co (None) – deprecated parameter for a config. Please pass None.
lo (univention.admin.uldap.access) – A required LDAP connection object which is used for all LDAP operations (search, create, modify). It should be bound to a user which has the LDAP permissions to do the required operations.
position (univention.admin.uldap.position or None) – The LDAP container where a new object should be created in, or None for existing objects.
dn (str or None) – The DN of an existing LDAP object. If a object should be created the DN must not be passed here!
superordinate (univention.admin.handlers.simpleLdap or None.) – The superordinate object of this object. Can be omitted. It is automatically searched by the given DN or position.
attributes (None or dict) – The LDAP attributes of the LDAP object as dict. This should by default be omitted. To save performance when an LDAP search is done this can be used, e.g. by the lookup() method.

The following attributes hold information about the state of this object:

Variables

dn (str) – A LDAP distinguished name (DN) of this object (if exists, otherwise None)
module (str) – the UDM handlers name (e.g. users/user)
oldattr (dict) – The LDAP attributes of this object as dict. If the object does not exists the dict is empty.
info (dict) – A internal dictionary which holds the values for every property.
options (list) – A list of UDM options which are enabled on this object. Enabling options causes specific object classes and attributes to be added to the object.
policies (list) – A list of DNs containing references to assigned policies.
properties (dict) – a dict which maps all UDM properties to univention.admin.property instances.
mapping (univention.admin.mapping.mapping) – A univention.admin.mapping.mapping instance containing a mapping of UDM property names to LDAP attribute names.
oldinfo (dict) – A private copy of info containing the original properties which were set during object loading. This is only set by univention.admin.handlers.simpleLdap.save().
old_options (list) – A private copy of options containing the original options which were set during object loading. This is only set by univention.admin.handlers.simpleLdap.save().
oldpolicies (list) – A private copy of policies containing the original policies which were set during object loading. This is only set by univention.admin.handlers.simpleLdap.save().

Caution

Do not operate on info directly because this would bypass syntax validations. This object should be used like a dict. Properties should be assigned in the following way: obj[‘name’] = ‘value’

module = ''¶

use_performant_ldap_search_filter = False¶

property descriptions¶

save()[source]¶: Saves the current internal object state as old state for later comparison when e.g. modifying this object.

See also

This method should be called by univention.admin.handlers.simpleLdap.open() and after further modifications in modify() / create().

Note

self.oldattr is not set and must be set manually

diff()[source]¶

Returns the difference between old and current state as a UDM modlist.

Returns: A list of 3-tuples (udm-property-name, old-property-value, new-property-values).
Return type: list

hasChanged(key)[source]¶

Checks if the given attribute(s) was (were) changed.

Parameters: key (str or list[str] or tuple[str]) – The name of a property.
Returns: True if the property changed, False otherwise.
Return type: bool

ready()[source]¶

Makes sure all preconditions are met before creating or modifying this object.

It checks if all properties marked required are set. It checks if the superordinate is valid.

Returns: True
Return type: bool
Raises: univention.admin.uexceptions.insufficientInformation

has_property(key)[source]¶

Checks if the property exists in this module and if it is enabled in the set UDM options.

Parameters: key (str) – The name of a property.
Returns: True if the property exists and is enabled, False otherwise.
Return type: bool

get(key, default=None)[source]¶

Return the currently set value of the given property.

Parameters

key (str) – The name of a property.
default – The default to return if the property is not set.

Returns

The currently set value. If the value is not set default is returned.

keys()[source]¶

Returns the names of all properties this module has.

Returns: The list of property names.
Return type: list[str]

items()[source]¶

Return all items which belong to the current options - even if they are empty.

Returns: a list of 2-tuples (udm-property-name, property-value).
Return type: list[tuple]

Warning

In certain circumstances this sets the default value for every property (e.g. when having a new object).

create(serverctrls=None, response=None)[source]¶

Creates the LDAP object if it does not exists by building the list of attributes (addlist) and write it to LDAP. If this call raises an exception it is necessary to instantiate a new object before trying to create it again.

Raises

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be created.

Raises

univention.admin.uexceptions.objectExists if the object already exists.

Raises

univention.admin.uexceptions.insufficientInformation

Parameters

serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.
response (dict) – An optional dictionary to receive the server controls of the result.

Returns

The DN of the created object.

Return type

str

modify(modify_childs=True, ignore_license=False, serverctrls=None, response=None)[source]¶

Modifies the LDAP object by building the difference between the current state and the old state of this object and write this modlist to LDAP.

Parameters

modify_childs (bool) – Specifies if child objects should be modified as well.
ignore_license (bool) – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled

Raises

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be modified.

Raises

univention.admin.uexceptions.noObject if the object does not exists.

Raises

univention.admin.uexceptions.insufficientInformation

Returns

The DN of the modified object.

Return type

str

move(newdn, ignore_license=False, temporary_ou=None)[source]¶

Moves the LDAP object to the target position.

Parameters

newdn (str) – The DN of the target position.
ignore_license (bool) – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled.
temporary_ou (str) – The distiguished name of a temporary container which is used to rename the object if only is letter casing changes.

Raises

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be moved.

Raises

univention.admin.uexceptions.noObject if the object does not exists.

Returns

The new DN of the moved object

Return type

str

move_subelements(olddn, newdn, subelements, ignore_license=False)[source]¶

Internal function to move all children of a container.

Parameters

olddn (str) – The old distinguished name of the parent container.
newdn (str) – The new distinguished name of the parent container.
subelements (tuple[str, dict]) – A list of 2-tuples (old-dn, old-attrs) for each child of the parent container.
ignore_license (bool) – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled.

Returns

A list of 2-tuples (old-dn, new-dn)

Return type

list[tuple[str, str]]

remove(remove_childs=False)[source]¶

Removes this LDAP object.

Parameters: remove_childs (bool) – Specifies to remove children objects before removing this object.
Raises: univention.admin.uexceptions.ldapError (Operation not allowed on non-leaf: subordinate objects must be deleted first) if the object contains childrens and remove_childs is False.
Raises: univention.admin.uexceptions.invalidOperation if objects of this type do not support to be removed.
Raises: univention.admin.uexceptions.noObject if the object does not exists.

get_gid_for_primary_group()[source]¶

Return the numerical group ID of the primary group.

Returns: The numerical group ID as a string or “99999” if no primary group is declared.
Return type: str
Raises: univention.admin.uexceptions.primaryGroup – if the object has no primary group.

get_sid_for_primary_group()[source]¶

Return the Windows security ID for the primary group.

Returns: The security identifier of the primary group.
Return type: str
Raises: univention.admin.uexceptions.primaryGroup – if the object has no primary group.

exists()[source]¶

Indicates that this object exists in LDAP.

Returns: True if the object exists in LDAP, False otherwise.
Return type: bool

call_udm_property_hook(hookname, module, changes=None)[source]¶

Internal method to call a hook scripts of extended attributes.

Parameters

hookname (str) – The name of the hook function to call.
module (str) – The name of the UDM module.
changes (dict) – A list of changes.

Returns

The (modified) list of changes.

Return type

dict or None

open()[source]¶

Opens this object.

During the initialization of this object the current set LDAP attributes are mapped into info. This method makes it possible to e.g. resolve external references to other objects which are not represented in the raw LDAP attributes of this object, for example the group memberships of a user.

By default only the open hook for extended attributes is called. This method can be subclassed.

Warning

If this method changes anything in self.info it must call save() afterwards.

Warning

If your are going to do any modifications (such as creating, modifying, moving, removing this object) this method must be called directly after the constructor and before modifying any property.

option_toggled(option)[source]¶

Checks if an UDM option was changed.

Parameters: option (str) – The name of the option to check.
Returns: True if the option was changed, False otherwise.
Return type: bool

Warning

This does not work for not yet existing objects.

policy_reference(*policies)[source]¶

policy_dereference(*policies)[source]¶

policiesChanged()[source]¶

description()[source]¶

Return a descriptive string for the object. By default the relative distinguished name is returned.

Returns: A descriptive string or none if no dn is not yet set.
Return type: str

set_default_values()[source]¶: Sets all the default values of all properties.

loadPolicyObject(policy_type, reset=0)[source]¶

closePolicyObjects()[source]¶

savePolicyObjects()[source]¶

cancel()[source]¶: Cancels the object creation or modification. This method can be subclassed to revert changes for example releasing locks.

request_lock(name, value=None, updateLastUsedValue=True)[source]¶: Request a lock for the given value

classmethod get_default_containers(lo)[source]¶

Returns list of default containers for this module.

Parameters: lo (univention.admin.uldap.access) – UDM LDAP access object.

classmethod lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=- 1, sizelimit=0, serverctrls=None, response=None)[source]¶

Perform a LDAP search and return a list of instances.

Parameters

co (None) – obsolete config
lo (univention.admin.uldap.access) – UDM LDAP access object.
filter_s (str) – LDAP filter string.
base (str) – LDAP search base distinguished name.
superordinate (str) – Distinguished name of a superordinate object.
scope (str) – Specify the scope of the search to be one of base, base+one, one, sub, or domain to specify a base object, base plus one-level, one-level, subtree, or children search.
unique (bool) – Raise an exception if more than one object matches.
required (bool) – Raise an exception instead of returning an empty dictionary.
timeout (int) – wait at most timeout seconds for a search to complete. -1 for no limit.
sizelimit (int) – retrieve at most sizelimit entries for a search. 0 for no limit.
serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.
response (dict) – An optional dictionary to receive the server controls of the result.

Returns

A list of UDM objects.

Return type

list[simpleLdap]

classmethod lookup_filter(filter_s=None, lo=None)[source]¶

Return a LDAP filter as a UDM filter expression.

Parameters

filter_s (str) – LDAP filter string.
lo (univention.admin.uldap.access) – UDM LDAP access object.

Returns

A LDAP filter expression.

Return type

univention.admin.filter.conjunction

See lookup().

classmethod lookup_filter_superordinate(filter, superordinate)[source]¶

classmethod unmapped_lookup_filter()[source]¶

Return a LDAP filter UDM filter expression.

Returns: A LDAP filter expression.
Return type: univention.admin.filter.conjunction

See lookup_filter().

classmethod rewrite_filter(filter, mapping)[source]¶

classmethod identify(dn, attr, canonical=False)[source]¶

class univention.admin.handlers.simpleComputer(co, lo, position, dn='', superordinate=None, attributes=[])[source]¶

Bases: univention.admin.handlers.simpleLdap

getMachineSid(lo, position, uidNum, rid=None)[source]¶

open()[source]¶: Load the computer object from LDAP.

check_common_name_length()[source]¶

classmethod calc_dns_reverse_entry_name(sip, reverseDN)[source]¶

>>> simpleComputer.calc_dns_reverse_entry_name('10.200.2.5', 'subnet=2.200.10.in-addr.arpa')
u'5'
>>> simpleComputer.calc_dns_reverse_entry_name('10.200.2.5', 'subnet=200.10.in-addr.arpa')
u'5.2'
>>> simpleComputer.calc_dns_reverse_entry_name('2001:db8::3', 'subnet=0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa')
u'3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0'
>>> simpleComputer.calc_dns_reverse_entry_name('1.2.3.4', 'subnet=2.in-addr.arpa')
Traceback (most recent call last):
        ...
ValueError: 4.3.2.1.in-addr.arpa not in .2.in-addr.arpa

update_groups()[source]¶

primary_group()[source]¶

cleanup()[source]¶

class univention.admin.handlers.simplePolicy(co, lo, position, dn='', superordinate=None, attributes=[])[source]¶

Bases: univention.admin.handlers.simpleLdap

copyIdentifier(from_object)[source]¶: Activate the result mode and set the referring object

clone(referring_object)[source]¶: Marks the object as a not existing one containing values retrieved by evaluating the policies for the given object

getIdentifier()[source]¶

create(serverctrls=None, response=None)[source]¶

Raises

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be created.

Raises

univention.admin.uexceptions.objectExists if the object already exists.

Raises

univention.admin.uexceptions.insufficientInformation

Parameters

serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.
response (dict) – An optional dictionary to receive the server controls of the result.

Returns

The DN of the created object.

Return type

str

policy_result(faked_policy_reference=None)[source]¶

This method retrieves the policy values currently effective for this object. If the ‘resultmode’ is not active the evaluation is cancelled.

If faked_policy_reference is given at the top object (referring_object_dn) this policy object temporarily referenced.

faked_policy_reference can be a string or a list of strings.

fixedAttributes()[source]¶: Return effectively fixed attributes.

emptyAttributes()[source]¶: return effectively empty attributes.

Subpackages¶

univention.admin package

univention.admin.handlers.appcenter package

Univention Corporate Server Python API 5.0 documentation

univention.admin.handlers package

Contents

univention.admin.handlers package¶

Subpackages¶