class univention.admin.handlers.simpleLdap(co: None, lo: access, position: position | None, dn: str = '', superordinate: Self | None = None, attributes: dict[str, list[bytes]] | None = None)[source]#

Bases: object

The base class for all UDM handler modules.

Parameters:

co – deprecated parameter for a config. Please pass None.
lo – A required LDAP connection object which is used for all LDAP operations (search, create, modify). It should be bound to a user which has the LDAP permissions to do the required operations.
position – The LDAP container where a new object should be created in, or None for existing objects.
dn – The DN of an existing LDAP object. If a object should be created the DN must not be passed here!
superordinate – The superordinate object of this object. Can be omitted. It is automatically searched by the given DN or position.
attributes – The LDAP attributes of the LDAP object as dict. This should by default be omitted. To save performance when an LDAP search is done this can be used, e.g. by the lookup() method. If given make sure the dict contains all attributes which are required by _ldap_attributes().

The following attributes hold information about the state of this object:

Variables:

dn (str) – A LDAP distinguished name (DN) of this object (if exists, otherwise None)
module (str) – the UDM handlers name (e.g. users/user)
oldattr (dict) – The LDAP attributes of this object as dict. If the object does not exists the dict is empty.
info (dict) – A internal dictionary which holds the values for every property.
options (list) – A list of UDM options which are enabled on this object. Enabling options causes specific object classes and attributes to be added to the object.
policies (list) – A list of DNs containing references to assigned policies.
properties (dict) – a dict which maps all UDM properties to univention.admin.property instances.
mapping (univention.admin.mapping.mapping) – A univention.admin.mapping.mapping instance containing a mapping of UDM property names to LDAP attribute names.
oldinfo (dict) – A private copy of info containing the original properties which were set during object loading. This is only set by univention.admin.handlers.simpleLdap.save().
old_options (list) – A private copy of options containing the original options which were set during object loading. This is only set by univention.admin.handlers.simpleLdap.save().
oldpolicies (list) – A private copy of policies containing the original policies which were set during object loading. This is only set by univention.admin.handlers.simpleLdap.save().

Caution

Do not operate on info directly because this would bypass syntax validations. This object should be used like a dict. Properties should be assigned in the following way: obj[‘name’] = ‘value’

module = ''#

use_performant_ldap_search_filter = False#

ldap_base = 'dc=example,dc=org'#

default_containers_attribute_name = None#

property authz#

set_lo_machine_primary(lo: access) → None[source]#

property lo_machine_primary: access#

property descriptions: dict[str, property]#

property entry_uuid: str | None#: The entry UUID of the object (if object exists)

property object_identifier: str | None#: The univentionObjectIdentifier of the object (if object exists)

save() → None[source]#: Saves the current internal object state as old state for later comparison when e.g. modifying this object.

See also

This method should be called by univention.admin.handlers.simpleLdap.open() and after further modifications in modify() / create().

Note

self.oldattr is not set and must be set manually

diff() → list[tuple[str, Any, Any]][source]#

Returns the difference between old and current state as a UDM modlist.

Returns:: A list of 3-tuples (udm-property-name, old-property-value, new-property-values).

hasChanged(key: str | Iterable[str]) → bool[source]#

Checks if the given attribute(s) was (were) changed.

Parameters:: key – The name of a property.
Returns:: True if the property changed, False otherwise.

ready() → None[source]#

Makes sure all preconditions are met before creating or modifying this object.

It checks if all properties marked required are set. It checks if the superordinate is valid.

Raises:: univention.admin.uexceptions.insufficientInformation

has_property(key: str) → bool[source]#

Checks if the property exists in this module and if it is enabled in the set UDM options.

Parameters:: key (str) – The name of a property.
Returns:: True if the property exists and is enabled, False otherwise.

get(key: str, default: Any = None) → Any[source]#

Return the currently set value of the given property.

Parameters:

key (str) – The name of a property.
default – The default to return if the property is not set.

Returns:

The currently set value. If the value is not set default is returned.

keys() → Iterable[str][source]#

Returns the names of all properties this module has.

Returns:: The list of property names.

items() → Iterable[tuple[str, Any]][source]#

Return all items which belong to the current options - even if they are empty.

Returns:: a list of 2-tuples (udm-property-name, property-value).

Warning

In certain circumstances this sets the default value for every property (e.g. when having a new object).

create(serverctrls: list[LDAPControl] | None = None, response: dict[str, Any] | None = None, ignore_license: bool = False) → str[source]#

Creates the LDAP object if it does not exists by building the list of attributes (addlist) and write it to LDAP. If this call raises an exception it is necessary to instantiate a new object before trying to create it again.

Raises:

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be created.

Raises:

univention.admin.uexceptions.objectExists if the object already exists.

Raises:

univention.admin.uexceptions.permissionDenied if no permissions for creation exists

Raises:

univention.admin.uexceptions.insufficientInformation

Parameters:

serverctrls – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.
response (dict) – An optional dictionary to receive the server controls of the result.
ignore_license – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled

Returns:

The DN of the created object.

modify(modify_childs: bool = True, ignore_license: bool = False, serverctrls: list[LDAPControl] | None = None, response: dict[str, Any] | None = None) → str[source]#

Modifies the LDAP object by building the difference between the current state and the old state of this object and write this modlist to LDAP.

Parameters:

modify_childs – Specifies if child objects should be modified as well.
ignore_license – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled

Raises:

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be modified.

Raises:

univention.admin.uexceptions.noObject if the object does not exists.

Raises:

univention.admin.uexceptions.permissionDenied if no permissions for modification exists

Raises:

univention.admin.uexceptions.insufficientInformation

Returns:

The DN of the modified object.

move(newdn: str, ignore_license: bool = False, temporary_ou: str | None = None) → str[source]#

Moves the LDAP object to the target position.

Parameters:

newdn (str) – The DN of the target position.
ignore_license (bool) – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled.
temporary_ou (str) – The distiguished name of a temporary container which is used to rename the object if only is letter casing changes.

Raises:

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be moved.

Raises:

univention.admin.uexceptions.noObject if the object does not exists.

Raises:

univention.admin.uexceptions.permissionDenied if no permissions for moving exists

Returns:

The new DN of the moved object

move_subelements(olddn: str, newdn: str, subelements: list[tuple[str, dict]], ignore_license: bool = False) → list[tuple[str, str]] | None[source]#

Internal function to move all children of a container.

Parameters:

olddn (str) – The old distinguished name of the parent container.
newdn (str) – The new distinguished name of the parent container.
subelements – A list of 2-tuples (old-dn, old-attrs) for each child of the parent container.
ignore_license (bool) – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled.

Returns:

A list of 2-tuples (old-dn, new-dn)

restore() → None[source]#

Restore LDAP object from recyclebin with all the LDAP attributes from the deleted object (excluding operational and recyclebin attributes)

Raises:: univention.admin.uexceptions.restoreFailed if e.g. parent DN doesn’t exists.
Raises:: univention.admin.uexceptions.invalidOperation if objects of this type do not support to be restored.
Raises:: univention.admin.uexceptions.noObject if the object does not exist.
Raises:: univention.admin.uexceptions.permissionDenied if no permissions for restore exists.

restore_references()[source]#: Restore references

remove(remove_childs: bool = False) → None[source]#

Removes this LDAP object.

Parameters:: remove_childs (bool) – Specifies to remove children objects before removing this object.
Raises:: univention.admin.uexceptions.ldapError (Operation not allowed on non-leaf: subordinate objects must be deleted first) if the object contains childrens and remove_childs is False.
Raises:: univention.admin.uexceptions.invalidOperation if objects of this type do not support to be removed.
Raises:: univention.admin.uexceptions.permissionDenied if no permissions for removal exists
Raises:: univention.admin.uexceptions.noObject if the object does not exists.

get_gid_for_primary_group() → str[source]#

Return the numerical group ID of the primary group.

Returns:: The numerical group ID as a string or “99999” if no primary group is declared.
Raises:: univention.admin.uexceptions.primaryGroup – if the object has no primary group.

get_sid_for_primary_group() → str[source]#

Return the Windows security ID for the primary group.

Returns:: The security identifier of the primary group.
Raises:: univention.admin.uexceptions.primaryGroup – if the object has no primary group.

exists() → bool[source]#

Indicates that this object exists in LDAP.

Returns:: True if the object exists in LDAP, False otherwise.

call_udm_property_hook(hookname: Literal['hook_open', 'hook_ldap_pre_create', 'hook_ldap_addlist', 'hook_ldap_post_create', 'hook_ldap_pre_modify', 'hook_ldap_modlist', 'hook_ldap_post_modify', 'hook_ldap_pre_remove', 'hook_ldap_post_remove'], module: Self, changes=None) → dict[str, tuple] | None[source]#

Internal method to call a hook scripts of extended attributes.

Parameters:

hookname (str) – The name of the hook function to call.
module (str) – The name of the UDM module.
changes (dict) – A list of changes.

Returns:

The (modified) list of changes.

open() → None[source]#

Opens this object.

During the initialization of this object the current set LDAP attributes are mapped into info. This method makes it possible to e.g. resolve external references to other objects which are not represented in the raw LDAP attributes of this object, for example the group memberships of a user.

By default only the open hook for extended attributes is called. This method can be subclassed.

Warning

If this method changes anything in self.info it must call save() afterwards.

Warning

If your are going to do any modifications (such as creating, modifying, moving, removing this object) this method must be called directly after the constructor and before modifying any property.

option_toggled(option: str) → bool[source]#

Checks if an UDM option was changed.

Parameters:: option (str) – The name of the option to check.
Returns:: True if the option was changed, False otherwise.

Warning

This does not work for not yet existing objects.

policy_reference(*policies)[source]#

policy_dereference(*policies)[source]#

policiesChanged() → bool[source]#

description() → str[source]#

Return a descriptive string for the object. By default the relative distinguished name is returned.

Returns:: A descriptive string or none as fallback.

set_default_values() → None[source]#: Sets all the default values of all properties.

loadPolicyObject(policy_type: str, reset: int = 0) → simplePolicy[source]#

closePolicyObjects() → None[source]#

savePolicyObjects() → None[source]#

cancel() → None[source]#: Cancels the object creation or modification. This method can be subclassed to revert changes for example releasing locks.

request_lock(name: Literal['uidNumber', 'gidNumber'], value: str | None = None, updateLastUsedValue: bool = True) → str[source]#
request_lock(name: Literal['uidNumber', 'gidNumber', 'uid', 'gid', 'sid', 'domainSid', 'mailPrimaryAddress', 'mailAlternativeAddress', 'aRecord', 'mac', 'groupName', 'cn-uid-position', 'univentionObjectIdentifier'], value: str, updateLastUsedValue: bool = True) → str: Request a lock for the given value

request_unique(name, value: str | None = None)[source]#

classmethod get_default_containers(lo: access) → list[str][source]#

Returns list of default containers for this module.

Parameters:: lo (univention.admin.uldap.access) – UDM LDAP access object.

classmethod lookup(co: None, lo: access, filter_s: str, base: str = '', superordinate: Self | None = None, scope: str = 'sub', unique: bool = False, required: bool = False, timeout: int = -1, sizelimit: int = 0, serverctrls: list | None = None, response: dict | None = None, authz: bool = True) → list[Self][source]#

Perform a LDAP search and return a list of instances.

Parameters:

co – obsolete config
lo – UDM LDAP access object.
filter_s – LDAP filter string.
base – LDAP search base distinguished name.
superordinate – Distinguished name of a superordinate object.
scope – Specify the scope of the search to be one of base, base+one, one, sub, or domain to specify a base object, base plus one-level, one-level, subtree, or children search.
unique – Raise an exception if more than one object matches.
required – Raise an exception instead of returning an empty dictionary.
timeout – wait at most timeout seconds for a search to complete. -1 for no limit.
sizelimit – retrieve at most sizelimit entries for a search. 0 for no limit.
serverctrls – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.
response – An optional dictionary to receive the server controls of the result.
authz – ignore authorization checks (dangerous!)

Returns:

A list of UDM objects.

classmethod lookup_filter(filter_s: str | None = None, lo: access | None = None) → conjunction[source]#

Return a LDAP filter as a UDM filter expression.

Parameters:

filter_s (str) – LDAP filter string.
lo (univention.admin.uldap.access) – UDM LDAP access object.

Returns:

A LDAP filter expression.

See lookup().

classmethod lookup_filter_superordinate(filter: conjunction, superordinate: Self) → conjunction[source]#

classmethod unmapped_lookup_filter() → conjunction[source]#

Return a LDAP filter UDM filter expression.

Returns:: A LDAP filter expression.

See lookup_filter().

classmethod rewrite_filter(filter: expression, mapping: mapping) → None[source]#

classmethod identify(dn: str, attr: dict[str, list[bytes]], canonical: bool = False) → bool[source]#

class univention.admin.handlers.simpleComputer(co: None, lo: access, position: position | None, dn: str = '', superordinate: simpleLdap | None = None, attributes: dict[str, list[bytes]] | None = None)[source]#

Bases: simpleLdap

getMachineSid(lo: access, position: position, uidNum: str, rid: str | None = None) → str[source]#

open() → None[source]#: Load the computer object from LDAP.

check_common_name_length() → None[source]#

classmethod calc_dns_reverse_entry_name(sip: str, reverseDN: str) → str[source]#

>>> simpleComputer.calc_dns_reverse_entry_name('10.200.2.5', 'subnet=2.200.10.in-addr.arpa')
u'5'
>>> simpleComputer.calc_dns_reverse_entry_name('10.200.2.5', 'subnet=200.10.in-addr.arpa')
u'5.2'
>>> simpleComputer.calc_dns_reverse_entry_name('2001:db8::3', 'subnet=0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa')
u'3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0'
>>> simpleComputer.calc_dns_reverse_entry_name('1.2.3.4', 'subnet=2.in-addr.arpa')
Traceback (most recent call last):
    ...
ValueError: 4.3.2.1.in-addr.arpa not in .2.in-addr.arpa

update_groups() → None[source]#

primary_group() → None[source]#

cleanup() → None[source]#

class univention.admin.handlers.simplePolicy(co: None, lo: access, position: position, dn: str = '', superordinate: simpleLdap | None = None, attributes: dict[str, list[bytes]] | None = None)[source]#

Bases: simpleLdap

Base class for policies/* UDM modules

copyIdentifier(from_object: simpleLdap) → None[source]#: Activate the result mode and set the referring object

clone(referring_object: simpleLdap) → None[source]#: Marks the object as a not existing one containing values retrieved by evaluating the policies for the given object

getIdentifier() → str[source]#

create(serverctrls: list[LDAPControl] | None = None, response: dict[str, Any] | None = None) → str[source]#

Raises:

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be created.

Raises:

univention.admin.uexceptions.objectExists if the object already exists.

Raises:

univention.admin.uexceptions.permissionDenied if no permissions for creation exists

Raises:

univention.admin.uexceptions.insufficientInformation

Parameters:

serverctrls – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.
response (dict) – An optional dictionary to receive the server controls of the result.
ignore_license – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled

Returns:

The DN of the created object.

policy_result(faked_policy_reference: str | list[str] | None = None) → None[source]#

This method retrieves the policy values currently effective for this object. If the ‘resultmode’ is not active the evaluation is cancelled.

If faked_policy_reference is given at the top object (referring_object_dn) this policy object temporarily referenced.

faked_policy_reference can be a string or a list of strings.

fixedAttributes() → dict[str, bool][source]#: Return effectively fixed attributes.

emptyAttributes() → dict[str, bool][source]#: return effectively empty attributes.

Univention Corporate Server Python API 5.2 documentation

univention.admin.handlers package

Contents

univention.admin.handlers package#

Subpackages#