univention.admin.handlers package

This module is the base for all Univention Directory Management handler modules. A UDM handler represents an abstraction of an LDAP object.

univention.admin.handlers.disable_ad_restrictions(disable=True)[source]
class univention.admin.handlers.simpleLdap(co, lo, position, dn='', superordinate=None, attributes=None)[source]

Bases: object

The base class for all UDM handler modules.

Parameters:
  • co (None) – deprecated parameter for a config. Please pass None.
  • lo (univention.admin.uldap.access) – A required LDAP connection object which is used for all LDAP operations (search, create, modify). It should be bound to a user which has the LDAP permissions to do the required operations.
  • position (univention.admin.uldap.position or None) – The LDAP container where a new object should be created in, or None for existing objects.
  • dn (str or None) – The DN of an existing LDAP object. If a object should be created the DN must not be passed here!
  • superordinate (univention.admin.handlers.simpleLdap or None.) – The superordinate object of this object. Can be omitted. It is automatically searched by the given DN or position.
  • attributes (None or dict) – The LDAP attributes of the LDAP object as dict. This should by default be omitted. To save performance when an LDAP search is done this can be used, e.g. by the lookup() method.

The following attributes hold information about the state of this object:

Variables:

Caution

Do not operate on info directly because this would bypass syntax validations. This object should be used like a dict. Properties should be assigned in the following way: obj[‘name’] = ‘value’

use_performant_ldap_search_filter = False
save()[source]

Saves the current internal object state as old state for later comparison when e.g. modifying this object.

See also

This method should be called by univention.admin.handlers.simpleLdap.open() and after further modifications in modify() / create().

Note

self.oldattr is not set and must be set manually

diff()[source]

Returns the difference between old and current state as a UDM modlist.

Returns:A list of 3-tuples (udm-property-name, old-property-value, new-property-values).
Return type:list
hasChanged(key)[source]

Checks if the given attribute(s) was (were) changed.

Parameters:key (str or list[str] or tuple[str]) – The name of a property.
Returns:True if the property changed, False otherwise.
Return type:bool
ready()[source]

Makes sure all preconditions are met before creating or modifying this object.

It checks if all properties marked required are set. It checks if the superordinate is valid.

Returns:True
Return type:bool
Raises:univention.admin.uexceptions.insufficientInformation
has_key(key)[source]

Checks if the property exists in this module and if it is enabled in the set UDM options.

Parameters:key (str) – The name of a property.
Returns:True if the property exists and is enabled, False otherwise.
Return type:bool

Deprecated since version 4.4.

Use univention.admin.handlers.simpleLdap.has_property() instead!

has_property(key)[source]

Checks if the property exists in this module and if it is enabled in the set UDM options.

Parameters:key (str) – The name of a property.
Returns:True if the property exists and is enabled, False otherwise.
Return type:bool
get(key, default=None)[source]

Return the currently set value of the given property.

Parameters:
  • key (str) – The name of a property.
  • default – The default to return if the property is not set.
Returns:

The currently set value. If the value is not set default is returned.

keys()[source]

Returns the names of all properties this module has.

Returns:The list of property names.
Return type:list[str]
items()[source]

Return all items which belong to the current options - even if they are empty.

Returns:a list of 2-tuples (udm-property-name, property-value).
Return type:list[tuple]

Warning

In certain circumstances this sets the default value for every property (e.g. when having a new object).

create(serverctrls=None, response=None)[source]

Creates the LDAP object if it does not exists by building the list of attributes (addlist) and write it to LDAP. If this call raises an exception it is necessary to instantiate a new object before trying to create it again.

Raises:

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be created.

Raises:

univention.admin.uexceptions.objectExists if the object already exists.

Raises:

univention.admin.uexceptions.insufficientInformation

Parameters:
  • serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.
  • response (dict) – An optional dictionary to receive the server controls of the result.
Returns:

The DN of the created object.

Return type:

str

_get_admin_diary_event(event_name)[source]
_get_admin_diary_args_names(event)[source]
_get_admin_diary_args(event)[source]
_get_admin_diary_username()[source]
_write_admin_diary_event(event, additional_args=None)[source]
_write_admin_diary_create()[source]
modify(modify_childs=1, ignore_license=0, serverctrls=None, response=None)[source]

Modifies the LDAP object by building the difference between the current state and the old state of this object and write this modlist to LDAP.

Parameters:
  • modify_childs (bool) – Specifies if child objects should be modified as well.
  • ignore_license (bool) – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled
Raises:

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be modified.

Raises:

univention.admin.uexceptions.noObject if the object does not exists.

Raises:

univention.admin.uexceptions.insufficientInformation

Returns:

The DN of the modified object.

Return type:

str

_write_admin_diary_modify()[source]
_create_temporary_ou()[source]
_delete_temporary_ou_if_empty(temporary_ou)[source]

Try to delete the organizational unit entry if it is empty.

Parameters:temporary_ou (str) – The distinguished name of the container.
move(newdn, ignore_license=0, temporary_ou=None)[source]

Moves the LDAP object to the target position.

Parameters:
  • newdn (str) – The DN of the target position.
  • ignore_license (bool) – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled.
  • temporary_ou (str) – The distiguished name of a temporary container which is used to rename the object if only is letter casing changes.
Raises:

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be moved.

Raises:

univention.admin.uexceptions.noObject if the object does not exists.

Returns:

The new DN of the moved object

Return type:

str

move_subelements(olddn, newdn, subelements, ignore_license=False)[source]

Internal function to move all children of a container.

Parameters:
  • olddn (str) – The old distinguished name of the parent container.
  • newdn (str) – The new distinguished name of the parent container.
  • subelements (tuple[str, dict]) – A list of 2-tuples (old-dn, old-attrs) for each child of the parent container.
  • ignore_license (bool) – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled.
Returns:

A list of 2-tuples (old-dn, new-dn)

Return type:

list[tuple[str, str]]

remove(remove_childs=0)[source]

Removes this LDAP object.

Parameters:remove_childs (bool) – Specifies to remove children objects before removing this object.
Raises:univention.admin.uexceptions.ldapError (Operation not allowed on non-leaf: subordinate objects must be deleted first) if the object contains childrens and remove_childs is False.
Raises:univention.admin.uexceptions.invalidOperation if objects of this type do not support to be removed.
Raises:univention.admin.uexceptions.noObject if the object does not exists.
get_gid_for_primary_group()[source]

Return the numerical group ID of the primary group.

Returns:The numerical group ID as a string or “99999” if no primary group is declared.
Return type:str
Raises:univention.admin.uexceptions.primaryGroup – if the object has no primary group.
get_sid_for_primary_group()[source]

Return the Windows security ID for the primary group.

Returns:The security identifier of the primary group.
Return type:str
Raises:univention.admin.uexceptions.primaryGroup – if the object has no primary group.
_ldap_pre_ready()[source]

Hook which is called before univention.admin.handlers.simpleLdap.ready().

_ldap_pre_create()[source]

Hook which is called before the object creation.

_ldap_dn()[source]

Builds the LDAP DN of the object before creation by using the identifying properties to build the RDN.

Returns:the distringuised name.
Return type:str
_ldap_post_create()[source]

Hook which is called after the object creation.

_ldap_pre_modify()[source]

Hook which is called before the object modification.

_ldap_post_modify()[source]

Hook which is called after the object modification.

_ldap_pre_move(newdn)[source]

Hook which is called before the object moving.

Parameters:newdn (str) – The new distiguished name the object will be moved to.
_ldap_post_move(olddn)[source]

Hook which is called after the object moving.

Parameters:olddn (str) – The old distiguished name the object was moved from.
_ldap_pre_remove()[source]

Hook which is called before the object removal.

_ldap_post_remove()[source]

Hook which is called after the object removal.

_save_cancel()[source]
_falsy_boolean_extended_attributes(info)[source]
exists()[source]

Indicates that this object exists in LDAP.

Returns:True if the object exists in LDAP, False otherwise.
Return type:bool
_validate_superordinate(must_exists=True)[source]

Checks if the superordinate is set to a valid univention.admin.handlers.simpleLdap object if this module requires a superordinate. It is ensured that the object type of the superordinate is correct. It is ensured that the object lies underneath of the superordinate position.

Raises:univention.admin.uexceptions.insufficientInformation
_ensure_dn_in_subtree(parent, dn)[source]

Checks if the given DN is underneath of the subtree of the given parent DN.

Parameters:
  • parent (str) – The distiguished name of the parent container.
  • dn (str) – The distinguished name to check.
Returns:

True if dn is underneath of parent, False otherwise.

Return type:

bool

call_udm_property_hook(hookname, module, changes=None)[source]

Internal method to call a hook scripts of extended attributes.

Parameters:
  • hookname (str) – The name of the hook function to call.
  • module (str) – The name of the UDM module.
  • changes (dict) – A list of changes.
Returns:

The (modified) list of changes.

Return type:

dict or None

open()[source]

Opens this object.

During the initialization of this object the current set LDAP attributes are mapped into info. This method makes it possible to e.g. resolve external references to other objects which are not represented in the raw LDAP attributes of this object, for example the group memberships of a user.

By default only the open hook for extended attributes is called. This method can be subclassed.

Warning

If this method changes anything in self.info it must call save() afterwards.

Warning

If your are going to do any modifications (such as creating, modifying, moving, removing this object) this method must be called directly after the constructor and before modifying any property.

_remove_option(name)[source]

Removes the UDM option if it is set.

Parameters:name (str) – The name of the option to remove.
_define_options(module_options)[source]

Enables all UDM options which are enabled by default.

Parameters:module_options (dict) – A mapping of option-name to option.
option_toggled(option)[source]

Checks if an UDM option was changed.

Parameters:option (str) – The name of the option to check.
Returns:True if the option was changed, False otherwise.
Return type:bool

Warning

This does not work for not yet existing objects.

policy_reference(*policies)[source]
policy_dereference(*policies)[source]
policiesChanged()[source]
description()[source]

Return a descriptive string for the object. By default the relative distinguished name is returned.

Returns:A descriptive string or none if no dn is not yet set.
Return type:str
_post_unmap(info, values)[source]

This method can be overwritten to define special un-map methods to map back from LDAP to UDM that can not be done with the default mapping API.

Parameters:
  • info – The list of UDM properties.
  • values – The list of LDAP attributes.
Returns:

The (modified) list of UDM properties.

Return type:

_post_map(modlist, diff)[source]

This method can be overwritten to define special map methods to map from UDM to LDAP that can not be done with the default mapping API.

Parameters:
  • modlist – The list of LDAP modifications.
  • diff (list) – A list of modified UDM properties.
Returns:

The (modified) list of LDAP modifications.

Return type:

_ldap_addlist()[source]
_ldap_modlist()[source]

Builds the list of modifications when creating and modifying this object.

It compares the old properties (oldinfo) with the new properties (info) and applies the LDAP mapping. Differences are added to the modlist which consists of a tuple with three items:

(“LDAP attribute-name”, [old, values], [new, values])

(“LDAP attribute-name”, old_value, new_value)

(“LDAP attribute-name”, None, added_value)

See also

univention.uldap for further information about the format of the modlist.

This method can be overridden in a subclass to add special behavior, e.g. for properties which have no mapping defined.

Caution

The final modlist used for creation of objects is mixed with the univention.admin.handlers.simpleLdap._ldap_addlist(). Make sure this method don’t add attributes which are already set.

Return type:list of tuples
_create(response=None, serverctrls=None)[source]

Create the object. Should only be called by univention.admin.handlers.simpleLdap.create().

_modify(modify_childs=1, ignore_license=0, response=None, serverctrls=None)[source]

Modify the object. Should only be called by univention.admin.handlers.simpleLdap.modify().

set_default_values()[source]

Sets all the default values of all properties.

_fix_app_options()[source]
_ldap_object_classes(ml)[source]

Detects the attributes changed in the given modlist, calculates the changes of the object class and appends it to the modlist.

_move_in_subordinates(olddn)[source]
_move_in_groups(olddn)[source]
_move(newdn, modify_childs=1, ignore_license=0)[source]

Moves this object to the new DN. Should only be called by univention.admin.handlers.simpleLdap.move().

_write_admin_diary_move(position)[source]
_remove(remove_childs=0)[source]

Removes this object. Should only be called by univention.admin.handlers.simpleLdap.remove().

_write_admin_diary_remove()[source]
loadPolicyObject(policy_type, reset=0)[source]
_update_policies()[source]
closePolicyObjects()[source]
savePolicyObjects()[source]
cancel()[source]

Cancels the object creation or modification. This method can be subclassed to revert changes for example releasing locks.

_release_locks()[source]

Release all temporary done locks

_confirm_locks()[source]

Confirm all temporary done locks. self.alloc should contain a 2-tuple or 3-tuple: (name:str, value:str) or (name:str, value:str, updateLastUsedValue:bool)

_call_checkLdap_on_all_property_syntaxes()[source]

Calls checkLdap() method on every property if present. checkLdap() may raise an exception if the value does not match the constraints of the underlying syntax.

_is_synced_object()[source]

Checks whether this object was synchronized from Active Directory to UCS.

classmethod get_default_containers(lo)[source]

Returns list of default containers for this module.

Parameters:lo (univention.admin.uldap.access) – UDM LDAP access object.
classmethod lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0, serverctrls=None, response=None)[source]

Perform a LDAP search and return a list of instances.

Parameters:
  • co (NoneType) – obsolete config
  • lo (univention.admin.uldap.access) – UDM LDAP access object.
  • filter_s (str) – LDAP filter string.
  • base (str) – LDAP search base distinguished name.
  • superordinate (str) – Distinguished name of a superordinate object.
  • scope (str) – Specify the scope of the search to be one of base, base+one, one, sub, or domain to specify a base object, base plus one-level, one-level, subtree, or children search.
  • unique (bool) – Raise an exception if more than one object matches.
  • required (bool) – Raise an exception instead of returning an empty dictionary.
  • timeout (int) – wait at most timeout seconds for a search to complete. -1 for no limit.
  • sizelimit (int) – retrieve at most sizelimit entries for a search. 0 for no limit.
  • serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.
  • response (dict) – An optional dictionary to receive the server controls of the result.
Returns:

A list of UDM objects.

Return type:

list[simpleLdap]

classmethod lookup_filter(filter_s=None, lo=None)[source]

Return a LDAP filter as a UDM filter expression.

Parameters:
Returns:

A LDAP filter expression.

Return type:

univention.admin.filter.conjunction

See lookup().

classmethod lookup_filter_superordinate(filter, superordinate)[source]
classmethod unmapped_lookup_filter()[source]

Return a LDAP filter UDM filter expression.

Returns:A LDAP filter expression.
Return type:univention.admin.filter.conjunction

See lookup_filter().

classmethod rewrite_filter(filter, mapping)[source]
classmethod identify(dn, attr, canonical=False)[source]
classmethod _ldap_attributes()[source]
_simpleLdap__app_option_enabled(name, option)
_simpleLdap__prevent_ad_property_change()
_simpleLdap__set_options()

Enables the UDM options of this object by evaluating the currently set LDAP object classes. If the object does not exists yet the default options are enabled.

class univention.admin.handlers.simpleComputer(co, lo, position, dn='', superordinate=None, attributes=[])[source]

Bases: univention.admin.handlers.simpleLdap

getMachineSid(lo, position, uidNum, rid=None)[source]
open()[source]

Load the computer object from LDAP.

check_common_name_length()[source]
_ldap_post_modify()[source]
_ldap_modlist()[source]
classmethod calc_dns_reverse_entry_name(sip, reverseDN)[source]
>>> simpleComputer.calc_dns_reverse_entry_name('10.200.2.5', 'subnet=2.200.10.in-addr.arpa')
'5'
>>> simpleComputer.calc_dns_reverse_entry_name('10.200.2.5', 'subnet=200.10.in-addr.arpa')
'5.2'
>>> simpleComputer.calc_dns_reverse_entry_name('2001:db8::3', 'subnet=0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa')
'3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0'
static calc_dns_reverse_entry_name_do(maxLength, zoneNet, ip)[source]
>>> simpleComputer.calc_dns_reverse_entry_name_do(3, ['2','1'], ['1','2','3'])
'3'
>>> simpleComputer.calc_dns_reverse_entry_name_do(3, ['1'], ['1','2','3'])
'3.2'
>>> simpleComputer.calc_dns_reverse_entry_name_do(4, ['0'], ['1','2','3'])
0
_ldap_pre_create()[source]
_ldap_pre_modify()[source]
_ldap_post_create()[source]
_ldap_post_remove()[source]
update_groups()[source]
primary_group()[source]
cleanup()[source]
_simpleComputer__add_dns_alias_object(name, dnsForwardZone, dnsAliasZoneContainer, alias)
_simpleComputer__add_dns_forward_object(name, zoneDn, ip)
_simpleComputer__add_dns_forward_object_ipv4(name, zoneDn, ip)
_simpleComputer__add_dns_forward_object_ipv6(name, zoneDn, ip)
_simpleComputer__add_dns_reverse_object(name, zoneDn, ip)
_simpleComputer__ip_from_ptr(zoneName, relativeDomainName)
_simpleComputer__ip_from_ptr_ipv4(zoneName, relativeDomainName)
_simpleComputer__ip_from_ptr_ipv6(zoneName, relativeDomainName)
_simpleComputer__is_ip(ip)
_simpleComputer__modify_dhcp_object(position, mac, ip=None)
_simpleComputer__modify_dns_forward_object(name, zoneDn, new_ip, old_ip)
_simpleComputer__remove_associated_domain(entry)
_simpleComputer__remove_dns_alias_object(name, dnsForwardZone, dnsAliasZoneContainer, alias=None)
_simpleComputer__remove_dns_forward_object(name, zoneDn, ip=None)
_simpleComputer__remove_dns_reverse_object(name, dnsEntryZoneReverse, ip)
_simpleComputer__remove_from_dhcp_object(mac=None, ip=None)
_simpleComputer__rename_dhcp_object(old_name, new_name)
_simpleComputer__rename_dns_object(position=None, old_name=None, new_name=None)
_simpleComputer__set_associated_domain(entry)
_simpleComputer__split_dhcp_line(entry)
_simpleComputer__split_dns_line(entry)
_simpleComputer__update_groups_after_namechange()
class univention.admin.handlers.simplePolicy(co, lo, position, dn='', superordinate=None, attributes=[])[source]

Bases: univention.admin.handlers.simpleLdap

copyIdentifier(from_object)[source]

Activate the result mode and set the referring object

clone(referring_object)[source]

Marks the object as a not existing one containing values retrieved by evaluating the policies for the given object

_simplePolicy__makeUnique()
getIdentifier()[source]
create(serverctrls=None, response=None)[source]
policy_result(faked_policy_reference=None)[source]

This method retrieves the policy values currently effective for this object. If the ‘resultmode’ is not active the evaluation is cancelled.

If faked_policy_reference is given at the top object (referring_object_dn) this policy object temporarily referenced.

faked_policy_reference can be a string or a list of strings.

fixedAttributes()[source]

Return effectively fixed attributes.

Return type:dict
emptyAttributes()[source]

return effectively empty attributes.

Return type:dict
class univention.admin.handlers._MergedAttributes(obj, modlist)[source]

Bases: object

Evaluates old attributes and the modlist to get a new representation of the object.

get_attributes()[source]
get_attribute(attr)[source]

Subpackages