univention.connector.ad package

Contents

univention.connector.ad package#

exception univention.connector.ad.netbiosDomainnameNotFound[source]#

Bases: Exception

exception univention.connector.ad.kerberosAuthenticationFailed[source]#

Bases: Exception

univention.connector.ad.set_univentionObjectFlag_to_synced(connector, key, ucs_object)[source]#
univention.connector.ad.group_members_sync_from_ucs(connector, key, object)[source]#
univention.connector.ad.object_memberships_sync_from_ucs(connector, key, object)[source]#
univention.connector.ad.group_members_sync_to_ucs(connector, key, object)[source]#
univention.connector.ad.object_memberships_sync_to_ucs(connector, key, object)[source]#
univention.connector.ad.primary_group_sync_from_ucs(connector, key, object)[source]#
univention.connector.ad.primary_group_sync_to_ucs(connector, key, object)[source]#
univention.connector.ad.disable_user_from_ucs(connector, key, object)[source]#
univention.connector.ad.set_userPrincipalName_from_ucr(connector, key, object)[source]#
univention.connector.ad.disable_user_to_ucs(connector, key, object)[source]#
univention.connector.ad.fix_dn(dn)[source]#
univention.connector.ad.str2dn(dn)[source]#
univention.connector.ad.unix2ad_time(ltime)[source]#
univention.connector.ad.ad2unix_time(ltime)[source]#
univention.connector.ad.samba2ad_time(ltime)[source]#
univention.connector.ad.ad2samba_time(ltime)[source]#
univention.connector.ad.samaccountname_dn_mapping(connector, given_object, dn_mapping_stored, ucsobject, propertyname, propertyattrib, ocucs, ucsattrib, ocad, dn_attr=None)[source]#

map dn of given object (which must have an samaccountname in AD) ocucs and ocad are objectclasses in UCS and AD

univention.connector.ad.user_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)[source]#

map dn of given user using the samaccountname/uid connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.group_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)[source]#

map dn of given group using the samaccountname/cn connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.windowscomputer_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)[source]#

map dn of given windows computer using the samaccountname/uid connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.decode_sid(value)[source]#
class univention.connector.ad.LDAPEscapeFormatter[source]#

Bases: Formatter

A custom string formatter that supports a special e conversion, to employ the function ldap.filter.escape_filter_chars() on the given value.

>>> LDAPEscapeFormatter().format("{0}", "*")
'*'
>>> LDAPEscapeFormatter().format("{0!e}", "*")
'\2a'

Unfortunately this does not support the key/index-less variant (see http://bugs.python.org/issue13598).

>>> LDAPEscapeFormatter().format("{!e}", "*")
Traceback (most recent call last):
KeyError: ''
convert_field(value, conversion)[source]#
univention.connector.ad.format_escaped(format_string, *args, **kwargs)[source]#

Convenience-wrapper around LDAPEscapeFormatter.

Use !e do denote format-field that should be escaped using ldap.filter.escape_filter_chars()

>>> format_escaped("{0!e}", "*")
'\2a'
class univention.connector.ad.ad(CONFIGBASENAME, property, configRegistry, ad_ldap_host, ad_ldap_port, ad_ldap_base, ad_ldap_binddn, ad_ldap_bindpw, ad_ldap_certificate, listener_dir, max_retry_rejected, logfilename=None, debug_level=None)[source]#

Bases: ucs

RANGE_RETRIEVAL_PATTERN = re.compile('^([^;]+);range=(\\d+)-(\\d+|\\*)$')#
classmethod main(ucr=None, configbasename='connector', **kwargs)[source]#
init_group_cache()[source]#
init_ldap_connections()[source]#
open_drs_connection()[source]#
open_samr()[source]#
get_kerberos_ticket()[source]#
ad_search_ext_s(*args, **kwargs)[source]#
open_ad()[source]#
get_lastUSN()[source]#
list_rejected()[source]#
save_rejected(object)[source]#

save object as rejected

remove_rejected(object)[source]#

remove object from rejected

addToCreationList(dn)[source]#
removeFromCreationList(dn)[source]#
isInCreationList(dn)[source]#
parse_range_retrieval_attrs(ad_attrs, attr)[source]#
value_range_retrieval(ad_dn, ad_attrs, attr)[source]#
get_ad_members(ad_dn, ad_attrs)[source]#
get_object(dn, attrlist=None)[source]#

Get an object from AD-LDAP

set_primary_group_to_ucs_user(object_key, object_ucs)[source]#

check if correct primary group is set to a fresh UCS-User

primary_group_sync_from_ucs(key, object)[source]#

sync primary group of an ucs-object to ad

primary_group_sync_to_ucs(key, object)[source]#

sync primary group of an ad-object to ucs

object_memberships_sync_from_ucs(key, object)[source]#

sync group membership in AD if object was changend in UCS

group_members_sync_from_ucs(key, object)[source]#

sync groupmembers in AD if changend in UCS

object_memberships_sync_to_ucs(key, object)[source]#

sync group membership in UCS if object was changend in AD

one_group_member_sync_to_ucs(ucs_group_object, object)[source]#

sync groupmembers in UCS if changend one member in AD

one_group_member_sync_from_ucs(ad_group_object, object)[source]#

sync groupmembers in AD if changend one member in AD

group_members_sync_to_ucs(key, object)[source]#

sync groupmembers in UCS if changend in AD

set_userPrincipalName_from_ucr(key, object)[source]#
disable_user_from_ucs(key, object)[source]#
disable_user_to_ucs(key, object)[source]#
ucs_object_ignored(ad_dn, property_key)[source]#
initialize()[source]#
resync_rejected()[source]#

tries to resync rejected dn

poll(show_deleted=True)[source]#

poll for changes in AD

sync_from_ucs(property_type, object, pre_mapped_ucs_dn, old_dn=None, object_old=None)[source]#
delete_in_ad(object, property_type)[source]#

Submodules#

univention.connector.ad.main module#

univention.connector.ad.main.bind_stdout(options, statuslogfile)[source]#
univention.connector.ad.main.daemon(lock_file, options)[source]#
univention.connector.ad.main.connect(options)[source]#
univention.connector.ad.main.lock(filename)[source]#
univention.connector.ad.main.main()[source]#

univention.connector.ad.mapping module#

univention.connector.ad.mapping.ignore_filter_from_tmpl(template, ucr_key, default='')[source]#

Construct an ignore_filter from a ucr_key (connector/ad/mapping/*/ignorelist, a comma delimited list of values), as specified by template while correctly escaping the filter-expression.

template must be formatted as required by format_escaped.

>>> ignore_filter_from_tmpl('(cn={0!e})',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
univention.connector.ad.mapping.ignore_filter_from_attr(attribute, ucr_key, default='')[source]#

Convenience-wrapper around ignore_filter_from_tmpl().

This expects a single attribute instead of a template argument.

>>> ignore_filter_from_attr('cn',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
univention.connector.ad.mapping.get_mapping(configbasename='connector')[source]#
univention.connector.ad.mapping.create_mapping(configbasename='connector')[source]#
univention.connector.ad.mapping.load_localmapping(ad_mapping, filename='/etc/univention/connector/ad/localmapping.py')[source]#

univention.connector.ad.password module#

univention.connector.ad.password.nt_password_to_arcfour_hmac_md5(nt_password)[source]#
univention.connector.ad.password.transformKey(InputKey)[source]#
univention.connector.ad.password.mySamEncryptNTLMHash(hash, key)[source]#
univention.connector.ad.password.deriveKey(baseKey)[source]#
univention.connector.ad.password.removeDESLayer(cryptedHash, rid)[source]#
univention.connector.ad.password.decrypt(key, data, rid)[source]#
univention.connector.ad.password.decrypt_history(key, data, rid)[source]#
univention.connector.ad.password.calculate_krb5keys(supplementalCredentialsblob)[source]#
univention.connector.ad.password.set_password_in_ad(connector, samaccountname, pwd, reconnect=False)[source]#
univention.connector.ad.password.decrypt_supplementalCredentials(connector, spl_crypt)[source]#
univention.connector.ad.password.get_password_from_ad(connector, user_dn, reconnect=False)[source]#
univention.connector.ad.password.password_sync_ucs(connector, key, object)[source]#
univention.connector.ad.password.password_sync_kinit(connector, key, ucs_object)[source]#
univention.connector.ad.password.password_sync(connector, key, ucs_object)[source]#
univention.connector.ad.password.lockout_sync_to_ucs(connector, key, obj)[source]#
Sync account locking state from AD to UCS:
sync AD (lockoutTime != 0) -> UCS locked = 1 and lockedTime = lockoutTime

(lockoutTime == 0) -> UCS locked = 0 and lockedTime = 0 (lockedTime would be set automaticly by UCS)

univention.connector.ad.password.lockout_sync_from_ucs(connector, key, obj)[source]#
Sync unlock modification from OpenLDAP to AD:

sync OpenLDAP (“L” not in sambaAcctFlags) -> AD lockoutTime = 0

sync OpenLDAP (“L” in sambaAcctFlags) -> AD lockoutTime = sambaBadPasswordTime and OpenLDAP sambaBadPasswordTime -> AD badPasswordTime

univention.connector.ad.proxyAddresses module#

univention.connector.ad.proxyAddresses.valid_mailaddress(val)[source]#
univention.connector.ad.proxyAddresses.equal(values1, values2)[source]#

This is called in these two ways: 1. in sync_from_ucs: values1 are mapped ucs and values2 are con 2. in __set_values: values1 are ucs and values2 are mapped con

univention.connector.ad.proxyAddresses.to_proxyAddresses(s4connector, key, object)[source]#
univention.connector.ad.proxyAddresses.to_mailPrimaryAddress(s4connector, key, object)[source]#
univention.connector.ad.proxyAddresses.to_mailAlternativeAddress(s4connector, key, object)[source]#

univention.connector.ad.query_config module#

univention.connector.ad.query_config.fixup(s)[source]#
On this page