#!/usr/bin/python3
# -*- coding: utf-8 -*-
#
# Univention S4 Connector
# this file defines the mapping between S4 and UCS
#
# Copyright 2004-2022 Univention GmbH
#
# https://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <https://www.gnu.org/licenses/>.
import base64
import six
import univention.s4connector.s4
import univention.s4connector.s4.password
import univention.s4connector.s4.sid_mapping
import univention.s4connector.s4.ntsecurity_descriptor
import univention.s4connector.s4.dns
import univention.s4connector.s4.dc
import univention.s4connector.s4.computer
import univention.s4connector.s4.user
import univention.config_registry as ucr
from univention.s4connector.s4 import format_escaped
configRegistry = ucr.ConfigRegistry()
configRegistry.load()
[docs]def ignore_filter_from_tmpl(template, ucr_key, default=''):
"""
Construct an `ignore_filter` from a `ucr_key`
(`connector/s4/mapping/*/ignorelist`, a comma delimited list of values), as
specified by `template` while correctly escaping the filter-expression.
`template` must be formatted as required by `format_escaped`.
>>> ignore_filter_from_tmpl('(cn={0!e})',
... 'connector/s4/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
"""
variables = [v for v in configRegistry.get(ucr_key, default).split(',') if v]
filter_parts = [format_escaped(template, v) for v in variables]
if filter_parts:
return '(|{})'.format(''.join(filter_parts))
return ''
[docs]def ignore_filter_from_attr(attribute, ucr_key, default=''):
"""
Convenience-wrapper around `ignore_filter_from_tmpl()`.
This expects a single `attribute` instead of a `template` argument.
>>> ignore_filter_from_attr('cn',
... 'connector/s4/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
"""
template = '({}={{0!e}})'.format(attribute)
return ignore_filter_from_tmpl(template, ucr_key, default)
global_ignore_subtree = [
'cn=univention,%(ldap/base)s' % configRegistry,
'cn=policies,%(ldap/base)s' % configRegistry,
'cn=shares,%(ldap/base)s' % configRegistry,
'cn=printers,%(ldap/base)s' % configRegistry,
'cn=networks,%(ldap/base)s' % configRegistry,
'cn=kerberos,%(ldap/base)s' % configRegistry,
'cn=dhcp,%(ldap/base)s' % configRegistry,
'cn=mail,%(ldap/base)s' % configRegistry,
'cn=nagios,%(ldap/base)s' % configRegistry,
'CN=RAS and IAS Servers Access Check,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=FileLinks,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=WinsockServices,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=RID Manager$,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=Dfs-Configuration,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=Server,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=ComPartitionSets,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=ComPartitions,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=IP Security,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=DFSR-GlobalSettings,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=DomainUpdates,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=Password Settings Container,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'DC=RootDNSServers,CN=MicrosoftDNS,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,%(connector/s4/ldap/base)s' % configRegistry,
'DC=RootDNSServers,CN=MicrosoftDNS,DC=ForestDnsZones,%(connector/s4/ldap/base)s' % configRegistry,
'DC=..TrustAnchors,CN=MicrosoftDNS,DC=ForestDnsZones,%(connector/s4/ldap/base)s' % configRegistry,
'CN=File Replication Service,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=RpcServices,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=Meetings,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=AdminSDHolder,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=BCKUPKEY_c490e871-a375-4b76-bd24-711e9e49fe5e Secret,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'CN=BCKUPKEY_PREFERRED Secret,CN=System,%(connector/s4/ldap/base)s' % configRegistry,
'ou=Grp Policy Users,%(connector/s4/ldap/base)s' % configRegistry,
'cn=ForeignSecurityPrincipals,%(connector/s4/ldap/base)s' % configRegistry,
'cn=Program Data,%(connector/s4/ldap/base)s' % configRegistry,
'cn=Configuration,%(connector/s4/ldap/base)s' % configRegistry,
'cn=opsi,%(ldap/base)s' % configRegistry,
'cn=Microsoft Exchange System Objects,%(connector/s4/ldap/base)s' % configRegistry
]
for k, v in configRegistry.items():
if k.startswith('connector/s4/mapping/ignoresubtree/'):
global_ignore_subtree.append(v)
if configRegistry.is_false('connector/s4/mapping/wmifilter', True):
global_ignore_subtree.append('CN=WMIPolicy,CN=System,%(connector/s4/ldap/base)s' % configRegistry)
if configRegistry.is_false('connector/s4/mapping/group/grouptype', False):
global_ignore_subtree.append('cn=Builtin,%(connector/s4/ldap/base)s' % configRegistry)
user_ignore_list = set(x.strip(' ') for x in configRegistry.get('connector/s4/mapping/user/attributes/ignorelist', '').split(','))
group_ignore_filter = ignore_filter_from_attr('cn', 'connector/s4/mapping/group/ignorelist')
if configRegistry.is_false('connector/s4/mapping/group/grouptype', False):
group_ignore_filter = '(|{}{})'.format('(sambaGroupType=5)(groupType=5)', group_ignore_filter)
key_prefix = "connector/s4/mapping/group/table/"
group_mapping_table = {
'cn': [
(key[len(key_prefix):], value)
for key, value in configRegistry.items()
if key.startswith(key_prefix)
]
}
if not group_mapping_table['cn']:
group_mapping_table = {}
sid_sync_mode = 'sync'
sid_mapping = []
if configRegistry.is_true('connector/s4/mapping/sid', True):
if configRegistry.is_true('connector/s4/mapping/sid_to_s4', False):
sid_mapping.append(univention.s4connector.s4.sid_mapping.sid_to_s4_mapping)
else:
sid_mapping.append(None)
sid_sync_mode = 'read'
if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True):
sid_mapping.append(univention.s4connector.s4.sid_mapping.sid_to_ucs_mapping)
else:
sid_mapping.append(None)
sid_sync_mode = 'write'
[docs]def get_sid_mapping():
if configRegistry.is_true('connector/s4/mapping/sid', True):
return univention.s4connector.attribute(
sync_mode=sid_sync_mode,
mapping=tuple(sid_mapping),
ldap_attribute='sambaSID',
ucs_attribute='sambaRID',
con_attribute='objectSid',
single_value=True,
compare_function=univention.s4connector.s4.compare_sid_lists,
)
def _map_s4_to_udm_base64(property_name):
def mapping(connector, key, obj):
return [base64.b64encode(x) for x in obj['attributes'][property_name]]
return mapping
def _map_ldap_to_s4(property_name):
def mapping(connector, key, obj):
return obj['attributes'][property_name]
return mapping
sync_mode_ou = configRegistry.get('connector/s4/mapping/ou/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))
sync_mode_gpo = configRegistry.get('connector/s4/mapping/gpo/syncmode', sync_mode_ou)
gpo_ntsd = configRegistry.is_true('connector/s4/mapping/gpo/ntsd', False)
s4_mapping = {
'user': univention.s4connector.property(
ucs_default_dn='cn=users,%(ldap/base)s' % configRegistry,
con_default_dn='cn=users,%(connector/s4/ldap/base)s' % configRegistry,
ucs_module='users/user',
# read, write, sync, none
sync_mode=configRegistry.get('connector/s4/mapping/user/syncmode', configRegistry.get('connector/s4/mapping/syncmode')),
scope='sub',
con_search_filter='(&(objectClass=user)(!(objectClass=computer))(userAccountControl:1.2.840.113556.1.4.803:=512))',
match_filter='(&(|(&(objectClass=posixAccount)(objectClass=krb5Principal))(objectClass=user))(!(objectClass=univentionHost)))',
ignore_filter=ignore_filter_from_tmpl('(uid={0!e})(CN={0!e})', 'connector/s4/mapping/user/ignorelist') or None,
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'user', 'person', 'organizationalPerson'],
dn_mapping_function=[univention.s4connector.s4.user_dn_mapping],
attributes=dict((key, value) for key, value in {
'samAccountName': univention.s4connector.attribute(
ucs_attribute='username',
ldap_attribute='uid',
con_attribute='sAMAccountName',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'givenName': univention.s4connector.attribute(
ucs_attribute='firstname',
ldap_attribute='givenName',
con_attribute='givenName',
single_value=True,
),
'displayName': univention.s4connector.attribute(
ucs_attribute='displayName',
ldap_attribute='displayName',
con_attribute='displayName',
single_value=True,
),
'sn': univention.s4connector.attribute(
ucs_attribute='lastname',
ldap_attribute='sn',
con_attribute='sn',
single_value=True,
),
'sid': get_sid_mapping(),
}.items() if key not in user_ignore_list),
# These functions can extend the addlist while
# creating an object in S4. Parameters are
# s4connector, property_type, object, addlist, serverctrls
con_create_extensions=[
univention.s4connector.s4.add_primary_group_to_addlist,
],
ucs_create_functions=list(filter(None, [
univention.s4connector.set_ucs_passwd_user,
univention.s4connector.check_ucs_lastname_user,
univention.s4connector.set_primary_group_user,
univention.s4connector.s4.sid_mapping.sid_to_ucs if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not configRegistry.is_true('connector/s4/mapping/sid', True) else None,
])),
con_create_attributes=[('userAccountControl', [b'512'])], # accounts synced to samba4 alpha17 had userAccountControl == 544
post_con_modify_functions=list(filter(None, [
univention.s4connector.s4.sid_mapping.sid_to_s4 if configRegistry.is_true('connector/s4/mapping/sid_to_s4', False) and not configRegistry.is_true('connector/s4/mapping/sid', True) else None,
univention.s4connector.s4.password.password_sync_ucs_to_s4,
univention.s4connector.s4.password.lockout_sync_ucs_to_s4,
univention.s4connector.s4.primary_group_sync_from_ucs,
univention.s4connector.s4.object_memberships_sync_from_ucs,
univention.s4connector.s4.disable_user_from_ucs,
])),
post_ucs_modify_functions=list(filter(None, [
univention.s4connector.s4.sid_mapping.sid_to_ucs if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not configRegistry.is_true('connector/s4/mapping/sid', True) else None,
univention.s4connector.s4.password.password_sync_s4_to_ucs,
univention.s4connector.s4.password.lockout_sync_s4_to_ucs,
univention.s4connector.s4.primary_group_sync_to_ucs,
univention.s4connector.s4.object_memberships_sync_to_ucs if configRegistry.get('connector/s4/mapping/group/syncmode') != 'write' else None,
univention.s4connector.s4.disable_user_to_ucs,
])),
post_attributes=dict((key, value) for key, value in {
'organisation': univention.s4connector.attribute(
ucs_attribute='organisation',
ldap_attribute='o',
con_attribute='company',
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'mailPrimaryAddress': univention.s4connector.attribute(
ucs_attribute='mailPrimaryAddress',
ldap_attribute='mailPrimaryAddress',
con_attribute='mail',
reverse_attribute_check=True,
single_value=True,
),
'street': univention.s4connector.attribute(
ucs_attribute='street',
ldap_attribute='street',
con_attribute='streetAddress',
single_value=True,
),
'city': univention.s4connector.attribute(
ucs_attribute='city',
ldap_attribute='l',
con_attribute='l',
single_value=True,
),
'postcode': univention.s4connector.attribute(
ucs_attribute='postcode',
ldap_attribute='postalCode',
con_attribute='postalCode',
single_value=True,
),
'sambaWorkstations': univention.s4connector.attribute(
ucs_attribute='sambaUserWorkstations',
ldap_attribute='sambaUserWorkstations',
con_attribute='userWorkstations',
single_value=True,
),
#'sambaLogonHours': univention.s4connector.attribute(
# ucs_attribute='sambaLogonHours',
# ldap_attribute='sambaLogonHours',
# con_attribute='logonHours',
#),
'profilepath': univention.s4connector.attribute(
ucs_attribute='profilepath',
ldap_attribute='sambaProfilePath',
con_attribute='profilePath',
single_value=True,
),
'scriptpath': univention.s4connector.attribute(
ucs_attribute='scriptpath',
ldap_attribute='sambaLogonScript',
con_attribute='scriptPath',
single_value=True,
),
'homeDrive': univention.s4connector.attribute(
ucs_attribute='homedrive',
ldap_attribute='sambaHomeDrive',
con_attribute='homeDrive',
single_value=True,
),
'homeDirectory': univention.s4connector.attribute(
ucs_attribute='sambahome',
ldap_attribute='sambaHomePath',
con_attribute='homeDirectory',
reverse_attribute_check=True,
single_value=True,
),
'telephoneNumber': univention.s4connector.attribute(
ucs_attribute='phone',
ldap_attribute='telephoneNumber',
con_attribute='telephoneNumber',
con_other_attribute='otherTelephone',
),
'homePhone': univention.s4connector.attribute(
ucs_attribute='homeTelephoneNumber',
ldap_attribute='homePhone',
con_attribute='homePhone',
con_other_attribute='otherHomePhone',
),
'mobilePhone': univention.s4connector.attribute(
ucs_attribute='mobileTelephoneNumber',
ldap_attribute='mobile',
con_attribute='mobile',
con_other_attribute='otherMobile',
),
'pager': univention.s4connector.attribute(
ucs_attribute='pagerTelephoneNumber',
ldap_attribute='pager',
con_attribute='pager',
con_other_attribute='otherPager',
),
'employeeType': univention.s4connector.attribute(
ucs_attribute='employeeType',
ldap_attribute='employeeType',
con_attribute='employeeType',
single_value=True,
),
'employeeNumber': univention.s4connector.attribute(
ucs_attribute='employeeNumber',
ldap_attribute='employeeNumber',
con_attribute='employeeNumber',
single_value=True,
),
#'state': univention.s4connector.attribute(
# ucs_attribute='state',
# ldap_attribute='st',
# con_attribute='st',
# single_value=True,
#),
#'country': univention.s4connector.attribute(
# ucs_attribute='country',
# ldap_attribute='c',
# con_attribute='c',
# single_value=True,
#),
'loginShell': univention.s4connector.attribute(
ucs_attribute='shell',
ldap_attribute='loginShell',
con_attribute='loginShell',
single_value=True,
),
'unixhome': univention.s4connector.attribute(
ucs_attribute='unixhome',
ldap_attribute='homeDirectory',
con_attribute='unixHomeDirectory',
single_value=True,
),
'title': univention.s4connector.attribute(
ucs_attribute='title',
ldap_attribute='title',
con_attribute='personalTitle',
single_value=True,
),
'gidNumber': univention.s4connector.attribute(
sync_mode='write',
ucs_attribute='gidNumber',
ldap_attribute='gidNumber',
con_attribute='gidNumber',
single_value=True,
),
'uidNumber': univention.s4connector.attribute(
ucs_attribute='uidNumber',
ldap_attribute='uidNumber',
con_attribute='uidNumber',
single_value=True,
),
'departmentNumber': univention.s4connector.attribute(
ucs_attribute='departmentNumber',
ldap_attribute='departmentNumber',
con_attribute='departmentNumber',
),
'roomNumber': univention.s4connector.attribute(
ucs_attribute='roomNumber',
ldap_attribute='roomNumber',
con_attribute='roomNumber',
),
'userCertificate': univention.s4connector.attribute(
mapping=(univention.s4connector.s4.user.userCertificate_sync_ucs_to_s4, univention.s4connector.s4.user.userCertificate_sync_s4_to_ucs),
ucs_attribute='userCertificate',
ldap_attribute='userCertificate;binary',
con_attribute='userCertificate',
single_value=True,
),
# Do not sync secretary, because we currently have no way to verify the existence of the DN which would cause rejects
#'secretary': univention.s4connector.attribute(
# mapping=(univention.s4connector.s4.user.secretary_sync_ucs_to_s4, univention.s4connector.s4.user.secretary_sync_s4_to_ucs),
# ucs_attribute='secretary',
# ldap_attribute='secretary',
# con_attribute='secretary',
#),
'jpegPhoto': univention.s4connector.attribute(
mapping=(univention.s4connector.s4.user.jpegPhoto_sync_ucs_to_s4, univention.s4connector.s4.user.jpegPhoto_sync_s4_to_ucs),
ucs_attribute='jpegPhoto',
ldap_attribute='jpegPhoto',
con_attribute='jpegPhoto',
single_value=True,
),
'preferredDeliveryMethod': univention.s4connector.attribute(
mapping=(univention.s4connector.s4.user.prefdev_sync_ucs_to_s4, univention.s4connector.s4.user.prefdev_sync_s4_to_ucs),
ucs_attribute='preferredDeliveryMethod',
ldap_attribute='preferredDeliveryMethod',
con_attribute='preferredDeliveryMethod',
single_value=True,
),
'initials': univention.s4connector.attribute(
ucs_attribute='initials',
ldap_attribute='initials',
con_attribute='initials',
single_value=True,
),
'physicalDeliveryOfficeName': univention.s4connector.attribute(
ucs_attribute='physicalDeliveryOfficeName',
ldap_attribute='physicalDeliveryOfficeName',
con_attribute='physicalDeliveryOfficeName',
single_value=True,
),
'postOfficeBox': univention.s4connector.attribute(
ucs_attribute='postOfficeBox',
ldap_attribute='postOfficeBox',
con_attribute='postOfficeBox',
),
'preferredLanguage': univention.s4connector.attribute(
ucs_attribute='preferredLanguage',
ldap_attribute='preferredLanguage',
con_attribute='preferredLanguage',
single_value=True,
),
}.items() if key not in user_ignore_list),
),
'group': univention.s4connector.property(
ucs_default_dn='cn=groups,%(ldap/base)s' % configRegistry,
con_default_dn='cn=Users,%(connector/s4/ldap/base)s' % configRegistry,
ucs_module='groups/group',
sync_mode=configRegistry.get('connector/s4/mapping/group/syncmode', configRegistry.get('connector/s4/mapping/syncmode')),
scope='sub',
ignore_filter=group_ignore_filter or None,
ignore_subtree=global_ignore_subtree,
con_search_filter='objectClass=group',
con_create_objectclass=['top', 'group'],
# These functions can extend the addlist while
# creating an object in S4. Parameters are
# s4connector, property_type, object, addlist, serverctrls
con_create_extensions=[
univention.s4connector.s4.check_for_local_group_and_extend_serverctrls_and_sid,
],
post_con_modify_functions=list(filter(None, [
univention.s4connector.s4.sid_mapping.sid_to_s4 if configRegistry.is_true('connector/s4/mapping/sid_to_s4', False) and not configRegistry.is_true('connector/s4/mapping/sid', True) else None,
univention.s4connector.s4.group_members_sync_from_ucs,
univention.s4connector.s4.object_memberships_sync_from_ucs
])),
post_ucs_modify_functions=list(filter(None, [
univention.s4connector.s4.sid_mapping.sid_to_ucs if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not configRegistry.is_true('connector/s4/mapping/sid', True) else None,
univention.s4connector.s4.group_members_sync_to_ucs,
univention.s4connector.s4.object_memberships_sync_to_ucs
])),
dn_mapping_function=[univention.s4connector.s4.group_dn_mapping],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='sAMAccountName',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'groupType': univention.s4connector.attribute(
ucs_attribute='adGroupType',
ldap_attribute='univentionGroupType',
con_attribute='groupType',
single_value=True,
),
'mailAddress': univention.s4connector.attribute(
ucs_attribute='mailAddress',
ldap_attribute='mailPrimaryAddress',
con_attribute='mail',
reverse_attribute_check=True,
single_value=True,
),
'gidNumber': univention.s4connector.attribute(
sync_mode='write',
ucs_attribute='gidNumber',
ldap_attribute='gidNumber',
con_attribute='gidNumber',
single_value=True,
),
'sid': get_sid_mapping(),
},
mapping_table=group_mapping_table,
),
'dc': univention.s4connector.property(
ucs_default_dn='cn=dc,cn=computers,%(ldap/base)s' % configRegistry,
con_default_dn='OU=Domain Controllers,%(connector/s4/ldap/base)s' % configRegistry,
ucs_module='computers/windows_domaincontroller',
ucs_module_others=['computers/domaincontroller_master', 'computers/domaincontroller_backup', 'computers/domaincontroller_slave'],
con_search_filter='(&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=532480))',
position_mapping=[(',cn=dc,cn=computers,%(ldap/base)s' % configRegistry, ',ou=Domain Controllers,%(connector/s4/ldap/base)s' % configRegistry)],
match_filter='(|(&(objectClass=univentionDomainController)(univentionService=Samba 4))(objectClass=computer)(univentionServerRole=windows_domaincontroller))',
dn_mapping_function=[univention.s4connector.s4.dc_dn_mapping],
# When a DC joins to the samba 4 domain
# the DC will be deleted.
disable_delete_in_ucs=True,
# When a DC is removed in UCS, the DC should be removed
# in S4. By default a DC has a subobject wihtout any mapping
# and this subobject would avoid a deletion of this DC in S4
con_subtree_delete_objects=['objectClass=rIDSet', 'objectClass=connectionPoint', 'objectclass=nTFRSMember'],
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/dc/ignorelist') or None,
sync_mode=configRegistry.get('connector/s4/mapping/computer_dc/syncmode', configRegistry.get('connector/s4/mapping/syncmode')),
con_create_objectclass=['top', 'computer'],
con_create_attributes=[
('userAccountControl', [b'532480']),
],
post_con_modify_functions=list(filter(None, [
univention.s4connector.s4.sid_mapping.sid_to_s4 if configRegistry.is_true('connector/s4/mapping/sid_to_s4', False) and not configRegistry.is_true('connector/s4/mapping/sid', True) else None,
univention.s4connector.s4.password.password_sync_ucs_to_s4,
])),
post_ucs_modify_functions=list(filter(None, [
univention.s4connector.s4.sid_mapping.sid_to_ucs if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not configRegistry.is_true('connector/s4/mapping/sid', True) else None,
univention.s4connector.s4.password.password_sync_s4_to_ucs_no_userpassword,
univention.s4connector.s4.computer.checkAndConvertToMacOSX,
])),
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'samAccountName': univention.s4connector.attribute(
ldap_attribute='uid',
con_attribute='sAMAccountName',
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'operatingSystem': univention.s4connector.attribute(
ucs_attribute='operatingSystem',
ldap_attribute='univentionOperatingSystem',
con_attribute='operatingSystem',
single_value=True,
),
'operatingSystemVersion': univention.s4connector.attribute(
ucs_attribute='operatingSystemVersion',
ldap_attribute='univentionOperatingSystemVersion',
con_attribute='operatingSystemVersion',
single_value=True,
),
'sid': get_sid_mapping(),
},
),
'windowscomputer': univention.s4connector.property(
ucs_default_dn='cn=computers,%(ldap/base)s' % configRegistry,
con_default_dn='cn=computers,%(connector/s4/ldap/base)s' % configRegistry,
ucs_module='computers/windows',
ucs_module_others=['computers/memberserver', 'computers/linux', 'computers/ubuntu', 'computers/macos'],
sync_mode=configRegistry.get('connector/s4/mapping/computer/syncmode', configRegistry.get('connector/s4/mapping/syncmode')),
scope='sub',
dn_mapping_function=[univention.s4connector.s4.windowscomputer_dn_mapping],
con_search_filter='(&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=4096))',
# ignore_filter='userAccountControl=4096',
match_filter='(|(&(objectClass=univentionWindows)(!(univentionServerRole=windows_domaincontroller)))(objectClass=computer)(objectClass=univentionMemberServer)(objectClass=univentionUbuntuClient)(objectClass=univentionLinuxClient)(objectClass=univentionMacOSClient))',
ignore_subtree=global_ignore_subtree,
con_subtree_delete_objects=['objectClass=rIDSet', 'objectClass=connectionPoint', 'objectclass=nTFRSMember'],
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/windowscomputer/ignorelist'),
con_create_objectclass=['top', 'computer'],
con_create_attributes=[('userAccountControl', [b'4096'])],
#post_con_create_functions=[univention.s4connector.s4.computers.
post_con_modify_functions=list(filter(None, [
univention.s4connector.s4.sid_mapping.sid_to_s4 if configRegistry.is_true('connector/s4/mapping/sid_to_s4', False) and not configRegistry.is_true('connector/s4/mapping/sid', True) else None,
univention.s4connector.s4.password.password_sync_ucs_to_s4,
])),
post_ucs_modify_functions=list(filter(None, [
univention.s4connector.s4.sid_mapping.sid_to_ucs if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not configRegistry.is_true('connector/s4/mapping/sid', True) else None,
univention.s4connector.s4.password.password_sync_s4_to_ucs_no_userpassword,
univention.s4connector.s4.computer.checkAndConvertToMacOSX,
univention.s4connector.s4.computer.windowscomputer_sync_s4_to_ucs_check_rename,
])),
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'samAccountName': univention.s4connector.attribute(
ldap_attribute='uid',
con_attribute='sAMAccountName',
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'operatingSystem': univention.s4connector.attribute(
ucs_attribute='operatingSystem',
ldap_attribute='univentionOperatingSystem',
con_attribute='operatingSystem',
single_value=True,
),
'operatingSystemVersion': univention.s4connector.attribute(
ucs_attribute='operatingSystemVersion',
ldap_attribute='univentionOperatingSystemVersion',
con_attribute='operatingSystemVersion',
single_value=True,
),
'sid': get_sid_mapping(),
},
),
'dns': univention.s4connector.property(
ucs_default_dn='cn=dns,%(ldap/base)s' % configRegistry,
con_default_dn='CN=MicrosoftDNS,%s,%s' % ("CN=System" if configRegistry.get('connector/s4/mapping/dns/position') == 'legacy' else "DC=DomainDnsZones", configRegistry['connector/s4/ldap/base']),
ucs_module='dns/dns',
ucs_module_others=['dns/forward_zone', 'dns/reverse_zone', 'dns/alias', 'dns/host_record', 'dns/srv_record', 'dns/ptr_record', 'dns/txt_record', 'dns/ns_record'],
sync_mode=configRegistry.get('connector/s4/mapping/dns/syncmode') or configRegistry.get('connector/s4/mapping/syncmode', ''),
scope='sub',
con_search_filter='(|(objectClass=dnsNode)(objectClass=dnsZone))',
dn_mapping_function=[univention.s4connector.s4.dns.dns_dn_mapping],
ignore_filter=ignore_filter_from_attr('dc', 'connector/s4/mapping/dns/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_sync_function=univention.s4connector.s4.dns.ucs2con,
ucs_sync_function=univention.s4connector.s4.dns.con2ucs,
),
'msGPO': univention.s4connector.property(
ucs_module='container/msgpo',
sync_mode=str(sync_mode_gpo),
scope='sub',
con_search_filter='(&(objectClass=container)(objectClass=groupPolicyContainer))',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpo/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'container', 'groupPolicyContainer'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'displayName': univention.s4connector.attribute(
ucs_attribute='displayName',
ldap_attribute='displayName',
con_attribute='displayName',
single_value=True,
),
'msGPOFlags': univention.s4connector.attribute(
ucs_attribute='msGPOFlags',
ldap_attribute='msGPOFlags',
con_attribute='flags',
single_value=True,
),
'msGPOVersionNumber': univention.s4connector.attribute(
ucs_attribute='msGPOVersionNumber',
ldap_attribute='msGPOVersionNumber',
con_attribute='versionNumber',
single_value=True,
),
'msGPOSystemFlags': univention.s4connector.attribute(
ucs_attribute='msGPOSystemFlags',
ldap_attribute='msGPOSystemFlags',
con_attribute='systemFlags',
single_value=True,
),
'msGPOFunctionalityVersion': univention.s4connector.attribute(
ucs_attribute='msGPOFunctionalityVersion',
ldap_attribute='msGPOFunctionalityVersion',
con_attribute='gPCFunctionalityVersion',
single_value=True,
),
'msGPOFileSysPath': univention.s4connector.attribute(
ucs_attribute='msGPOFileSysPath',
ldap_attribute='msGPOFileSysPath',
con_attribute='gPCFileSysPath',
single_value=True,
),
'msGPOMachineExtensionNames': univention.s4connector.attribute(
ucs_attribute='msGPOMachineExtensionNames',
ldap_attribute='msGPOMachineExtensionNames',
con_attribute='gPCMachineExtensionNames',
single_value=True,
),
'msGPOUserExtensionNames': univention.s4connector.attribute(
ucs_attribute='msGPOUserExtensionNames',
ldap_attribute='msGPOUserExtensionNames',
con_attribute='gPCUserExtensionNames',
single_value=True,
),
'msGPOWQLFilter': univention.s4connector.attribute(
ucs_attribute='msGPOWQLFilter',
ldap_attribute='msGPOWQLFilter',
con_attribute='gPCWQLFilter',
single_value=True,
),
},
ucs_create_functions=[univention.s4connector.s4.ntsecurity_descriptor.ntsd_to_ucs] if gpo_ntsd else [],
post_ucs_modify_functions=[univention.s4connector.s4.ntsecurity_descriptor.ntsd_to_ucs] if gpo_ntsd else [],
post_con_create_functions=[univention.s4connector.s4.ntsecurity_descriptor.ntsd_to_s4] if gpo_ntsd else [],
post_con_modify_functions=[univention.s4connector.s4.ntsecurity_descriptor.ntsd_to_s4] if gpo_ntsd else [],
),
'msWMIFilter': univention.s4connector.property(
ucs_module='settings/mswmifilter',
sync_mode=str(configRegistry.get('connector/s4/mapping/wmifilter/syncmode', sync_mode_ou)),
scope='sub',
con_search_filter='(objectClass=msWMI-Som)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/wmifilter/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'msWMI-Som'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='id',
ldap_attribute='msWMIID',
con_attribute='msWMI-ID',
required=1,
single_value=True,
),
'name': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='msWMIName',
con_attribute='msWMI-Name',
required=1,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'displayName': univention.s4connector.attribute(
ucs_attribute='displayName',
ldap_attribute='displayName',
con_attribute='displayName',
single_value=True,
),
'author': univention.s4connector.attribute(
ucs_attribute='author',
ldap_attribute='msWMIAuthor',
con_attribute='msWMI-Author',
single_value=True,
),
'creationDate': univention.s4connector.attribute(
ucs_attribute='creationDate',
ldap_attribute='msWMICreationDate',
con_attribute='msWMI-CreationDate',
single_value=True,
),
'changeDate': univention.s4connector.attribute(
ucs_attribute='changeDate',
ldap_attribute='msWMIChangeDate',
con_attribute='msWMI-ChangeDate',
single_value=True,
),
'parm1': univention.s4connector.attribute(
ucs_attribute='parm1',
ldap_attribute='msWMIParm1',
con_attribute='msWMI-Parm1',
single_value=True,
),
'parm2': univention.s4connector.attribute(
ucs_attribute='parm2',
ldap_attribute='msWMIParm2',
con_attribute='msWMI-Parm2',
single_value=True,
),
'parm3': univention.s4connector.attribute(
ucs_attribute='parm3',
ldap_attribute='msWMIParm3',
con_attribute='msWMI-Parm3',
single_value=True,
),
'parm4': univention.s4connector.attribute(
ucs_attribute='parm4',
ldap_attribute='msWMIParm4',
con_attribute='msWMI-Parm4',
single_value=True,
),
'flags1': univention.s4connector.attribute(
ucs_attribute='flags1',
ldap_attribute='msWMIFlags1',
con_attribute='msWMI-Flags1',
single_value=True,
),
'flags2': univention.s4connector.attribute(
ucs_attribute='flags2',
ldap_attribute='msWMIFlags2',
con_attribute='msWMI-Flags2',
single_value=True,
),
'flags3': univention.s4connector.attribute(
ucs_attribute='flags3',
ldap_attribute='msWMIFlags3',
con_attribute='msWMI-Flags3',
single_value=True,
),
'flags4': univention.s4connector.attribute(
ucs_attribute='flags4',
ldap_attribute='msWMIFlags4',
con_attribute='msWMI-Flags4',
single_value=True,
),
'sourceOrganization': univention.s4connector.attribute(
ucs_attribute='sourceOrganization',
ldap_attribute='msWMISourceOrganization',
con_attribute='msWMI-SourceOrganization',
single_value=True,
),
},
),
'msPrintConnectionPolicy': univention.s4connector.property(
ucs_module='settings/msprintconnectionpolicy',
sync_mode=str(configRegistry.get('connector/s4/mapping/msprintconnectionpolicy/syncmode', sync_mode_gpo)),
scope='sub',
con_search_filter='(objectClass=msPrint-ConnectionPolicy)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/msprintconnectionpolicy/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'msPrint-ConnectionPolicy'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'displayName': univention.s4connector.attribute(
ucs_attribute='displayName',
ldap_attribute='displayName',
con_attribute='displayName',
single_value=True,
),
'msPrintAttributes': univention.s4connector.attribute(
ucs_attribute='msPrintAttributes',
ldap_attribute='msPrintAttributes',
con_attribute='printAttributes',
single_value=True,
),
'msPrinterName': univention.s4connector.attribute(
ucs_attribute='msPrinterName',
ldap_attribute='msPrinterName',
con_attribute='printerName',
single_value=True,
),
'msPrintServerName': univention.s4connector.attribute(
ucs_attribute='msPrintServerName',
ldap_attribute='msPrintServerName',
con_attribute='serverName',
single_value=True,
),
'msPrintUNCName': univention.s4connector.attribute(
ucs_attribute='msPrintUNCName',
ldap_attribute='msPrintUNCName',
con_attribute='uNCName',
single_value=True,
),
},
),
'ms/gpwl-wireless': univention.s4connector.property(
ucs_module='ms/gpwl-wireless',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpwl/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=ms-net-ieee-80211-GroupPolicy)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpwl/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'ms-net-ieee-80211-GroupPolicy'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'ms-net-ieee-80211-GP-PolicyReserved': univention.s4connector.attribute(
ucs_attribute='ms-net-ieee-80211-GP-PolicyReserved',
ldap_attribute='ms-net-ieee-80211-GP-PolicyReserved',
con_attribute='ms-net-ieee-80211-GP-PolicyReserved',
mapping=(_map_ldap_to_s4('ms-net-ieee-80211-GP-PolicyReserved'), _map_s4_to_udm_base64('ms-net-ieee-80211-GP-PolicyReserved')),
single_value=True,
),
'ms-net-ieee-80211-GP-PolicyData': univention.s4connector.attribute(
ucs_attribute='ms-net-ieee-80211-GP-PolicyData',
ldap_attribute='ms-net-ieee-80211-GP-PolicyData',
con_attribute='ms-net-ieee-80211-GP-PolicyData',
single_value=True,
),
'ms-net-ieee-80211-GP-PolicyGUID': univention.s4connector.attribute(
ucs_attribute='ms-net-ieee-80211-GP-PolicyGUID',
ldap_attribute='ms-net-ieee-80211-GP-PolicyGUID',
con_attribute='ms-net-ieee-80211-GP-PolicyGUID',
single_value=True,
),
},
),
'ms/gpwl-wired': univention.s4connector.property(
ucs_module='ms/gpwl-wired',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpwl/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=ms-net-ieee-8023-GroupPolicy)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpwl/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'ms-net-ieee-8023-GroupPolicy'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'ms-net-ieee-8023-GP-PolicyReserved': univention.s4connector.attribute(
ucs_attribute='ms-net-ieee-8023-GP-PolicyReserved',
ldap_attribute='ms-net-ieee-8023-GP-PolicyReserved',
con_attribute='ms-net-ieee-8023-GP-PolicyReserved',
mapping=(_map_ldap_to_s4('ms-net-ieee-8023-GP-PolicyReserved'), _map_s4_to_udm_base64('ms-net-ieee-8023-GP-PolicyReserved')),
single_value=True,
),
'ms-net-ieee-8023-GP-PolicyData': univention.s4connector.attribute(
ucs_attribute='ms-net-ieee-8023-GP-PolicyData',
ldap_attribute='ms-net-ieee-8023-GP-PolicyData',
con_attribute='ms-net-ieee-8023-GP-PolicyData',
single_value=True,
),
'ms-net-ieee-8023-GP-PolicyGUID': univention.s4connector.attribute(
ucs_attribute='ms-net-ieee-8023-GP-PolicyGUID',
ldap_attribute='ms-net-ieee-8023-GP-PolicyGUID',
con_attribute='ms-net-ieee-8023-GP-PolicyGUID',
single_value=True,
),
},
),
'ms/gpwl-wireless-blob': univention.s4connector.property(
ucs_module='ms/gpwl-wireless-blob',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpwl/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=msieee80211-Policy)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpwl/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'msieee80211-Policy'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'msieee80211-ID': univention.s4connector.attribute(
ucs_attribute='msieee80211-ID',
ldap_attribute='msieee80211-ID',
con_attribute='msieee80211-ID',
single_value=True,
),
'msieee80211-DataType': univention.s4connector.attribute(
ucs_attribute='msieee80211-DataType',
ldap_attribute='msieee80211-DataType',
con_attribute='msieee80211-DataType',
single_value=True,
),
'msieee80211-Data': univention.s4connector.attribute(
ucs_attribute='msieee80211-Data',
ldap_attribute='msieee80211-Data',
con_attribute='msieee80211-Data',
mapping=(_map_ldap_to_s4('msieee80211-Data'), _map_s4_to_udm_base64('msieee80211-Data')),
single_value=True,
),
},
),
'container': univention.s4connector.property(
ucs_module='container/cn',
sync_mode=configRegistry.get('connector/s4/mapping/container/syncmode', configRegistry.get('connector/s4/mapping/syncmode')),
scope='sub',
con_search_filter='(&(|(objectClass=container)(objectClass=builtinDomain))(!(objectClass=groupPolicyContainer)))', # builtinDomain is cn=builtin (with group cn=Administrators)
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/container/ignorelist', 'mail,kerberos,MicrosoftDNS'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'container'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'gPLink': univention.s4connector.attribute(
ucs_attribute='gPLink',
ldap_attribute='msGPOLink',
con_attribute='gPLink',
single_value=True,
),
},
),
'ms/gpipsec-filter': univention.s4connector.property(
ucs_module='ms/gpipsec-filter',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpipsec/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=ipsecFilter)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpipsec/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'ipsecFilter'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=True,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'ipsecOwnersReference': univention.s4connector.attribute(
ucs_attribute='ipsecOwnersReference',
ldap_attribute='ipsecOwnersReference',
con_attribute='ipsecOwnersReference',
compare_function=univention.s4connector.compare_lowercase,
single_value=False,
),
'ipsecName': univention.s4connector.attribute(
ucs_attribute='ipsecName',
ldap_attribute='ipsecName',
con_attribute='ipsecName',
single_value=True,
),
'ipsecID': univention.s4connector.attribute(
ucs_attribute='ipsecID',
ldap_attribute='ipsecID',
con_attribute='ipsecID',
single_value=True,
),
'ipsecDataType': univention.s4connector.attribute(
ucs_attribute='ipsecDataType',
ldap_attribute='ipsecDataType',
con_attribute='ipsecDataType',
single_value=True,
),
'ipsecData': univention.s4connector.attribute(
ucs_attribute='ipsecData',
ldap_attribute='ipsecData',
con_attribute='ipsecData',
mapping=(_map_ldap_to_s4('ipsecData'), _map_s4_to_udm_base64('ipsecData')),
single_value=True,
),
},
),
'ms/gpipsec-isakmp-policy': univention.s4connector.property(
ucs_module='ms/gpipsec-isakmp-policy',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpipsec/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=ipsecISAKMPPolicy)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpipsec/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'ipsecISAKMPPolicy'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=True,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'ipsecOwnersReference': univention.s4connector.attribute(
ucs_attribute='ipsecOwnersReference',
ldap_attribute='ipsecOwnersReference',
con_attribute='ipsecOwnersReference',
compare_function=univention.s4connector.compare_lowercase,
single_value=False,
),
'ipsecName': univention.s4connector.attribute(
ucs_attribute='ipsecName',
ldap_attribute='ipsecName',
con_attribute='ipsecName',
single_value=True,
),
'ipsecID': univention.s4connector.attribute(
ucs_attribute='ipsecID',
ldap_attribute='ipsecID',
con_attribute='ipsecID',
single_value=True,
),
'ipsecDataType': univention.s4connector.attribute(
ucs_attribute='ipsecDataType',
ldap_attribute='ipsecDataType',
con_attribute='ipsecDataType',
single_value=True,
),
'ipsecData': univention.s4connector.attribute(
ucs_attribute='ipsecData',
ldap_attribute='ipsecData',
con_attribute='ipsecData',
mapping=(_map_ldap_to_s4('ipsecData'), _map_s4_to_udm_base64('ipsecData')),
single_value=True,
),
},
),
'ms/gpipsec-negotiation-policy': univention.s4connector.property(
ucs_module='ms/gpipsec-negotiation-policy',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpipsec/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=ipsecNegotiationPolicy)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpipsec/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'ipsecNegotiationPolicy'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=True,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'ipsecOwnersReference': univention.s4connector.attribute(
ucs_attribute='ipsecOwnersReference',
ldap_attribute='ipsecOwnersReference',
con_attribute='ipsecOwnersReference',
compare_function=univention.s4connector.compare_lowercase,
single_value=False,
),
'ipsecName': univention.s4connector.attribute(
ucs_attribute='ipsecName',
ldap_attribute='ipsecName',
con_attribute='ipsecName',
single_value=True,
),
'ipsecID': univention.s4connector.attribute(
ucs_attribute='ipsecID',
ldap_attribute='ipsecID',
con_attribute='ipsecID',
single_value=True,
),
'ipsecDataType': univention.s4connector.attribute(
ucs_attribute='ipsecDataType',
ldap_attribute='ipsecDataType',
con_attribute='ipsecDataType',
single_value=True,
),
'ipsecData': univention.s4connector.attribute(
ucs_attribute='ipsecData',
ldap_attribute='ipsecData',
con_attribute='ipsecData',
mapping=(_map_ldap_to_s4('ipsecData'), _map_s4_to_udm_base64('ipsecData')),
single_value=True,
),
'iPSECNegotiationPolicyType': univention.s4connector.attribute(
ucs_attribute='iPSECNegotiationPolicyType',
ldap_attribute='iPSECNegotiationPolicyType',
con_attribute='iPSECNegotiationPolicyType',
single_value=True,
),
'iPSECNegotiationPolicyAction': univention.s4connector.attribute(
ucs_attribute='iPSECNegotiationPolicyAction',
ldap_attribute='iPSECNegotiationPolicyAction',
con_attribute='iPSECNegotiationPolicyAction',
single_value=True,
),
},
),
'ms/gpipsec-nfa': univention.s4connector.property(
ucs_module='ms/gpipsec-nfa',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpipsec/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=ipsecNFA)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpipsec/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'ipsecNFA'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=True,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'ipsecOwnersReference': univention.s4connector.attribute(
ucs_attribute='ipsecOwnersReference',
ldap_attribute='ipsecOwnersReference',
con_attribute='ipsecOwnersReference',
compare_function=univention.s4connector.compare_lowercase,
single_value=False,
),
'ipsecName': univention.s4connector.attribute(
ucs_attribute='ipsecName',
ldap_attribute='ipsecName',
con_attribute='ipsecName',
single_value=True,
),
'ipsecID': univention.s4connector.attribute(
ucs_attribute='ipsecID',
ldap_attribute='ipsecID',
con_attribute='ipsecID',
single_value=True,
),
'ipsecDataType': univention.s4connector.attribute(
ucs_attribute='ipsecDataType',
ldap_attribute='ipsecDataType',
con_attribute='ipsecDataType',
single_value=True,
),
'ipsecData': univention.s4connector.attribute(
ucs_attribute='ipsecData',
ldap_attribute='ipsecData',
con_attribute='ipsecData',
mapping=(_map_ldap_to_s4('ipsecData'), _map_s4_to_udm_base64('ipsecData')),
single_value=True,
),
'ipsecNegotiationPolicyReference': univention.s4connector.attribute(
ucs_attribute='ipsecNegotiationPolicyReference',
ldap_attribute='ipsecNegotiationPolicyReference',
con_attribute='ipsecNegotiationPolicyReference',
single_value=True,
),
'ipsecFilterReference': univention.s4connector.attribute(
ucs_attribute='ipsecFilterReference',
ldap_attribute='ipsecFilterReference',
con_attribute='ipsecFilterReference',
single_value=True,
),
},
),
'ms/gpipsec-policy': univention.s4connector.property(
ucs_module='ms/gpipsec-policy',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpipsec/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=ipsecPolicy)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpipsec/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'ipsecPolicy'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=True,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'ipsecOwnersReference': univention.s4connector.attribute(
ucs_attribute='ipsecOwnersReference',
ldap_attribute='ipsecOwnersReference',
con_attribute='ipsecOwnersReference',
compare_function=univention.s4connector.compare_lowercase,
single_value=False,
),
'ipsecName': univention.s4connector.attribute(
ucs_attribute='ipsecName',
ldap_attribute='ipsecName',
con_attribute='ipsecName',
single_value=True,
),
'ipsecID': univention.s4connector.attribute(
ucs_attribute='ipsecID',
ldap_attribute='ipsecID',
con_attribute='ipsecID',
single_value=True,
),
'ipsecDataType': univention.s4connector.attribute(
ucs_attribute='ipsecDataType',
ldap_attribute='ipsecDataType',
con_attribute='ipsecDataType',
single_value=True,
),
'ipsecData': univention.s4connector.attribute(
ucs_attribute='ipsecData',
ldap_attribute='ipsecData',
con_attribute='ipsecData',
mapping=(_map_ldap_to_s4('ipsecData'), _map_s4_to_udm_base64('ipsecData')),
single_value=True,
),
'ipsecNFAReference': univention.s4connector.attribute(
ucs_attribute='ipsecNFAReference',
ldap_attribute='ipsecNFAReference',
con_attribute='ipsecNFAReference',
single_value=True,
),
'ipsecISAKMPReference': univention.s4connector.attribute(
ucs_attribute='ipsecISAKMPReference',
ldap_attribute='ipsecISAKMPReference',
con_attribute='ipsecISAKMPReference',
single_value=True,
),
},
),
'ms/gpsi-category-registration': univention.s4connector.property(
ucs_module='ms/gpsi-category-registration',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpsi/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=categoryRegistration)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpsi/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'leaf', 'categoryRegistration'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=True,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'managedBy': univention.s4connector.attribute(
ucs_attribute='managedBy',
ldap_attribute='managedBy',
con_attribute='managedBy',
single_value=True,
),
'localizedDescription': univention.s4connector.attribute(
ucs_attribute='localizedDescription',
ldap_attribute='localizedDescription',
con_attribute='localizedDescription',
single_value=False,
),
'localeID': univention.s4connector.attribute(
ucs_attribute='localeID',
ldap_attribute='localeID',
con_attribute='localeID',
single_value=False,
),
'categoryId': univention.s4connector.attribute(
ucs_attribute='categoryId',
ldap_attribute='categoryId',
con_attribute='categoryId',
mapping=(_map_ldap_to_s4('categoryId'), _map_s4_to_udm_base64('categoryId')),
single_value=True,
),
},
),
'ms/gpsi-class-store': univention.s4connector.property(
ucs_module='ms/gpsi-class-store',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpsi/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=classStore)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpsi/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'classStore'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=True,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'displayName': univention.s4connector.attribute(
ucs_attribute='displayName',
ldap_attribute='displayName',
con_attribute='displayName',
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'versionNumber': univention.s4connector.attribute(
ucs_attribute='versionNumber',
ldap_attribute='versionNumber',
con_attribute='versionNumber',
single_value=True,
),
'nextLevelStore': univention.s4connector.attribute(
ucs_attribute='nextLevelStore',
ldap_attribute='nextLevelStore',
con_attribute='nextLevelStore',
single_value=True,
),
'lastUpdateSequence': univention.s4connector.attribute(
ucs_attribute='lastUpdateSequence',
ldap_attribute='lastUpdateSequence',
con_attribute='lastUpdateSequence',
single_value=True,
),
'extensionName': univention.s4connector.attribute(
ucs_attribute='extensionName',
ldap_attribute='extensionName',
con_attribute='extensionName',
single_value=True,
),
'appSchemaVersion': univention.s4connector.attribute(
ucs_attribute='appSchemaVersion',
ldap_attribute='appSchemaVersion',
con_attribute='appSchemaVersion',
single_value=True,
),
},
),
'ms/gpsi-package-registration': univention.s4connector.property(
ucs_module='ms/gpsi-package-registration',
sync_mode=str(configRegistry.get('connector/s4/mapping/gpsi/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=packageRegistration)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/gpsi/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'packageRegistration'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=True,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'displayName': univention.s4connector.attribute(
ucs_attribute='displayName',
ldap_attribute='displayName',
con_attribute='displayName',
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'versionNumberLo': univention.s4connector.attribute(
ucs_attribute='versionNumberLo',
ldap_attribute='versionNumberLo',
con_attribute='versionNumberLo',
single_value=True,
),
'versionNumberHi': univention.s4connector.attribute(
ucs_attribute='versionNumberHi',
ldap_attribute='versionNumberHi',
con_attribute='versionNumberHi',
single_value=True,
),
'vendor': univention.s4connector.attribute(
ucs_attribute='vendor',
ldap_attribute='vendor',
con_attribute='vendor',
single_value=True,
),
'url': univention.s4connector.attribute(
ucs_attribute='url',
ldap_attribute='url',
con_attribute='url',
single_value=False,
),
'revision': univention.s4connector.attribute(
ucs_attribute='revision',
ldap_attribute='revision',
con_attribute='revision',
single_value=True,
),
'upgradeProductCode': univention.s4connector.attribute(
ucs_attribute='upgradeProductCode',
ldap_attribute='upgradeProductCode',
con_attribute='upgradeProductCode',
mapping=(_map_ldap_to_s4('upgradeProductCode'), _map_s4_to_udm_base64('upgradeProductCode')),
single_value=False,
),
'setupCommand': univention.s4connector.attribute(
ucs_attribute='setupCommand',
ldap_attribute='setupCommand',
con_attribute='setupCommand',
single_value=True,
),
'productCode': univention.s4connector.attribute(
ucs_attribute='productCode',
ldap_attribute='productCode',
con_attribute='productCode',
mapping=(_map_ldap_to_s4('productCode'), _map_s4_to_udm_base64('productCode')),
single_value=True,
),
'packageType': univention.s4connector.attribute(
ucs_attribute='packageType',
ldap_attribute='packageType',
con_attribute='packageType',
single_value=True,
),
'packageName': univention.s4connector.attribute(
ucs_attribute='packageName',
ldap_attribute='packageName',
con_attribute='packageName',
single_value=True,
),
'packageFlags': univention.s4connector.attribute(
ucs_attribute='packageFlags',
ldap_attribute='packageFlags',
con_attribute='packageFlags',
single_value=True,
),
'msiScriptSize': univention.s4connector.attribute(
ucs_attribute='msiScriptSize',
ldap_attribute='msiScriptSize',
con_attribute='msiScriptSize',
single_value=True,
),
'msiScriptPath': univention.s4connector.attribute(
ucs_attribute='msiScriptPath',
ldap_attribute='msiScriptPath',
con_attribute='msiScriptPath',
single_value=True,
),
'msiScriptName': univention.s4connector.attribute(
ucs_attribute='msiScriptName',
ldap_attribute='msiScriptName',
con_attribute='msiScriptName',
single_value=True,
),
'msiScript': univention.s4connector.attribute(
ucs_attribute='msiScript',
ldap_attribute='msiScript',
con_attribute='msiScript',
mapping=(_map_ldap_to_s4('msiScript'), _map_s4_to_udm_base64('msiScript')),
single_value=True,
),
'msiFileList': univention.s4connector.attribute(
ucs_attribute='msiFileList',
ldap_attribute='msiFileList',
con_attribute='msiFileList',
single_value=False,
),
'managedBy': univention.s4connector.attribute(
ucs_attribute='managedBy',
ldap_attribute='managedBy',
con_attribute='managedBy',
single_value=True,
),
'machineArchitecture': univention.s4connector.attribute(
ucs_attribute='machineArchitecture',
ldap_attribute='machineArchitecture',
con_attribute='machineArchitecture',
single_value=False,
),
'localeID': univention.s4connector.attribute(
ucs_attribute='localeID',
ldap_attribute='localeID',
con_attribute='localeID',
single_value=False,
),
'lastUpdateSequence': univention.s4connector.attribute(
ucs_attribute='lastUpdateSequence',
ldap_attribute='lastUpdateSequence',
con_attribute='lastUpdateSequence',
single_value=True,
),
'installUiLevel': univention.s4connector.attribute(
ucs_attribute='installUiLevel',
ldap_attribute='installUiLevel',
con_attribute='installUiLevel',
single_value=True,
),
'iconPath': univention.s4connector.attribute(
ucs_attribute='iconPath',
ldap_attribute='iconPath',
con_attribute='iconPath',
single_value=False,
),
'fileExtPriority': univention.s4connector.attribute(
ucs_attribute='fileExtPriority',
ldap_attribute='fileExtPriority',
con_attribute='fileExtPriority',
single_value=False,
),
'cOMTypelibId': univention.s4connector.attribute(
ucs_attribute='cOMTypelibId',
ldap_attribute='cOMTypelibId',
con_attribute='cOMTypelibId',
single_value=False,
),
'cOMProgID': univention.s4connector.attribute(
ucs_attribute='cOMProgID',
ldap_attribute='cOMProgID',
con_attribute='cOMProgID',
single_value=False,
),
'cOMInterfaceID': univention.s4connector.attribute(
ucs_attribute='cOMInterfaceID',
ldap_attribute='cOMInterfaceID',
con_attribute='cOMInterfaceID',
single_value=False,
),
'cOMClassID': univention.s4connector.attribute(
ucs_attribute='cOMClassID',
ldap_attribute='cOMClassID',
con_attribute='cOMClassID',
single_value=False,
),
'categories': univention.s4connector.attribute(
ucs_attribute='categories',
ldap_attribute='categories',
con_attribute='categories',
single_value=False,
),
'canUpgradeScript': univention.s4connector.attribute(
ucs_attribute='canUpgradeScript',
ldap_attribute='canUpgradeScript',
con_attribute='canUpgradeScript',
single_value=False,
),
},
),
'ms/domainpolicy': univention.s4connector.property(
ucs_module='ms/domainpolicy',
sync_mode=str(configRegistry.get('connector/s4/mapping/domainpolicy/syncmode', configRegistry.get('connector/s4/mapping/syncmode'))),
scope='sub',
con_search_filter='(objectClass=domainPolicy)',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/domainPolicy/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'leaf', 'domainPolicy'],
attributes={
'cn': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='cn',
con_attribute='cn',
required=True,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'qualityOfService': univention.s4connector.attribute(
ucs_attribute='qualityOfService',
ldap_attribute='qualityOfService',
con_attribute='qualityOfService',
single_value=True,
),
'pwdProperties': univention.s4connector.attribute(
ucs_attribute='pwdProperties',
ldap_attribute='pwdProperties',
con_attribute='pwdProperties',
single_value=True,
),
'pwdHistoryLength': univention.s4connector.attribute(
ucs_attribute='pwdHistoryLength',
ldap_attribute='pwdHistoryLength',
con_attribute='pwdHistoryLength',
single_value=True,
),
'publicKeyPolicy': univention.s4connector.attribute(
ucs_attribute='publicKeyPolicy',
ldap_attribute='publicKeyPolicy',
con_attribute='publicKeyPolicy',
mapping=(_map_ldap_to_s4('publicKeyPolicy'), _map_s4_to_udm_base64('publicKeyPolicy')),
single_value=True,
),
'proxyLifetime': univention.s4connector.attribute(
ucs_attribute='proxyLifetime',
ldap_attribute='proxyLifetime',
con_attribute='proxyLifetime',
single_value=True,
),
'minTicketAge': univention.s4connector.attribute(
ucs_attribute='minTicketAge',
ldap_attribute='minTicketAge',
con_attribute='minTicketAge',
single_value=True,
),
'minPwdLength': univention.s4connector.attribute(
ucs_attribute='minPwdLength',
ldap_attribute='minPwdLength',
con_attribute='minPwdLength',
single_value=True,
),
'minPwdAge': univention.s4connector.attribute(
ucs_attribute='minPwdAge',
ldap_attribute='minPwdAge',
con_attribute='minPwdAge',
single_value=True,
),
'maxTicketAge': univention.s4connector.attribute(
ucs_attribute='maxTicketAge',
ldap_attribute='maxTicketAge',
con_attribute='maxTicketAge',
single_value=True,
),
'maxRenewAge': univention.s4connector.attribute(
ucs_attribute='maxRenewAge',
ldap_attribute='maxRenewAge',
con_attribute='maxRenewAge',
single_value=True,
),
'maxPwdAge': univention.s4connector.attribute(
ucs_attribute='maxPwdAge',
ldap_attribute='maxPwdAge',
con_attribute='maxPwdAge',
single_value=True,
),
'managedBy': univention.s4connector.attribute(
ucs_attribute='managedBy',
ldap_attribute='managedBy',
con_attribute='managedBy',
single_value=True,
),
'lockoutThreshold': univention.s4connector.attribute(
ucs_attribute='lockoutThreshold',
ldap_attribute='lockoutThreshold',
con_attribute='lockoutThreshold',
single_value=True,
),
'lockoutDuration': univention.s4connector.attribute(
ucs_attribute='lockoutDuration',
ldap_attribute='lockoutDuration',
con_attribute='lockoutDuration',
single_value=True,
),
'lockOutObservationWindow': univention.s4connector.attribute(
ucs_attribute='lockOutObservationWindow',
ldap_attribute='lockOutObservationWindow',
con_attribute='lockOutObservationWindow',
single_value=True,
),
'ipsecPolicyReference': univention.s4connector.attribute(
ucs_attribute='ipsecPolicyReference',
ldap_attribute='ipsecPolicyReference',
con_attribute='ipsecPolicyReference',
single_value=True,
),
'forceLogoff': univention.s4connector.attribute(
ucs_attribute='forceLogoff',
ldap_attribute='forceLogoff',
con_attribute='forceLogoff',
single_value=True,
),
'eFSPolicy': univention.s4connector.attribute(
ucs_attribute='eFSPolicy',
ldap_attribute='eFSPolicy',
con_attribute='eFSPolicy',
mapping=(_map_ldap_to_s4('eFSPolicy'), _map_s4_to_udm_base64('eFSPolicy')),
single_value=False,
),
'domainWidePolicy': univention.s4connector.attribute(
ucs_attribute='domainWidePolicy',
ldap_attribute='domainWidePolicy',
con_attribute='domainWidePolicy',
mapping=(_map_ldap_to_s4('domainWidePolicy'), _map_s4_to_udm_base64('domainWidePolicy')),
single_value=False,
),
'domainPolicyReference': univention.s4connector.attribute(
ucs_attribute='domainPolicyReference',
ldap_attribute='domainPolicyReference',
con_attribute='domainPolicyReference',
single_value=True,
),
'domainCAs': univention.s4connector.attribute(
ucs_attribute='domainCAs',
ldap_attribute='domainCAs',
con_attribute='domainCAs',
single_value=False,
),
'defaultLocalPolicyObject': univention.s4connector.attribute(
ucs_attribute='defaultLocalPolicyObject',
ldap_attribute='defaultLocalPolicyObject',
con_attribute='defaultLocalPolicyObject',
single_value=True,
),
'authenticationOptions': univention.s4connector.attribute(
ucs_attribute='authenticationOptions',
ldap_attribute='authenticationOptions',
con_attribute='authenticationOptions',
single_value=True,
),
},
),
'ou': univention.s4connector.property(
ucs_module='container/ou',
sync_mode=configRegistry.get('connector/s4/mapping/ou/syncmode', configRegistry.get('connector/s4/mapping/syncmode')),
scope='sub',
con_search_filter='objectClass=organizationalUnit',
ignore_filter=ignore_filter_from_attr('ou', 'connector/s4/mapping/ou/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_create_objectclass=['top', 'organizationalUnit'],
attributes={
'ou': univention.s4connector.attribute(
ucs_attribute='name',
ldap_attribute='ou',
con_attribute='ou',
required=1,
compare_function=univention.s4connector.compare_lowercase,
single_value=True,
),
'description': univention.s4connector.attribute(
ucs_attribute='description',
ldap_attribute='description',
con_attribute='description',
single_value=True,
),
'gPLink': univention.s4connector.attribute(
ucs_attribute='gPLink',
ldap_attribute='msGPOLink',
con_attribute='gPLink',
single_value=True,
),
},
),
'container_dc': univention.s4connector.property(
ucs_module='container/dc',
ucs_default_dn='cn=samba,%(ldap/base)s' % configRegistry,
con_default_dn='%(connector/s4/ldap/base)s' % configRegistry,
sync_mode=configRegistry.get('connector/s4/mapping/dc/syncmode', configRegistry.get('connector/s4/mapping/syncmode')),
scope='sub',
identify=univention.s4connector.s4.dc.identify,
con_search_filter='(|(&(objectClass=domain)(!(|(name=DomainDnsZones)(name=ForestDnsZones))))(objectClass=sambaDomainName))',
ignore_filter=ignore_filter_from_attr('cn', 'connector/s4/mapping/dc/ignorelist'),
ignore_subtree=global_ignore_subtree,
con_sync_function=univention.s4connector.s4.dc.ucs2con,
ucs_sync_function=univention.s4connector.s4.dc.con2ucs,
)
}
if not configRegistry.is_true('connector/s4/mapping/gpo', True):
s4_mapping['container'].attributes.pop('gPLink')
if not configRegistry.is_true('connector/s4/mapping/gpo', True):
s4_mapping['ou'].attributes.pop('gPLink')
if not configRegistry.is_true('connector/s4/mapping/group/grouptype', True):
s4_mapping['group'].attributes.pop('groupType')
if not configRegistry.is_true('connector/s4/mapping/gpo', True):
s4_mapping.pop('msGPO')
if not configRegistry.is_true('connector/s4/mapping/wmifilter', False):
s4_mapping.pop('msWMIFilter')
if not configRegistry.is_true('connector/s4/mapping/msprintconnectionpolicy', False):
s4_mapping.pop('msPrintConnectionPolicy')
if not configRegistry.is_true('connector/s4/mapping/msgpwl', False):
s4_mapping.pop('ms/gpwl-wireless')
s4_mapping.pop('ms/gpwl-wired')
s4_mapping.pop('ms/gpwl-wireless-blob')
if not configRegistry.is_true('connector/s4/mapping/msgpipsec', False):
s4_mapping.pop('ms/gpipsec-filter')
s4_mapping.pop('ms/gpipsec-isakmp-policy')
s4_mapping.pop('ms/gpipsec-negotiation-policy')
s4_mapping.pop('ms/gpipsec-nfa')
s4_mapping.pop('ms/gpipsec-policy')
if not configRegistry.is_true('connector/s4/mapping/msgpsi', False):
s4_mapping.pop('ms/gpsi-category-registration')
s4_mapping.pop('ms/gpsi-class-store')
s4_mapping.pop('ms/gpsi-package-registration')
if not configRegistry.is_true('connector/s4/mapping/domainpolicy', False):
s4_mapping.pop('ms/domainpolicy')
[docs]def load_localmapping(filename='/etc/univention/connector/s4/localmapping.py'):
try:
if six.PY2:
import imp
mapping_hook = imp.load_source('localmapping', filename).mapping_hook
else:
import importlib.util
spec = importlib.util.spec_from_file_location('localmapping', filename)
mapping = importlib.util.module_from_spec(spec)
spec.loader.exec_module(mapping)
mapping_hook = mapping.mapping_hook
except (IOError, AttributeError):
return s4_mapping
else:
return mapping_hook(s4_mapping)
