def acquireUnique(lo, position, type, value, attr, scope='base'): ud.debug(ud.ADMIN, ud.INFO, 'LOCK acquireUnique scope = %s' % scope) if scope == 'domain': searchBase = position.getDomain() else: searchBase = position.getBase() if type == "aRecord": # uniqueness is only relevant among hosts (one or more dns entries having the same aRecord as a host are allowed) univention.admin.locking.lock(lo, position, type, value.encode('utf-8'), scope=scope) if not lo.searchDn(base=searchBase, filter=filter_format( '(&(objectClass=univentionHost)(%s=%s))', (attr, value))): return value elif type in ['groupName', 'uid'] and configRegistry.is_true( 'directory/manager/user_group/uniqueness', True): univention.admin.locking.lock(lo, position, type, value.encode('utf-8'), scope=scope) if not lo.searchDn( base=searchBase, filter=filter_format( '(|(&(cn=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))(uid=%s))', (value, value))): ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value) return value elif type == "groupName": # search filter is more complex then in general case univention.admin.locking.lock(lo, position, type, value.encode('utf-8'), scope=scope) if not lo.searchDn( base=searchBase, filter=filter_format( '(&(%s=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))', (attr, value))): ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value) return value else: ud.debug(ud.ADMIN, ud.INFO, 'LOCK univention.admin.locking.lock scope = %s' % scope) univention.admin.locking.lock(lo, position, type, value.encode('utf-8'), scope=scope) if not lo.searchDn(base=searchBase, filter=filter_format('%s=%s', (attr, value))): ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value) return value raise univention.admin.uexceptions.noLock( _('The attribute %r could not get locked.') % (type, ))
def acquireUnique(lo, position, type, value, attr, scope='base'): univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'LOCK acquireUnique scope = %s' % scope) if scope=='domain': searchBase=position.getDomain() else: searchBase=position.getBase() if type=="aRecord": # uniqueness is only relevant among hosts (one or more dns entrys having the same aRecord as a host are allowed) univention.admin.locking.lock(lo, position, type, value, scope=scope) if not lo.searchDn(base=searchBase, filter='(&(objectClass=univentionHost)(%s=%s))' % (attr, value)): return value elif type in ['groupName', 'uid'] and configRegistry.is_true('directory/manager/user_group/uniqueness', True): univention.admin.locking.lock(lo, position, type, value, scope=scope) if not lo.searchDn(base=searchBase, filter='(|(&(cn=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))(uid=%s))' % (value, value)): univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'ALLOCATE return %s'% value) return value elif type == "groupName": # search filter is more complex then in general case univention.admin.locking.lock(lo, position, type, value, scope=scope) if not lo.searchDn(base=searchBase, filter='(&(%s=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))' % (attr, value)): univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'ALLOCATE return %s'% value) return value else: univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'LOCK univention.admin.locking.lock scope = %s' % scope) univention.admin.locking.lock(lo, position, type, value, scope=scope) if not lo.searchDn(base=searchBase, filter='%s=%s' % (attr, value)): univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'ALLOCATE return %s'% value) return value raise univention.admin.uexceptions.noLock, _(': type was %s')%type
def _check_uid_gid_uniqueness(self): if not configRegistry.is_true("directory/manager/uid_gid/uniqueness", True): return if "posix" in self.options or "samba" in self.options: fg = univention.admin.filter.expression('uidNumber', self['gidNumber'], escape=True) user_objects = univention.admin.handlers.users.user.lookup(self.co, self.lo, filter_s=fg) if user_objects: raise univention.admin.uexceptions.gidNumberAlreadyUsedAsUidNumber(repr(self["gidNumber"]))
class groupNameAlreadyUsed(base): if configRegistry.is_true('directory/manager/user_group/uniqueness', True): message = _('The groupname is already in use as groupname or as username') else: message = _('The groupname is already in use')
def acquireUnique(lo, position, type, value, attr, scope='base'): ud.debug(ud.ADMIN, ud.INFO, 'LOCK acquireUnique scope = %s' % scope) if scope == 'domain': searchBase = position.getDomain() else: searchBase = position.getBase() if type == "aRecord": # uniqueness is only relevant among hosts (one or more dns entries having the same aRecord as a host are allowed) univention.admin.locking.lock(lo, position, type, value.encode('utf-8'), scope=scope) if not lo.searchDn(base=searchBase, filter=filter_format( '(&(objectClass=univentionHost)(%s=%s))', (attr, value))): return value elif type in ['groupName', 'uid'] and configRegistry.is_true( 'directory/manager/user_group/uniqueness', True): univention.admin.locking.lock(lo, position, type, value.encode('utf-8'), scope=scope) if not lo.searchDn( base=searchBase, filter=filter_format( '(|(&(cn=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))(uid=%s))', (value, value))): ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value) return value elif type == "groupName": # search filter is more complex then in general case univention.admin.locking.lock(lo, position, type, value.encode('utf-8'), scope=scope) if not lo.searchDn( base=searchBase, filter=filter_format( '(&(%s=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))', (attr, value))): ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value) return value elif type == 'cn-uid-position': base = lo.parentDn(value) attr, value, __ = ldap.dn.str2dn(value)[0][0] try: attrs = {'cn': ['uid'], 'uid': ['cn', 'ou'], 'ou': ['uid']}[attr] except KeyError: return value if all( ldap.dn.str2dn(x)[0][0][0] not in attrs for x in lo.searchDn(base=base, filter='(|%s)' % ''.join( filter_format('(%s=%s)', (attr, value)) for attr in attrs), scope=scope)): return value raise univention.admin.uexceptions.alreadyUsedInSubtree( 'name=%r position=%r' % (value, base)) else: ud.debug(ud.ADMIN, ud.INFO, 'LOCK univention.admin.locking.lock scope = %s' % scope) univention.admin.locking.lock(lo, position, type, value.encode('utf-8'), scope=scope) if not lo.searchDn(base=searchBase, filter=filter_format('%s=%s', (attr, value))): ud.debug(ud.ADMIN, ud.INFO, 'ALLOCATE return %s' % value) return value raise univention.admin.uexceptions.noLock( _('The attribute %r could not get locked.') % (type, ))
"add": [_("Add"), _("Add group object")], "find": [_("Search"), _("Search group object(s)")] } childs = 0 short_description = _('Group') long_description = '' options = { 'posix': univention.admin.option(short_description=_('Posix group'), default=1), 'samba': univention.admin.option(short_description=_('Samba group'), default=1) } # global caching variable if configRegistry.is_true('directory/manager/samba3/legacy', False): s4connector_present = False elif configRegistry.is_false('directory/manager/samba3/legacy', False): s4connector_present = True else: s4connector_present = None module_search_filter = univention.admin.filter.conjunction( '&', [ univention.admin.filter.expression('objectClass', 'univentionGroup'), ]) property_descriptions = { 'name': univention.admin.property(short_description=_('Name'), long_description='',
childs=0 short_description=_('Group') long_description='' options={ 'posix': univention.admin.option( short_description=_('Posix group'), default=1 ), 'samba': univention.admin.option( short_description=_('Samba group'), default=1 ) } # global caching variable if configRegistry.is_true('directory/manager/samba3/legacy', False): s4connector_present = False elif configRegistry.is_false('directory/manager/samba3/legacy', False): s4connector_present = True else: s4connector_present = None module_search_filter=univention.admin.filter.conjunction('&', [ univention.admin.filter.expression('objectClass', 'univentionGroup'), ]) property_descriptions={ 'name': univention.admin.property( short_description=_('Name'), long_description='',