self, config, data): for ldapuser in data: self.count += 1 ldapuser = ldapuser[1] try: firstname = ldapuser[config.ldap_attrs['firstname']][0] lastname = ldapuser[config.ldap_attrs['lastname']][0] username = ldap_get_username(config.ldap_attrs['username'], config.google_apps_domain, ldapuser) if 'userAccountControl' in config.ldap_attrs and config.ldap_exclude_disabled: # AD uses the second bit of userAccountControl to indicate a disabled account. if 2 & int(ldapuser[ config.ldap_attrs['userAccountControl']][0]): print "disabled: %s %s,%s" % (username, lastname, firstname) continue # drop the timezone portion of whenChanged (example: '20110526184938.0Z' -> '20110526184938' whenchanged = ldapuser[ config.ldap_attrs['whenchanged']][0].split('.')[0] ous = ['/'] if 'ous' in config.ldap_attrs: ous = ldap.explode_dn( ldapuser[config.ldap_attrs['ous']][0].lower()) ous = map(lambda x: x[3:], filter(lambda x: re.match('ou=', x), ous)) ous.reverse() #sys.stdout.write("%s %s %s: " % (ldapuser['givenName'][0], ldapuser['sn'][0], ldapuser['sAMAccountName'][0])) except KeyError, inst: print "exception: %s:%s" % (type(inst), inst) print ldapuser continue except AssertionError, inst: print "exception: %s:%s" % (type(inst), inst) print ldapuser continue
def convert(self, new_rdn): """Convert conflict entry to a valid entry, but we need to give the conflict entry a new rdn since we are not replacing the existing valid counterpart entry. """ if not is_a_dn(new_rdn): raise ValueError("The new RDN (" + new_rdn + ") is not a valid DN") # Get the conflict entry info conflict_value = self.get_attr_val_utf8('nsds5ReplConflict') entry_dn = conflict_value.split(' ', 2)[2] entry_rdn = ldap.explode_dn(entry_dn, 1)[0] rdn_attr = entry_dn.split('=', 1)[0] # Rename conflict entry self.rename(new_rdn, deloldrdn=False) # Cleanup entry self.remove(rdn_attr, entry_rdn) if self.present('objectclass', 'ldapsubentry'): self.remove('objectclass', 'ldapsubentry') self.remove_all('nsds5ReplConflict')
def do_ls(self, argstr): """Display list of entries. usage: ls [location] location defaults to current location """ if not self.conn: print "Not bound to directory." return dn = self.dn if argstr: args = split_args(argstr) if len(args): dn = args[0] try: result = self.conn.search_s(dn, ldap.SCOPE_ONELEVEL, "objectclass=*") for entry in result: rdns = ldap.explode_dn(entry[0]) dn_index = self.cache_dn(entry[0]) print "%d %s" % (dn_index, rdns[0]) except LDAPError, e: print "error:", sys.exc_type, e
def __init__(self, dn, attrs=None, connection=None, isNew=0): self.id = ldap.explode_dn(dn)[0] # Split the DN into a list. self.dn = dn # Our actually unique ID in tree self.__connection = None if attrs is None and connection is not None: # We have no passed in attributes, but we do have a connection # to get them from. self._init(connection) elif attrs and connection is not None: # Attributes were passed in, so we don't need to go to our # connection to retrieve them self._data = attrs self.__connection = connection else: # We're totally blank and disconnected self._data = {} self._isNew = isNew if isNew: pass # XXX need to handle creation here self._isDeleted = 0 # Deletion flag self.__subentries = {} # subentries self._mod_delete = []
def activate(): """ this function define if the module "base" can be activated. @return: return True if this module can be activate @rtype: boolean """ config = SambaConfig("samba") if config.disabled: logger.info("samba plugin disabled by configuration.") return False if config.defaultSharesPath: if config.defaultSharesPath.endswith("/"): logger.error("Trailing / is not allowed in defaultSharesPath") return False if not os.path.exists(config.defaultSharesPath): logger.error("The default shares path '%s' does not exist" % config.defaultSharesPath) return False for cpath in config.authorizedSharePaths: if cpath.endswith("/"): logger.error("Trailing / is not allowed in authorizedSharePaths") return False if not os.path.exists(cpath): logger.error("The authorized share path '%s' does not exist" % cpath) return False # Verify if samba conf file exist conf = config.samba_conf_file if not os.path.exists(conf): logger.error(conf + " does not exist") return False # validate smb.conf smbconf = SambaConf() if not smbconf.validate(conf): logger.error("SAMBA configuration file is not valid") return False # For each share, test if it sharePath exists for share in getDetailedShares(): shareName = share[0] infos = shareInfo(shareName) if infos: sharePath = infos['sharePath'] if sharePath and not '%' in sharePath and not os.path.exists( sharePath): # only show error logger.error("The samba share path '%s' does not exist." % sharePath) else: return False try: ldapObj = ldapUserGroupControl() except ldap.INVALID_CREDENTIALS: logger.error("Can't bind to LDAP: invalid credentials.") return False # Test if the Samba LDAP schema is available in the directory try: schema = ldapObj.getSchema("sambaSamAccount") if len(schema) <= 0: logger.error("Samba schema is not included in LDAP directory") return False except: logger.exception("invalid schema") return False # Verify if init script exist init = config.samba_init_script if not os.path.exists(init): logger.error(init + " does not exist") return False # If SAMBA is defined as a PDC, make extra checks if smbconf.isPdc(): samba = SambaLDAP() # Create SAMBA computers account OU if it doesn't exist head, path = samba.baseComputersDN.split(",", 1) ouName = head.split("=")[1] samba.addOu(ouName, path) # Check that a sambaDomainName entry is in LDAP directory domainInfos = samba.getDomain() # Set domain policy samba.setDomainPolicy() if not domainInfos: logger.error( "Can't find sambaDomainName entry in LDAP for domain %s. Please check your SAMBA LDAP configuration." % smbconf.getContent("global", "workgroup")) return False smbconfbasesuffix = smbconf.getContent("global", "ldap suffix") if not smbconfbasesuffix: logger.error("SAMBA 'ldap suffix' option is not setted.") return False if ldap.explode_dn(samba.baseDN) != ldap.explode_dn(smbconfbasesuffix): logger.error( "SAMBA 'ldap suffix' option is not equal to MMC 'baseDN' option." ) return False # Check that SAMBA and MMC given OU are in sync for option in [ ("ldap user suffix", "baseUsersDN", samba.baseUsersDN), ("ldap group suffix", "baseGroupsDN", samba.baseGroupsDN), ("ldap machine suffix", "baseComputersDN", samba.baseComputersDN) ]: smbconfsuffix = smbconf.getContent("global", option[0]) if not smbconfsuffix: logger.error("SAMBA '" + option[0] + "' option is not setted") return False # Do a case insensitive comparison of the corresponding MMC / SAMBA options if ldap.explode_rdn(smbconfsuffix)[0].lower() != ldap.explode_rdn( option[2])[0].lower(): logger.error("SAMBA option '" + option[0] + "' is not equal to MMC '" + option[1] + "' option.") return False # Check that "ldap delete dn" SAMBA option is set to "No" smbconfdeletedn = smbconf.isValueTrue( smbconf.getContent("global", "ldap delete dn")) if smbconfdeletedn == 1: logger.error("SAMBA option 'ldap delete dn' must be disabled.") return False # Check that Domain Computers group exists # We need it to put a machine account in the right group when joigning it to the domain if not samba.getDomainComputersGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Computers' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Admins group exists if not samba.getDomainAdminsGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Admins' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Guests group exists if not samba.getDomainGuestsGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Guests' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Users group exists if not samba.getDomainUsersGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Users' group. Please check your SAMBA LDAP configuration." ) return False # Check that add machine script option is set, and that the given script exist addMachineScript = smbconf.getContent("global", "add machine script") if not addMachineScript: logger.error("SAMBA 'add machine script' option is not set.") return False else: script = addMachineScript.split(" ")[0] if not os.path.exists(script): logger.error( "SAMBA 'add machine script' option is set to a non existing file: " + script) return False # Issue a warning if NSCD is running if os.path.exists("/var/run/nscd.pid") or os.path.exists( "/var/run/.nscd_socket") or os.path.exists("/var/run/nscd"): logger.warning( "Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server." ) # Check that os level is set to 255 oslevel = smbconf.getContent("global", "os level") if int(oslevel) < 255: logger.debug("Set SAMBA os level to 255.") smbconf.setContent("global", "os level", "255") smbconf.save() reloadSamba() try: from mmc.plugins.dashboard.manager import DashboardManager from mmc.plugins.samba.panel import SambaPanel DM = DashboardManager() DM.register_panel(SambaPanel("samba")) except ImportError: pass return True
suffixes = {} srv1.lastnumchanges = {} srv2.lastnumchanges = {} srv1.avgrate = {} srv2.avgrate = {} srv1.count = {} srv2.count = {} repls = {} for dn in agmts1to2: ents = srv1.search_s(dn, ldap.SCOPE_BASE, "objectclass=*", ["nsDS5ReplicaRoot"]) ndn = DSAdmin.normalizeDN(dn) nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot) suffixes[nrr] = dn srv1.lastnumchanges[ndn] = 0 rdns = ldap.explode_dn(dn, 0) ndn = DSAdmin.normalizeDN(",".join(rdns[1:])) repls[ndn] = ndn for dn in agmts2to1: ents = srv2.search_s(dn, ldap.SCOPE_BASE, "objectclass=*", ["nsDS5ReplicaRoot"]) ndn = DSAdmin.normalizeDN(dn) nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot) suffixes[nrr] = dn srv2.lastnumchanges[ndn] = 0 rdns = ldap.explode_dn(dn, 0) ndn = DSAdmin.normalizeDN(",".join(rdns[1:])) repls[ndn] = ndn # for dn in repls.keys(): # for srv in (srv1, srv2): # ents = srv.search_s(dn, ldap.SCOPE_BASE)
shortname = name[:-len(dn)-2]+" +" else: shortname = name print((" %3d. %s" % (len(dnlist), shortname))) dnlist.append(name) elif cmd == "cd": dn = "" dnlist = None elif cmd.startswith("cd "): arg = cmd[3:] if arg == '-': lastdn,dn = dn,lastdn elif arg == '..': dn = ",".join(ldap.explode_dn(dn)[1:]) dn = str.strip(dn) else: try: i = int(arg) except: godn = arg else: if dnlist is None: print ("do an ls first") else: godn = dnlist[i] lastdn = dn dn = godn elif cmd == ".":
print "ds", ds.title, "ad", ad.title retval = False return retval #ds.setLogLevel(0) #ds.setLogLevel(8192) #ds.setLogLevel(65536) subtrees = ((ad,windows_subtree),(ad,active_user_subtree),(ad,deleted_user_subtree), (ds, active_user_cont + "," + usersubtree + ',' + suffix), (ds, deleted_user_cont + "," + usersubtree + ',' + suffix)) for srv,subtree in subtrees: try: ent = Entry(subtree) rdn = ldap.explode_dn(subtree)[0].split('=') if srv == ad: ent.setValues('objectclass', ['top', 'container']) else: ent.setValues('objectclass', ['top', 'nsContainer']) ent.setValues(rdn[0], rdn[1]) srv.add_s(ent) print "Created", subtree, "on", str(srv) except ldap.ALREADY_EXISTS: pass replargs['binddn'] = root2 replargs['bindpw'] = rootpw2 replargs['win_subtree'] = adusersubtree + "," + suffix replargs['ds_subtree'] = usersubtree + ',' + suffix syncinterval = 30 replargs['interval'] = str(syncinterval)
def activate(): """ this function define if the module "base" can be activated. @return: return True if this module can be activate @rtype: boolean """ config = SambaConfig("samba") if config.disabled: logger.info("samba plugin disabled by configuration.") return False if config.defaultSharesPath: if config.defaultSharesPath.endswith("/"): logger.error("Trailing / is not allowed in defaultSharesPath") return False if not os.path.exists(config.defaultSharesPath): logger.error("The default shares path '%s' does not exist" % config.defaultSharesPath) return False for cpath in config.authorizedSharePaths: if cpath.endswith("/"): logger.error("Trailing / is not allowed in authorizedSharePaths") return False if not os.path.exists(cpath): logger.error("The authorized share path '%s' does not exist" % cpath) return False # Verify if samba conf file exist conf = config.samba_conf_file if not os.path.exists(conf): logger.error(conf + " does not exist") return False # validate smb.conf smbconf = SambaConf() if not smbconf.validate(conf): logger.error("SAMBA configuration file is not valid") return False # For each share, test if it sharePath exists for share in getDetailedShares(): shareName = share[0] infos = shareInfo(shareName) if infos: sharePath = infos["sharePath"] if sharePath and not "%" in sharePath and not os.path.exists(sharePath): # only show error logger.error("The samba share path '%s' does not exist." % sharePath) else: return False try: ldapObj = ldapUserGroupControl() except ldap.INVALID_CREDENTIALS: logger.error("Can't bind to LDAP: invalid credentials.") return False # Test if the Samba LDAP schema is available in the directory try: schema = ldapObj.getSchema("sambaSamAccount") if len(schema) <= 0: logger.error("Samba schema is not included in LDAP directory") return False except: logger.exception("invalid schema") return False # Verify if init script exist init = config.samba_init_script if not os.path.exists(init): logger.error(init + " does not exist") return False # If SAMBA is defined as a PDC, make extra checks if smbconf.isPdc(): samba = SambaLDAP() # Create SAMBA computers account OU if it doesn't exist head, path = samba.baseComputersDN.split(",", 1) ouName = head.split("=")[1] samba.addOu(ouName, path) # Check that a sambaDomainName entry is in LDAP directory domainInfos = samba.getDomain() # Set domain policy samba.setDomainPolicy() if not domainInfos: logger.error( "Can't find sambaDomainName entry in LDAP for domain %s. Please check your SAMBA LDAP configuration." % smbconf.getContent("global", "workgroup") ) return False smbconfbasesuffix = smbconf.getContent("global", "ldap suffix") if not smbconfbasesuffix: logger.error("SAMBA 'ldap suffix' option is not setted.") return False if ldap.explode_dn(samba.baseDN) != ldap.explode_dn(smbconfbasesuffix): logger.error("SAMBA 'ldap suffix' option is not equal to MMC 'baseDN' option.") return False # Check that SAMBA and MMC given OU are in sync for option in [ ("ldap user suffix", "baseUsersDN", samba.baseUsersDN), ("ldap group suffix", "baseGroupsDN", samba.baseGroupsDN), ("ldap machine suffix", "baseComputersDN", samba.baseComputersDN), ]: smbconfsuffix = smbconf.getContent("global", option[0]) if not smbconfsuffix: logger.error("SAMBA '" + option[0] + "' option is not setted") return False # Do a case insensitive comparison of the corresponding MMC / SAMBA options if ldap.explode_rdn(smbconfsuffix)[0].lower() != ldap.explode_rdn(option[2])[0].lower(): logger.error("SAMBA option '" + option[0] + "' is not equal to MMC '" + option[1] + "' option.") return False # Check that "ldap delete dn" SAMBA option is set to "No" smbconfdeletedn = smbconf.isValueTrue(smbconf.getContent("global", "ldap delete dn")) if smbconfdeletedn == 1: logger.error("SAMBA option 'ldap delete dn' must be disabled.") return False # Check that Domain Computers group exists # We need it to put a machine account in the right group when joigning it to the domain if not samba.getDomainComputersGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Computers' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Admins group exists if not samba.getDomainAdminsGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Admins' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Guests group exists if not samba.getDomainGuestsGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Guests' group. Please check your SAMBA LDAP configuration." ) return False # Check that Domain Users group exists if not samba.getDomainUsersGroup(): logger.error( "Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Users' group. Please check your SAMBA LDAP configuration." ) return False # Check that add machine script option is set, and that the given script exist addMachineScript = smbconf.getContent("global", "add machine script") if not addMachineScript: logger.error("SAMBA 'add machine script' option is not set.") return False else: script = addMachineScript.split(" ")[0] if not os.path.exists(script): logger.error("SAMBA 'add machine script' option is set to a non existing file: " + script) return False # Issue a warning if NSCD is running if ( os.path.exists("/var/run/nscd.pid") or os.path.exists("/var/run/.nscd_socket") or os.path.exists("/var/run/nscd") ): logger.warning("Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server.") # Check that os level is set to 255 oslevel = smbconf.getContent("global", "os level") if int(oslevel) < 255: logger.debug("Set SAMBA os level to 255.") smbconf.setContent("global", "os level", "255") smbconf.save() reloadSamba() try: from mmc.plugins.dashboard.manager import DashboardManager from mmc.plugins.samba.panel import SambaPanel DM = DashboardManager() DM.register_panel(SambaPanel("samba")) except ImportError: pass return True
def check_single_ldap_setting(self, ldap_config, is_multi_ldap=False): self.print_ldap_setting(ldap_config, is_multi_ldap) # Basic validation check for hue.ini's ldap parameters [desktop] > [[ldap]] err_code = self.check_ldap_params(ldap_config) if not err_code: # Connect to only one LDAP server given in the hue.ini config try: connection = ldap_access.get_connection(ldap_config) except ldap_access.LdapBindException as err: LOG.warn(str(err)) LOG.info(_(ldap_url_msg)) LOG.info(_(bind_dn_msg)) LOG.warn('hints: check bind_dn, bind_password and ldap_url') LOG.warn('ldap_url="%s"' % ldap_config.LDAP_URL.get()) LOG.warn('bind_dn="%s"' % ldap_config.BIND_DN.get()) err_code = 1 except: typ, value, traceback = sys.exc_info() LOG.warn("%s %s" % (typ, value)) LOG.info(_(ldap_url_msg)) LOG.info(_(bind_dn_msg)) LOG.warn('hints: check bind_dn, bind_password and ldap_url') LOG.warn('ldap_url="%s"' % ldap_config.LDAP_URL.get()) LOG.warn('bind_dn="%s"' % ldap_config.BIND_DN.get()) err_code = 1 if err_code: cfg = ldap_access.get_auth(ldap_config) ldapsearch = 'ldapsearch -x -LLL -H {ldap_url} -D "{binddn}" -w "********" -b "" ' \ ' -s base'.format(ldap_url=cfg[0], binddn=cfg[1]) LOG.warn(ldapsearch) self.sys_exit(err_code) LOG.info('LDAP whoami_s() %s' % (connection.ldap_handle.whoami_s())) if ldap_config.TEST_LDAP_USER.get() is not None: err_code = self.find_ldapusers(ldap_config, connection) if err_code: self.sys_exit(err_code) if ldap_config.TEST_LDAP_GROUP.get() is not None: group_dn = None try: group_dn = ldap.explode_dn(ldap_config.TEST_LDAP_GROUP.get()) except: group_dn = None if group_dn is not None: # group DN err_code = self.find_users_of_group(ldap_config, connection) if err_code: self.sys_exit(err_code) err_code = self.find_groups_of_group(ldap_config, connection) if err_code: self.sys_exit(err_code) else: # group name pattern goes as search attribute err_code = self.find_ldapgroups(ldap_config, connection) if err_code: self.sys_exit(err_code) else: LOG.info('Now test further by providing test ldap group in CM') LOG.info('test_ldap_group=somegroupname') LOG.info('test_ldap_group=cn=Administrators,dc=test,dc=com') else: LOG.info('Now test further by providing test ldap user in CM') LOG.info('test_ldap_user=someusername') return err_code
def normalize_dn(dn): result = ldap.explode_dn(dn) return ','.join(result)
def normalizedn(self, dn): explodeddn = ldap.explode_dn(dn) return string.join(explodeddn,',')
shortname = name[:-len(dn)-2]+" +" else: shortname = name print(" %3d. %s" % (len(dnlist), shortname)) dnlist.append(name) elif cmd == "cd": dn = "" dnlist = None elif cmd.startswith("cd "): arg = cmd[3:] if arg == '-': lastdn,dn = dn,lastdn elif arg == '..': dn = string.join(ldap.explode_dn(dn)[1:], ",") dn = dn.strip() else: try: i = int(arg) except: godn = arg else: if dnlist is None: print("do an ls first") else: godn = dnlist[i] lastdn = dn dn = godn elif cmd == ".":
print "title not in sync" print "ds", ds.title, "ad", ad.title retval = False return retval #ds.setLogLevel(0) #ds.setLogLevel(8192) #ds.setLogLevel(65536) windows_subtree = adusersubtree + "," + suffix print "Create adusersubtree entry if missing", windows_subtree try: ents = ad.search_s(windows_subtree, ldap.SCOPE_BASE) except ldap.NO_SUCH_OBJECT: ent = Entry(windows_subtree) rdn = ldap.explode_dn(windows_subtree)[0].split('=') ent.setValues('objectclass', ['top', 'container']) ent.setValues(rdn[0], rdn[1]) ad.add_s(ent) for ii in xrange(1,6): ent = makeADUserEnt(ii) try: ad.add_s(ent) except ldap.ALREADY_EXISTS: print "AD entry", ent.dn, "already exists" setWindowsPwd(ad, ent.dn) kk = ii % len(userAcctVals) mod = [] for attr, val in userAcctVals[kk].iteritems(): mod.append((ldap.MOD_REPLACE, attr, str(val))) ad.modify_s(ent.dn, mod)
def explode_dn(self, dn, notypes=0): """ Indirection to avoid need for importing ldap elsewhere """ return ldap.explode_dn(dn, notypes)