ucsschool.lib package

ucsschool.lib package#

Subpackages#

Submodules#

ucsschool.lib.consistency module#

This module check the constistency of USC@school users, shares and groups

class ucsschool.lib.consistency.UserCheck[source]#

Bases: object

check_allowed_membership(group_dn: str, students: bool | None = False, teachers: bool | None = False, staff: bool | None = False) → List[str][source]#: This function is used to check if a group of a user matches the users UCS@school role(s). The caller specifies the group dn and the user roles which are allowed by setting them to ‘True’. Example: ‘group_dn’ is expected to be a teachers group, i.e. ‘teachers’ is set to True by the caller. If the group turns out to be a students group (where teachers are disallowed) and ‘students’ is False, it is an error. A warning will be appended to a list which will be returned.

get_users_from_ldap(school: str, users: List[str]) → Tuple[str, Dict[str, List[bytes]]][source]#

check_user(dn: str, attrs: Dict[str, List[bytes]]) → List[str][source]#

ucsschool.lib.consistency.check_mandatory_groups_exist(school: str = None) → Dict[str, List[str]][source]#

ucsschool.lib.consistency.check_containers(school: str | None = None) → Dict[str, List[str]][source]#

ucsschool.lib.consistency.check_shares(school: str | None = None) → Dict[str, List[str]][source]#

ucsschool.lib.consistency.check_server_group_membership(school: str | None = None) → Dict[str, List[str]][source]#

ucsschool.lib.consistency.check_all(school: str | None = None, user_dn: str | None = None) → Dict[str, Dict[str, List[str]]][source]#

ucsschool.lib.create_ou module#

Class to create an OU. Used by create_ou script and customer single user HTTP API.

ucsschool.lib.create_ou.create_ou(ou_name, display_name, edu_name, admin_name, share_name, lo, baseDN, hostname, is_single_master, alter_dhcpd_base=None)[source]#

Create a ucsschool OU.

Parameters:

ou_name (str) – name for the OU, see models.attributes::SchoolName for allowed values, may contain dashes and underscores, but the latter only if DC name(s) are passed explicitly (without underscore), max length is 11 chars if DC names are not passed explicitly.
display_name (str) – display name for the OU
edu_name (str) – host name of educational school server, see models.attributes::DCName for allowed values, may contain dashes but no underscores, max 13 chars
admin_name (str) – host name of administrative school server, see models.attributes::DCName for allowed values, may contain dashes but no underscores, max 13 chars
share_name (str) – host name
lo (univention.uldap.access) – LDAP connection object
baseDN (str) – base DN
hostname (str) – hostname of Primary Directory Node in case of singleserver
is_single_master (bool) – whether it is a singleserver
alter_dhcpd_base (bool) – if the DHCP base should be modified

Return bool:

whether the OU was sucessfully created (or already existed)

Raises:

ValueError – on validation errors
uidAlreadyUsed –

ucsschool.lib.i18n module#

ucsschool.lib.i18n.ucs_school_name_i18n(name, lang='de')[source]#: i18n function for localization of UCS@school standard names

ucsschool.lib.info module#

class ucsschool.lib.info.MembershipFlags(is_edu_school_member, is_admin_school_member)#

Bases: tuple

Create new instance of MembershipFlags(is_edu_school_member, is_admin_school_member)

is_admin_school_member#: Alias for field number 1

is_edu_school_member#: Alias for field number 0

ucsschool.lib.info.get_school_membership_type(lo: univention.uldap.access, dn: str) → MembershipFlags[source]#

Returns a named tuple, that states if the given computer object specified by dn is an educational school Replica Directory Node/Managed Node or administrative Replica Directory Node/Managed Node.

Parameters:

lo (univention.uldap.access) – the LDAP connection
dn (str) – DN of the computer object

Returns:

a named tuple that contains flags for educational and administrative membership

Return type:

namedtuple(is_edu_school_member, is_admin_school_member)

ucsschool.lib.info.is_central_computer(lo: univention.uldap.access, dn: str) → bool[source]#

Checks if the given computer object specified by dn is a central system or located at a specific school.

Parameters:

lo (univention.uldap.access) – the LDAP connection
dn (str) – DN of the computer object

Returns:

is the computer a central system?

Return type:

bool

ucsschool.lib.info.is_school_slave(lo: univention.uldap.access, dn: str) → bool[source]#

Checks if the given domaincontroller_slave object (specified by dn) is a school Replica Node.

Parameters:

lo (univention.uldap.access) – the LDAP connection
dn (str) – DN of the computer object

Returns:

is the computer a school Replica Directory Node?

Return type:

bool

Raises:

ValueError – computer DN does not refer to a computers/domaincontroller_slave object

ucsschool.lib.internetrules module#

class ucsschool.lib.internetrules.Rule(name, type=0, priority=0, wlan=False, domains=[], userRule=False)[source]#

Bases: object

property domains#: Return list of all domains, the order respects the indeces. Show only the entries that match the current filter type.

addDomain(domain, idx=-1, listType=None)[source]#: add a new domain with an optional fixed index and list type

save()[source]#: Save the current rule as UCR variables. If the rule already exists, only the changed properties will be saved. In case the rules are similar, no changes will be done.

ucsschool.lib.internetrules.findUCRVariables(filterName=None, userRule=False)[source]#: Returns a dict of all UCR variables or all variables matching the specified rule name.

ucsschool.lib.internetrules.remove(name, userRule=False)[source]#: Removes the UCR variables corresponding to the specified rule.

ucsschool.lib.internetrules.load(name, userRule=False)[source]#: Wrapper for list(name).

ucsschool.lib.internetrules.list(filterName=None, userRule=False)[source]#: Returns a list of all existing rules. If name is given, returns only the rule matching the specified name or None. userRule specifies whether all common rules (=False) or only user-specific rules (=True) are listed. If filterName is specified, only rule matching this name is returned as single object (not as list!).

ucsschool.lib.internetrules.getGroupRuleName(groupNames)[source]#

Return the name of the filter rule for the specified group name.

Usage:: getGroupRuleName([<groupName>, …]) -> { <groupName>:<ruleName>, … }
or:: getGroupRuleName(<groupName) -> <ruleName>

ucsschool.lib.internetrules.unsetGroupRuleName(groupNames)[source]#

Unset the default rule for the given group name.

Usage:: setGroupRuleName(<groupName>)
or:: setGroupRuleName([<groupName>, … ])

ucsschool.lib.internetrules.setGroupRuleName(*args)[source]#

Set the default rule for the given group name.

Usage:: setGroupRuleName(<groupName>, <ruleName>)
or:: setGroupRuleName({ <groupName>: <ruleName>, … })

ucsschool.lib.roles module#

exception ucsschool.lib.roles.UcsschoolRoleStringError[source]#: Bases: Exception

exception ucsschool.lib.roles.UnknownRole[source]#: Bases: UcsschoolRoleStringError

exception ucsschool.lib.roles.UnknownContextType[source]#: Bases: UcsschoolRoleStringError

exception ucsschool.lib.roles.InvalidUcsschoolRoleString[source]#: Bases: UcsschoolRoleStringError

ucsschool.lib.roles.create_ucsschool_role_string(role: str, context: str, context_type: str | None = 'school', school: str | None = '') → str[source]#: This function takes a role, a context_type and a context to create a valid ucsschoolRole string. :param role: The role :param context: The context :param context_type: The context type :param school: Old variable name for context. DEPRECATED! TODO: Should be removed in 4.4v5 :return: The valid ucsschoolRole string

ucsschool.lib.roles.get_role_info(ucsschool_role_string: str) → Tuple[str, str, str][source]#: This function separates the individual elements of an ucsschool role string. Raises InvalidUcsschoolRoleString if the string provided is no valid role string. Raises UnknownRole if the role is unknown. Raises UnknownContextType if the context type is unknown. :param ucsschool_role_string: The role string to separate :return: (role, context_type, context)

ucsschool.lib.roleshares module#

Role specific shares

ucsschool.lib.roleshares.roleshare_name(role: str, school_ou: str, ucr: ConfigRegistry) → str[source]#

ucsschool.lib.roleshares.roleshare_path(role: str, school_ou: str, ucr: ConfigRegistry) → str[source]#

ucsschool.lib.roleshares.roleshare_home_subdir(school_ou: str, roles: List[str], ucr: ConfigRegistry | None = None) → str[source]#

ucsschool.lib.roleshares.create_roleshare_on_server(role, school_ou, share_container_dn, serverfqdn, teacher_group=None, ucr=None, ldap_user_read=None, ldap_user_write=None, ldap_position=None)[source]#

ucsschool.lib.roleshares.fqdn_from_serverdn(server_dn, ldap_machine_read=None, ldap_position=None)[source]#

ucsschool.lib.roleshares.fileservers_for_school(school_id, ldap_machine_read=None, ldap_position=None)[source]#

ucsschool.lib.roleshares.create_roleshare_for_searchbase(role, school, ucr=None, ldap_user_read=None)[source]#

ucsschool.lib.roleshares.create_roleshares(role_list, school_list=None, ucr=None, ldap_machine_read=None)[source]#

ucsschool.lib.school_umc_base module#

class ucsschool.lib.school_umc_base.SchoolSanitizer(regex_pattern: Pattern[str] | str | None = None, re_flags: int = 0, minimum: int | None = None, maximum: int | None = None, **kwargs: Any)[source]#: Bases: StringSanitizer

class ucsschool.lib.school_umc_base.SchoolBaseModule(*args, **kwargs)[source]#

Bases: Base

This class serves as base class for UCS@school UMC modules that need LDAP access. It initiates the list of available OUs (self.availableSchools) and initiates the search bases (self.searchBase). set_bind_function() is called automatically to allow LDAP connections. In order to integrate this class into a module, use the following paradigm:

class Instance(SchoolBaseModule):

def __init__(self):: # initiate list of internal variables SchoolBaseModule.__init__(self) # … custom code
def init(self):: SchoolBaseModule.init(self) # … custom code

prepare(request)[source]#: this function is invoked after the module process started.

schools(request, ldap_user_read=None)[source]#: Returns a list of all available school

classes(request)[source]#: Returns a list of all classes of the given school

workgroups(request)[source]#: Returns a list of all working groups of the given school

groups(request)[source]#: Returns a list of all groups (classes and workgroups) of the given school

rooms(request)[source]#: Returns a list of all available school

class ucsschool.lib.school_umc_base.LDAP_Filter[source]#

Bases: object

static forSchool(school: str) → str[source]#

static forUsers(pattern: str, _escape_filter_chars: bool | None = True) → str[source]#

static forGroups(pattern: str, school: str | None = None, _escape_filter_chars: bool | None = True, school_prefix: str | None = '') → str[source]#

static forComputers(pattern: str) → str[source]#

regWhiteSpaces = re.compile('\\s+')#

static forAll(pattern: str, subMatch: List[str] | None = [], fullMatch: List[str] | None = [], prefixes: Dict[str, Any] | None = {}, _escape_filter_chars: bool | None = True, school_suffix: str | None = '', school_prefix: str | None = '', seperator: str | None = '-') → str[source]#

class ucsschool.lib.school_umc_base.Display[source]#

Bases: object

static user(udm_object: UdmObject) → str[source]#

static user_ldap(ldap_object: Dict[str, Any]) → str[source]#

ucsschool.lib.school_umc_ldap_connection module#

ucsschool.lib.school_umc_ldap_connection.set_bind_function(bind_callback)[source]#

ucsschool.lib.school_umc_ldap_connection.set_credentials(dn, passwd)[source]#

ucsschool.lib.school_umc_ldap_connection.LDAP_Connection(*connection_types)[source]#

This decorator function provides access to internally cached LDAP connections that can be accessed via adding specific keyword arguments to the function.

The function which uses this decorator may specify the following additional keyword arguments:

Parameters:

ldap_position (univention.admin.uldap.position) – a valid ldap position.
ldap_user_read – a read only LDAP connection to the local LDAP server authenticated with the currently used user
ldap_user_write – a read/write LDAP connection to the master LDAP server authenticated with the currently used user
ldap_machine_read – a read only LDAP connection to the local LDAP server authenticated with the machine account
ldap_machine_write – a read/write LDAP connection to the master LDAP server authenticated with the machine account
ldap_admin_write – a read/write LDAP connection to the master LDAP server authenticated with cn=admin account
search_base – (deprecated!) a SchoolSearchBase instance which is bound to the school of the user or machine.

This decorator can only be used after set_bind_function() has been executed.

@LDAP_Connection()
def do_ldap_stuff(arg1, arg2, ldap_user_write=None, ldap_user_read=None, ldap_position=None):
    ...
    ldap_user_read.searchDn(..., position=ldap_position)
    ...

ucsschool.lib.schoolldap module#

class ucsschool.lib.schoolldap.SchoolSearchBase(availableSchools: Sequence[str], school: str | None = None, dn: str | None = None, ldapBase: str | None = None)[source]#

Bases: object

Deprecated: don’t use position to identify user objects

ucr: ConfigRegistry = <univention.config_registry.backend.ConfigRegistry object>#

group_prefix_students = 'schueler-'#

group_prefix_teachers = 'lehrer-'#

group_prefix_admins = 'admins-'#

group_prefix_staff = 'mitarbeiter-'#

classmethod getOU(dn: str) → str[source]#

Return the school OU for a given DN.

>>> SchoolSearchBase.getOU('uid=a,fou=bar,Ou=dc1,oU=dc,dc=foo,dc=bar')
'dc1'

classmethod getOUDN(dn: str) → str[source]#

Return the School OU-DN part for a given DN.

>>> SchoolSearchBase.getOUDN('uid=a,fou=bar,Ou=dc1,oU=dc,dc=foo,dc=bar')
'Ou=dc1,oU=dc,dc=foo,dc=bar'
>>> SchoolSearchBase.getOUDN('ou=dc1,ou=dc,dc=foo,dc=bar')
'ou=dc1,ou=dc,dc=foo,dc=bar'
>>> SchoolSearchBase.getOUDN('dc=foo,dc=bar')
'dc=foo,dc=bar'

property dhcp: str#

property policies: str#

property networks: str#

property school: str#

property schoolDN: str#

property users: str#

property groups: str#

property students_group: str#

property teachers_group: str#

property staff_group: str#

property admins_group: str#

property workgroups: str#

property classes: str#

property rooms: str#

property students: str#

property teachers: str#

property teachersAndStaff: str#

property staff: str#

property admins: str#

property classShares: str#

property shares: str#

property printers: str#

property computers: str#

property examUsers: str#

property globalGroupContainer: str#

property educationalDCGroup: str#

property educationalMemberGroup: str#

property administrativeDCGroup: str#

property administrativeMemberGroup: str#

property examGroupName: str#

property examGroup: str#

isWorkgroup(groupDN: str) → bool[source]#

isGroup(groupDN: str) → bool[source]#

isClass(groupDN: str) → bool[source]#

isRoom(groupDN: str) → bool[source]#

classmethod get_is_teachers_group_regex() → Pattern[source]#

classmethod get_is_admins_group_regex() → Pattern[source]#

classmethod get_is_staff_group_regex() → Pattern[source]#

classmethod get_is_student_group_regex() → Pattern[source]#

classmethod get_staff_group_regex() → Pattern[source]#

classmethod get_students_group_regex() → Pattern[source]#

classmethod get_students_pos_regex() → Pattern[source]#

classmethod get_teachers_pos_regex() → Pattern[source]#

classmethod get_staff_pos_regex() → Pattern[source]#

classmethod get_teachers_and_staff_pos_regex() → Pattern[source]#

classmethod get_admins_pos_regex() → Pattern[source]#

classmethod get_exam_users_pos_regex() → Pattern[source]#

classmethod get_schoolclass_pos_regex() → Pattern[source]#

classmethod get_workgroup_pos_regex() → Pattern[source]#

classmethod get_computerroom_pos_regex() → Pattern[source]#

classmethod get_workgroup_share_pos_regex() → Pattern[source]#

classmethod get_school_class_share_pos_regex() → Pattern[source]#

ucsschool.lib.schoollessons module#

class ucsschool.lib.schoollessons.Lesson(name, begin, end)[source]#

Bases: object

TIME_REGEX = re.compile('^([01][0-9]|2[0-3]|[0-9]):([0-5][0-9])')#

property name#

property begin#

property end#

intersect(lesson)[source]#

class ucsschool.lib.schoollessons.SchoolLessons(filename='/var/lib/ucs-school-lib/lessons.ini')[source]#

Bases: ConfigParser

init()[source]#

remove(lesson)[source]#

add(lesson, begin=None, end=None)[source]#

save()[source]#

property lessons#

property current#

property next#

property previous#

ucsschool.lib.smbstatus module#

Parser for smbstatus

class ucsschool.lib.smbstatus.SMB_LockedFile[source]#

Bases: dict

property filename#

property sharePath#

class ucsschool.lib.smbstatus.SMB_Process(args)[source]#

Bases: dict

property username#

property pid#

property machine#

property lockedFiles#

property services#

property ipv4address#

property ipv6address#

property ipaddress#

update([E, ]**F) → None. Update D from dict/iterable E and F.[source]#: If E is present and has a .keys() method, then does: for k in E: D[k] = E[k] If E is present and lacks a .keys() method, then does: for k, v in E: D[k] = v In either case, this is followed by: for k in F: D[k] = F[k]

class ucsschool.lib.smbstatus.SMB_Status(testdata=None)[source]#

Bases: list

parse(testdata=None)[source]#

update(service)[source]#

Univention Corporate Server Python API 5.2 documentation

ucsschool.lib package

Contents

ucsschool.lib package#

Subpackages#

Submodules#

ucsschool.lib.consistency module#

ucsschool.lib.create_ou module#

ucsschool.lib.i18n module#

ucsschool.lib.info module#

ucsschool.lib.internetrules module#

ucsschool.lib.roles module#

ucsschool.lib.roleshares module#

ucsschool.lib.school_umc_base module#

ucsschool.lib.school_umc_ldap_connection module#

ucsschool.lib.schoolldap module#

ucsschool.lib.schoollessons module#

ucsschool.lib.smbstatus module#