univention.admin.handlers.users package

Submodules

univention.admin.handlers.users.contact module

UDM module for the user contact objects

class univention.admin.handlers.users.contact.object(co, lo, position, dn='', superordinate=None, attributes=None)[source]

Bases: univention.admin.handlers.simpleLdap

module = 'users/contact'
description()[source]

Return a descriptive string for the object. By default the relative distinguished name is returned.

Returns

A descriptive string or none if no dn is not yet set.

Return type

str

get_candidate_dn()[source]
unique_dn()[source]
acquire_unique_dn()[source]
classmethod unmapped_lookup_filter()[source]

Return a LDAP filter UDM filter expression.

Returns

A LDAP filter expression.

Return type

univention.admin.filter.conjunction

See lookup_filter().

univention.admin.handlers.users.contact.identify(dn, attr, canonical=False)[source]

univention.admin.handlers.users.ldap module

UDM module for the simple authentication account objects

univention.admin.handlers.users.ldap.unmapLocked(oldattr)[source]
univention.admin.handlers.users.ldap.isLDAPLocked(oldattr)[source]
class univention.admin.handlers.users.ldap.object(co, lo, position, dn='', superordinate=None, attributes=None)[source]

Bases: univention.admin.handlers.simpleLdap

module = 'users/ldap'
password_length = 8
open()[source]

Opens this object.

During the initialization of this object the current set LDAP attributes are mapped into info. This method makes it possible to e.g. resolve external references to other objects which are not represented in the raw LDAP attributes of this object, for example the group memberships of a user.

By default only the open hook for extended attributes is called. This method can be subclassed.

Warning

If this method changes anything in self.info it must call save() afterwards.

Warning

If your are going to do any modifications (such as creating, modifying, moving, removing this object) this method must be called directly after the constructor and before modifying any property.

classmethod unmapped_lookup_filter()[source]

Return a LDAP filter UDM filter expression.

Returns

A LDAP filter expression.

Return type

univention.admin.filter.conjunction

See lookup_filter().

univention.admin.handlers.users.ldap.identify(dn, attr, canonical=False)[source]

univention.admin.handlers.users.passwd module

UDM module for password part of the user

univention.admin.handlers.users.passwd.lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=- 1, sizelimit=0)[source]

univention.admin.handlers.users.self module

UDM module for the user himself

class univention.admin.handlers.users.self.object(co, lo, position, dn='', superordinate=None, attributes=None)[source]

Bases: univention.admin.handlers.users.user.object

module = 'users/self'
univention.admin.handlers.users.self.lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=- 1, sizelimit=0)[source]

univention.admin.handlers.users.user module

UDM module for the user objects

univention.admin.handlers.users.user.check_prohibited_username(lo, username)[source]

check if the username is allowed

univention.admin.handlers.users.user.case_insensitive_in_list(dn, list)[source]
univention.admin.handlers.users.user.posixSecondsToLocaltimeDate(seconds)[source]
univention.admin.handlers.users.user.posixDaysToDate(days)[source]
univention.admin.handlers.users.user.sambaWorkstationsMap(workstations, encoding=())[source]
univention.admin.handlers.users.user.sambaWorkstationsUnmap(workstations, encoding=())[source]
univention.admin.handlers.users.user.logonHoursMap(logontimes)[source]

converts the bitfield 001110010110…100 to the respective hex string

univention.admin.handlers.users.user.logonHoursUnmap(logontimes)[source]

Converts hex-string to an array of bits set.

univention.admin.handlers.users.user.intToBinary(val)[source]
univention.admin.handlers.users.user.GMTOffset()[source]
univention.admin.handlers.users.user.load_certificate(user_certificate)[source]

Import a certificate in DER format

univention.admin.handlers.users.user.mapHomePostalAddress(old, encoding=())[source]

Map address to LDAP encoding.

>>> mapHomePostalAddress([["a", "b", "c"]])
[b'a$b$c']
univention.admin.handlers.users.user.unmapHomePostalAddress(old, encoding=())[source]

Expand LDAP encoded address. >>> unmapHomePostalAddress([b’foo’]) [[‘foo’, ‘ ‘, ‘ ‘]] >>> unmapHomePostalAddress([b’foo$bar$baz’]) [[‘foo’, ‘bar’, ‘baz’]]

univention.admin.handlers.users.user.unmapUserExpiry(oldattr)[source]
univention.admin.handlers.users.user.unmapShadowExpireToUserexpiry(oldattr)[source]
univention.admin.handlers.users.user.unmapKrb5ValidEndToUserexpiry(oldattr)[source]
univention.admin.handlers.users.user.unmapSambaKickoffTimeToUserexpiry(oldattr)[source]
univention.admin.handlers.users.user.unmapPasswordExpiry(oldattr)[source]
univention.admin.handlers.users.user.unmapDisabled(oldattr)[source]
univention.admin.handlers.users.user.inconsistentDisabledState(oldattr)[source]
univention.admin.handlers.users.user.unmapSambaDisabled(oldattr)[source]
univention.admin.handlers.users.user.unmapKerberosDisabled(oldattr)[source]
univention.admin.handlers.users.user.unmapPosixDisabled(oldattr)[source]
univention.admin.handlers.users.user.unmapLocked(oldattr)[source]
univention.admin.handlers.users.user.inconsistentLockedState(oldattr)[source]
univention.admin.handlers.users.user.isPosixLocked(oldattr)[source]
univention.admin.handlers.users.user.isSambaLocked(oldattr)[source]
univention.admin.handlers.users.user.isKerberosLocked(oldattr)[source]
univention.admin.handlers.users.user.isLDAPLocked(oldattr)[source]
univention.admin.handlers.users.user.unmapSambaRid(oldattr)[source]
univention.admin.handlers.users.user.mapKeyAndValue(old, encoding=())[source]

Map (key, value) list to key=value list.

>>> mapKeyAndValue([("a", "b")])
[b'a=b']
univention.admin.handlers.users.user.unmapKeyAndValue(old, encoding=())[source]

Map (key=value) list to (key, value) list.

>>> unmapKeyAndValue([b"a=b"])
[['a', 'b']]
univention.admin.handlers.users.user.mapWindowsFiletime(old, encoding=())[source]
univention.admin.handlers.users.user.unmapWindowsFiletime(old, encoding=())[source]
univention.admin.handlers.users.user.datetime_from_local_datetimetimezone_tuple(local_datetimetimezone_tuple)[source]
univention.admin.handlers.users.user.mapDateTimeTimezoneTupleToUTCDateTimeString(local_datetimetimezone_tuple, encoding=())[source]
univention.admin.handlers.users.user.unmapUTCDateTimeToLocaltime(attribute_value, encoding=())[source]
class univention.admin.handlers.users.user.object(co, lo, position, dn='', superordinate=None, attributes=None)[source]

Bases: univention.admin.handlers.simpleLdap

module = 'users/user'
use_performant_ldap_search_filter = True
open(loadGroups=True)[source]

Opens this object.

During the initialization of this object the current set LDAP attributes are mapped into info. This method makes it possible to e.g. resolve external references to other objects which are not represented in the raw LDAP attributes of this object, for example the group memberships of a user.

By default only the open hook for extended attributes is called. This method can be subclassed.

Warning

If this method changes anything in self.info it must call save() afterwards.

Warning

If your are going to do any modifications (such as creating, modifying, moving, removing this object) this method must be called directly after the constructor and before modifying any property.

modify(*args, **kwargs)[source]

Modifies the LDAP object by building the difference between the current state and the old state of this object and write this modlist to LDAP.

Parameters
  • modify_childs (bool) – Specifies if child objects should be modified as well.

  • ignore_license (bool) – If the license is exceeded the modification may fail. Setting this to True causes license checks to be disabled

Raises

univention.admin.uexceptions.invalidOperation if objects of this type do not support to be modified.

Raises

univention.admin.uexceptions.noObject if the object does not exists.

Raises

univention.admin.uexceptions.insufficientInformation

Returns

The DN of the modified object.

Return type

str

reload_certificate()[source]

Reload user certificate.

hasChanged(key)[source]

Checks if the given attribute(s) was (were) changed.

Parameters

key (str or list[str] or tuple[str]) – The name of a property.

Returns

True if the property changed, False otherwise.

Return type

bool

krb5_principal()[source]
classmethod unmapped_lookup_filter()[source]

Return a LDAP filter UDM filter expression.

Returns

A LDAP filter expression.

Return type

univention.admin.filter.conjunction

See lookup_filter().

classmethod rewrite_filter(filter, mapping)[source]
classmethod identify(dn, attr, canonical=False)[source]
univention.admin.handlers.users.user.identify(dn, attr, canonical=False)