def _alter_udm_obj(self, udm_obj): super(SchoolComputer, self)._alter_udm_obj(udm_obj) inventory_numbers = self.get_inventory_numbers() if inventory_numbers: udm_obj['inventoryNumber'] = inventory_numbers ipv4_network = self.get_ipv4_network() if ipv4_network: if self._ip_is_set_to_subnet(ipv4_network): logger.info( 'IP was set to subnet. Unsetting it on the computer so that UDM can do some magic: Assign next free IP!' ) udm_obj['ip'] = '' else: udm_obj['ip'] = str(ipv4_network.ip) # set network after ip. Otherwise UDM does not do any # nextIp magic... network = self.get_network() if network: # reset network, so that next line triggers free ip udm_obj.old_network = None try: udm_obj['network'] = network.dn except nextFreeIp: logger.error( 'Tried to set IP automatically, but failed! %r is full', network) raise nextFreeIp( _('There are no free addresses left in the subnet!'))
def add_domain_controllers(self, lo): logger.info('School.add_domain_controllers(): ou_name=%r', self.name) school_dcs = ucr.get('ucsschool/ldap/default/dcs', 'edukativ').split() for dc in school_dcs: administrative = dc == 'verwaltung' dc_name = self.get_dc_name(administrative=administrative) server = AnyComputer.get_first_udm_obj(lo, 'cn=%s' % escape_filter_chars(dc_name)) logger.info('School.add_domain_controllers(): administrative=%r dc_name=%s self.dc_name=%r server=%r', administrative, dc_name, self.dc_name, server) if not server and not self.dc_name: if administrative: administrative_type = 'administrative' else: administrative_type = 'educational' group_dn = self.get_administrative_group_name(administrative_type, ou_specific=True, as_dn=True) try: hostlist = lo.get(group_dn, ['uniqueMember']).get('uniqueMember', []) except ldap.NO_SUCH_OBJECT: hostlist = [] except Exception, e: logger.error('cannot read %s: %s', group_dn, e) return if hostlist: continue # if at least one DC has control over this OU then jump to next 'school_dcs' item ==> do not create default slave objects self.create_dc_slave(lo, dc_name, administrative=administrative) dhcp_service = self.get_dhcp_service(dc_name) dhcp_service.create(lo) dhcp_service.add_server(dc_name, lo) return True
def create_without_hooks(self, lo, validate): if self.exists(lo): return False logger.info('Creating %r', self) if validate: self.validate(lo) if self.errors: raise ValidationError(self.errors.copy()) pos = udm_uldap.position(ucr.get('ldap/base')) container = self.position if not container: logger.error('%r cannot determine a container. Unable to create!', self) return False try: pos.setDn(container) udm_obj = udm_modules.get(self._meta.udm_module).object( None, lo, pos, superordinate=self.get_superordinate(lo)) udm_obj.open() # here is the real logic self.do_create(udm_obj, lo) # get it fresh from the database (needed for udm_obj._exists ...) self.set_dn(self.dn) logger.info('%r successfully created', self) return True finally: self.invalidate_cache()
def create_default_groups(self, lo): # DC groups administrative_group_container = 'cn=ucsschool,cn=groups,%s' % ucr.get('ldap/base') # DC-Edukativnetz # OU%s-DC-Edukativnetz # Member-Edukativnetz # OU%s-Member-Edukativnetz administrative_group_names = self.get_administrative_group_name('educational', domain_controller='both', ou_specific='both') if self.shall_create_administrative_objects(): administrative_group_names.extend(self.get_administrative_group_name('administrative', domain_controller='both', ou_specific='both')) # same with Verwaltungsnetz for administrative_group_name in administrative_group_names: group = BasicGroup.cache(name=administrative_group_name, container=administrative_group_container) group.create(lo) # cn=ouadmins admin_group_container = 'cn=ouadmins,cn=groups,%s' % ucr.get('ldap/base') group = BasicGroup.cache(self.group_name('admins', 'admins-'), container=admin_group_container) group.create(lo) group.add_umc_policy(self.get_umc_policy_dn('admins'), lo) try: udm_obj = group.get_udm_object(lo) except noObject: logger.error('Could not load OU admin group %r for adding "school" value', group.dn) else: admin_option = 'ucsschoolAdministratorGroup' if admin_option not in udm_obj.options: udm_obj.options.append(admin_option) udm_obj['school'] = [self.name] udm_obj.modify() # cn=schueler group = Group.cache(self.group_name('pupils', 'schueler-'), self.name) group.create(lo) group.add_umc_policy(self.get_umc_policy_dn('pupils'), lo) # cn=lehrer group = Group.cache(self.group_name('teachers', 'lehrer-'), self.name) group.create(lo) group.add_umc_policy(self.get_umc_policy_dn('teachers'), lo) # cn=mitarbeiter if self.shall_create_administrative_objects(): group = Group.cache(self.group_name('staff', 'mitarbeiter-'), self.name) group.create(lo) group.add_umc_policy(self.get_umc_policy_dn('staff'), lo) if ucr.is_true('ucsschool/import/attach/policy/default-umc-users', True): # cn=Domain Users %s group = Group.cache("Domain Users %s" % (self.name,), self.name) group.create(lo) group.add_umc_policy("cn=default-umc-users,cn=UMC,cn=policies,%s" % (ucr.get('ldap/base'),), lo)
def do_modify(self, udm_obj, lo): self.create_mail_domain(lo) self.password = self.password or None removed_schools = set(udm_obj['school']) - set(self.schools) if removed_schools: # change self.schools back, so schools can be removed by remove_from_school() self.schools = udm_obj['school'] for removed_school in removed_schools: logger.info('Removing %r from school %r...', self, removed_school) if not self.remove_from_school(removed_school, lo): logger.error('Error removing %r from school %r.', self, removed_school) return False mandatory_groups = self.groups_used(lo) for group_dn in udm_obj['groups'][:]: logger.debug('Checking group %s for removal', group_dn) if group_dn not in mandatory_groups: logger.debug('Group not mandatory! Part of a school?') try: school_class = SchoolClass.from_dn(group_dn, None, lo) except noObject: logger.debug('No. Leaving it alone...') continue logger.debug('Yes, part of %s!', school_class.school) if school_class.school not in self.school_classes: continue # if the key isn't set we don't change anything to the groups. to remove the groups it has to be an empty list classes = self.school_classes[school_class.school] remove = school_class.name not in classes and school_class.get_relative_name( ) not in classes if remove: logger.debug('Removing it!') udm_obj['groups'].remove(group_dn) else: logger.debug( 'Leaving it alone: Part of own school and either non-school class or new school classes were not defined at all' ) for group_dn in mandatory_groups: logger.debug('Checking group %s for adding', group_dn) if group_dn not in udm_obj['groups']: logger.debug('Group is not yet part of the user. Adding...') udm_obj['groups'].append(group_dn) return super(User, self).do_modify(udm_obj, lo)
def create_dc_slave(self, lo, name, administrative=False): if administrative and not self.shall_create_administrative_objects(): logger.warning('Not creating %s: An administrative DC shall not be created as by UCR variable %r', name, 'ucsschool/ldap/noneducational/create/objects') return False if not self.exists(lo): logger.error('%r does not exist. Cannot create %s', self, name) return False if administrative: groups = self.get_administrative_group_name('administrative', ou_specific='both', as_dn=True) else: groups = self.get_administrative_group_name('educational', ou_specific='both', as_dn=True) logger.debug('DC shall become member of %r', groups) dc = SchoolDCSlave(name=name, school=self.name, groups=groups) if dc.exists(lo): logger.info('%r exists. Setting groups, do not move to %r!', dc, self) # call dc.move() if really necessary to move return dc.modify(lo, move_if_necessary=False) else: existing_host = AnyComputer.get_first_udm_obj(lo, 'cn=%s' % escape_filter_chars(name)) if existing_host: logger.error('Given host name "%s" is already in use and no domaincontroller slave system. Please choose another name.', name) return False return dc.create(lo)
def move_without_hooks(self, lo, udm_obj=None, force=False): try: if udm_obj is None: try: udm_obj = self.get_only_udm_obj( lo, 'cn=%s' % escape_filter_chars(self.name)) except MultipleObjectsError: logger.error( 'Found more than one DC Slave with hostname "%s"', self.name) return False if udm_obj is None: logger.error('Cannot find DC Slave with hostname "%s"', self.name) return False old_dn = udm_obj.dn school = self.get_school_obj(lo) group_dn = school.get_administrative_group_name('educational', ou_specific=True, as_dn=True) if group_dn not in udm_obj['groups']: logger.error('%r has no LDAP access to %r', self, school) return False if old_dn == self.dn: logger.info( 'DC Slave "%s" is already located in "%s" - stopping here', self.name, self.school) self.set_dn(old_dn) if self.exists_outside_school(lo): if not force: logger.error('DC Slave "%s" is located in another OU - %s', self.name, udm_obj.dn) logger.error('Use force=True to override') return False if school is None: logger.error( 'Cannot move DC Slave object - School does not exist: %r', school) return False self.modify_without_hooks(lo) if school.class_share_file_server == old_dn: school.class_share_file_server = self.dn if school.home_share_file_server == old_dn: school.home_share_file_server = self.dn school.modify_without_hooks(lo) removed = False # find dhcp server object by checking all dhcp service objects for dhcp_service in AnyDHCPService.get_all(lo, None): for dhcp_server in dhcp_service.get_servers(lo): if dhcp_server.name == self.name and not dhcp_server.dn.endswith( ',%s' % school.dn): dhcp_server.remove(lo) removed = True if removed: own_dhcp_service = school.get_dhcp_service() dhcp_server = DHCPServer(name=self.name, school=self.school, dhcp_service=own_dhcp_service) dhcp_server.create(lo) logger.info('Move complete') logger.warning('The DC Slave has to be rejoined into the domain!') finally: self.invalidate_cache() return True