univention.s4connector package

univention.s4connector.decode_guid(value)

univention.s4connector.generate_strong_password(length=24)

univention.s4connector.set_ucs_passwd_user(connector, key, ucs_object)

set random password to fulfill required values

univention.s4connector.check_ucs_lastname_user(connector, key, ucs_object)

check if required values for lastname are set

univention.s4connector.set_primary_group_user(connector, key, ucs_object)

check if correct primary group is set

univention.s4connector.dictonary_lowercase(dict_)

univention.s4connector.compare_normal(val1, val2)

univention.s4connector.compare_lowercase(val1, val2)

class univention.s4connector.configdb(filename)

Bases: object

get_by_value(section, option)

get(section, option)

set(section, option, value)

items(section)

remove_option(section, option)

has_section(section)

add_section(section)

has_option(section, option)

class univention.s4connector.RFC4514_dn

Bases: object

special_dn_chars = '"+,;<=>'

pattern = '(\\\\")|(\\\\\\+)|(\\\\,)|(\\\\;)|(\\\\<)|(\\\\=)|(\\\\>)'

match = re.compile('(\\\\")|(\\\\\\+)|(\\\\,)|(\\\\;)|(\\\\<)|(\\\\=)|(\\\\>)')

substs = ['\\22', '\\2B', '\\2C', '\\3B', '\\3C', '\\3D', '\\3E']

replace()

classmethod to_ad(dn)

Currently just for documentation purposes

classmethod to_openldap(dn)

Doing the inverse of RFC4514_dn.to_ad

class univention.s4connector.Mapping(mapping)

Bases: object

class univention.s4connector.attribute(ucs_attribute='', ldap_attribute='', con_attribute='', con_other_attribute='', required=0, single_value=False, compare_function=None, mapping=(), reverse_attribute_check=False, sync_mode='sync', con_attribute_encoding='UTF-8', auto_enable_udm_option=False)

Bases: object

A mapping attribute description

Parameters:

• ucs_attribute (str) – The property name of the object in UDM

• ldap_attribute (str) – The LDAP attribute name of the object in UCS LDAP

• con_attribute (str) – The LDAP attribute name of the object in AD LDAP

• con_other_attribute (str) – Further LDAP attribute name of the object in AD LDAP.

• required (bool) – unused

• single_value (bool) – Whether the attribute is single_value in the AD LDAP.

• compare_function (callable) – A comparison function which compares raw ldap attribute values.

• mapping – Mapping functions for (sync_to_s4, sync_to_ucs)

• reverse_attribute_check – Make a reverse check of this mapping, if the mapping is not 1:1.

• sync_mode – The syncronization direction (read, write, sync)

Ptype mapping:

tuple

Ptype reverse_attribute_check:

bool

Ptype sync_mode:

str

class univention.s4connector.property(ucs_default_dn='', con_default_dn='', ucs_module='', ucs_module_others=[], sync_mode='', scope='', con_search_filter='', ignore_filter=None, match_filter=None, ignore_subtree=[], con_create_objectclass=[], con_create_attributes=[], dn_mapping_function=[], attributes=None, ucs_create_functions=[], con_create_extensions=[], post_con_create_functions=[], post_con_modify_functions=[], post_ucs_modify_functions=[], post_attributes=None, mapping_table=None, position_mapping=[], con_sync_function=None, ucs_sync_function=None, disable_delete_in_ucs=False, identify=None, con_subtree_delete_objects=[])

Bases: object

class univention.s4connector.ucs(CONFIGBASENAME, _property, configRegistry, listener_dir, logfilename, debug_level)

Bases: object

init_ldap_connections()

dn_mapped_to_base(dn, base)

Introduced for Bug #33110: Fix case of base part of DN

open_ucs()

search_ucs(filter='(objectClass=*)', base='', scope='sub', attr=[], unique=0, required=0, timeout=-1, sizelimit=0)

init_debug()

close_debug()

list_rejected_ucs(filter_noresync=False)

get_dn_by_ucs(dn_ucs)

get_dn_by_con(dn_con)

context_log(property_type, obj, message='', to_ucs=True)

get_ucs_ldap_object_dn(dn)

get_ucs_ldap_object(dn)

get_ucs_object(property_type, dn)

initialize_ucs()

initialize()

resync_rejected_ucs()

tries to resync rejected changes from UCS

resync_rejected()

poll_ucs()

poll changes from UCS: iterates over files exported by directory-listener module

poll(show_deleted=True)

add_in_ucs(property_type, object, module, position)

modify_in_ucs(property_type, object, module, position)

move_in_ucs(property_type, object, module, position)

update_deleted_cache_after_removal(entryUUID, objectGUID)

was_entryUUID_deleted(entryUUID)

was_objectGUID_deleted_by_ucs(objectGUID)

update_add_cache_after_creation(entryUUID, objectGUID)

remove_add_cache_after_removal(entryUUID)

was_objectGUID_added_by_ucs(objectGUID)

delete_in_ucs(property_type, object, module, position)

Removes an AD object in UCS-LDAP

sync_to_ucs(property_type, object, pre_mapped_s4_dn, original_object)

Synchronize an object from Samba4-LDAP to UCS Open-LDAP.

Parameters:

• property_type – the type of the object to be synced, must be part of the mapping. (e.g. “user”, “group”, “dc”, “windowscomputer”, etc.)

• object – A dictionary describing the Samba object. modtype: A modification type (“add”, “modify”, “move”, “delete”) dn: The DN of the object in the UCS-LDAP olddn: The olddn of the object object in UCS-LDAP (e.g. on “move” operation)

• pre_mapped_s4_dn – pass

• original_object – pass

Ptype object:

dict

identify_udm_object(dn, attrs)

Get the type of the specified UCS object

Subpackages

• univention.s4connector.s4 package
  • group_members_sync_from_ucs()
  • object_memberships_sync_from_ucs()
  • group_members_sync_to_ucs()
  • object_memberships_sync_to_ucs()
  • primary_group_sync_from_ucs()
  • primary_group_sync_to_ucs()
  • disable_user_from_ucs()
  • disable_user_to_ucs()
  • add_primary_group_to_addlist()
  • check_for_local_group_and_extend_serverctrls_and_sid()
  • fix_dn_in_search()
  • fix_dn()
  • str2dn()
  • unix2s4_time()
  • s42unix_time()
  • samba2s4_time()
  • s42samba_time()
  • samaccountname_dn_mapping()
  • user_dn_mapping()
  • group_dn_mapping()
  • windowscomputer_dn_mapping()
  • dc_dn_mapping()
  • decode_sid()
  • compare_sid_lists()
  • LDAPEscapeFormatter
    • LDAPEscapeFormatter.convert_field()
  • format_escaped()
  • s4
    • s4.RANGE_RETRIEVAL_PATTERN
    • s4.main()
    • s4.init_ldap_connections()
    • s4.init_group_cache()
    • s4.s4_search_ext_s()
    • s4.open_s4()
    • s4.get_lastUSN()
    • s4.list_rejected()
    • s4.save_rejected()
    • s4.remove_rejected()
    • s4.addToCreationList()
    • s4.removeFromCreationList()
    • s4.isInCreationList()
    • s4.get_object_dn()
    • s4.parse_range_retrieval_attrs()
    • s4.value_range_retrieval()
    • s4.get_s4_members()
    • s4.get_object()
    • s4.set_primary_group_to_ucs_user()
    • s4.primary_group_sync_from_ucs()
    • s4.primary_group_sync_to_ucs()
    • s4.object_memberships_sync_from_ucs()
    • s4.group_members_sync_from_ucs()
    • s4.object_memberships_sync_to_ucs()
    • s4.one_group_member_sync_to_ucs()
    • s4.one_group_member_sync_from_ucs()
    • s4.group_members_sync_to_ucs()
    • s4.disable_user_from_ucs()
    • s4.disable_user_to_ucs()
    • s4.initialize()
    • s4.resync_rejected()
    • s4.poll()
    • s4.sync_from_ucs()
    • s4.delete_in_s4()
  • Submodules
  • univention.s4connector.s4.computer module
    • checkAndConvertToMacOSX()
    • windowscomputer_sync_s4_to_ucs_check_rename()
  • univention.s4connector.s4.dc module
    • ucs2con()
    • con2ucs()
    • identify()
  • univention.s4connector.s4.dns module
    • PTRRecord
    • MXRecord
    • dns_dn_mapping()
    • s4_zone_create()
    • s4_zone_msdcs_sync()
    • s4_zone_create_wrapper()
    • s4_zone_delete()
    • s4_dns_node_base_create()
    • s4_dns_node_base_delete()
    • s4_host_record_create()
    • ucs_host_record_create()
    • ucs_host_record_delete()
    • s4_ptr_record_create()
    • ucs_ptr_record_create()
    • ucs_ptr_record_delete()
    • ucs_cname_create()
    • ucs_cname_delete()
    • s4_cname_create()
    • ucs_srv_record_create()
    • ucs_srv_record_delete()
    • s4_srv_record_create()
    • ucs_txt_record_create()
    • ucs_txt_record_delete()
    • s4_txt_record_create()
    • ucs_ns_record_create()
    • ucs_ns_record_delete()
    • s4_ns_record_create()
    • ucs_zone_create()
    • ucs_zone_delete()
    • ucs2con()
    • con2ucs()
  • univention.s4connector.s4.main module
    • bind_stdout()
    • daemon()
    • connect()
    • lock()
    • main()
  • univention.s4connector.s4.mapping module
    • ignore_filter_from_tmpl()
    • ignore_filter_from_attr()
    • get_sid_mapping()
    • load_localmapping()
  • univention.s4connector.s4.ntsecurity_descriptor module
    • encode_sddl_to_sd_in_ndr()
    • decode_sd_in_ndr_to_sddl()
    • ntsd_to_s4()
    • ntsd_to_ucs()
  • univention.s4connector.s4.password module
    • Krb5Context
    • calculate_krb5key()
    • calculate_supplementalCredentials()
    • extract_NThash_from_krb5key()
    • password_sync_ucs_to_s4()
    • password_sync_s4_to_ucs()
    • password_sync_s4_to_ucs_no_userpassword()
    • lockout_sync_s4_to_ucs()
    • lockout_sync_ucs_to_s4()
  • univention.s4connector.s4.query_config module
    • fixup()
  • univention.s4connector.s4.sid_mapping module
    • sid_to_s4_mapping()
    • sid_to_ucs_mapping()
    • sid_to_s4()
    • sid_to_ucs()
  • univention.s4connector.s4.user module
    • prefdev_sync_s4_to_ucs()
    • prefdev_sync_ucs_to_s4()
    • userCertificate_sync_s4_to_ucs()
    • userCertificate_sync_ucs_to_s4()
    • jpegPhoto_sync_s4_to_ucs()
    • jpegPhoto_sync_ucs_to_s4()
    • secretary_sync_s4_to_ucs()
    • secretary_sync_ucs_to_s4()

Submodules

univention.s4connector.lockingdb module

class univention.s4connector.lockingdb.LockingDB(filename)

Bases: object

A local database which includes the list of objects which are currently locked. That means the synchronisation of these objects has not been finished. https://forge.univention.org/bugzilla/show_bug.cgi?id=35391

lock_ucs(uuid)

unlock_ucs(uuid)

lock_s4(guid)

unlock_s4(guid)

is_ucs_locked(uuid)

is_s4_locked(guid)

univention.s4connector.s4cache module

class univention.s4connector.s4cache.EntryDiff(old, new)

Bases: object

added()

removed()

changed()

class univention.s4connector.s4cache.S4Cache(filename)

Bases: object

Local cache for the current Samba 4 state of the s4connector. With this cache the connector has the possibility to create a diff between the new Samba 4 object and the old one from cache.

add_entry(guid, entry)

diff_entry(old_entry, new_entry)

get_entry(guid)

remove_entry(guid)