univention.s4connector.s4 package

class univention.s4connector.s4.LDAPEscapeFormatter[source]

Bases: string.Formatter

A custom string formatter that supports a special e conversion, to employ the function ldap.filter.escape_filter_chars() on the given value.

>>> LDAPEscapeFormatter().format("{0}", "*")
'*'
>>> LDAPEscapeFormatter().format("{0!e}", "*")
'\2a'

Unfortunately this does not support the key/index-less variant (see http://bugs.python.org/issue13598).

>>> LDAPEscapeFormatter().format("{!e}", "*")
Traceback (most recent call last):
KeyError: ''
convert_field(value, conversion)[source]
univention.s4connector.s4.__is_groupType_local(groupType)[source]
univention.s4connector.s4.__is_int(value)[source]
univention.s4connector.s4.__is_sid_string(sid)[source]
univention.s4connector.s4.add_primary_group_to_addlist(s4connector, property_type, object, addlist, serverctrls)[source]
univention.s4connector.s4.check_for_local_group_and_extend_serverctrls_and_sid(s4connector, property_type, object, add_or_modlist, serverctrls)[source]
univention.s4connector.s4.compare_sid_lists(sid_list1, sid_list2)[source]

Compare the SID / RID attributes. Depending on the sync direction and SID sync configuration the function gets two SID lists or two RID values.

univention.s4connector.s4.compatible_addlist(list)[source]
univention.s4connector.s4.compatible_list(list)[source]
univention.s4connector.s4.compatible_modlist(list)[source]
univention.s4connector.s4.compatible_modstring(string)[source]
univention.s4connector.s4.dc_dn_mapping(s4connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given dc computer using the samaccountname/uid s4connector is an instance of univention.s4connector.s4, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.s4connector.s4.decode_addlist(list, encoding)[source]
univention.s4connector.s4.decode_list(list, encoding)[source]
univention.s4connector.s4.decode_modlist(list, encoding)[source]
univention.s4connector.s4.decode_sid(value)[source]
univention.s4connector.s4.disable_user_from_ucs(s4connector, key, object)[source]
univention.s4connector.s4.disable_user_to_ucs(s4connector, key, object)[source]
univention.s4connector.s4.encode_addlist(list, encoding)[source]
univention.s4connector.s4.encode_attrib(attrib)[source]
univention.s4connector.s4.encode_attriblist(attriblist)[source]
univention.s4connector.s4.encode_list(list, encoding)[source]
univention.s4connector.s4.encode_modlist(list, encoding)[source]
univention.s4connector.s4.encode_s4_object(s4_object)[source]
univention.s4connector.s4.encode_s4_result(s4_result)[source]

encode an result from an python-ldap search

univention.s4connector.s4.encode_s4_resultlist(s4_resultlist)[source]

encode an result from an python-ldap search

univention.s4connector.s4.fix_dn(dn)[source]
univention.s4connector.s4.format_escaped(format_string, *args, **kwargs)[source]

Convenience-wrapper around LDAPEscapeFormatter.

Use !e do denote format-field that should be escaped using ldap.filter.escape_filter_chars()

>>> format_escaped("{0!e}", "*")
'\2a'
univention.s4connector.s4.group_dn_mapping(s4connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given group using the samaccountname/cn s4connector is an instance of univention.s4connector.s4, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.s4connector.s4.group_members_sync_from_ucs(s4connector, key, object)[source]
univention.s4connector.s4.group_members_sync_to_ucs(s4connector, key, object)[source]
univention.s4connector.s4.normalise_userAccountControl(s4connector, key, object)[source]

deprecated unused function, should be removed in the future!

univention.s4connector.s4.object_memberships_sync_from_ucs(s4connector, key, object)[source]
univention.s4connector.s4.object_memberships_sync_to_ucs(s4connector, key, object)[source]
univention.s4connector.s4.primary_group_sync_from_ucs(s4connector, key, object)[source]
univention.s4connector.s4.primary_group_sync_to_ucs(s4connector, key, object)[source]
class univention.s4connector.s4.s4(CONFIGBASENAME, property, baseConfig, s4_ldap_host, s4_ldap_port, s4_ldap_base, s4_ldap_binddn, s4_ldap_bindpw, s4_ldap_certificate, listener_dir, init_group_cache=True)[source]

Bases: univention.s4connector.ucs

RANGE_RETRIEVAL_PATTERN = <_sre.SRE_Pattern object>
_commit_lastUSN()[source]
_get_DN_for_GUID(GUID)[source]
_get_lastUSN()[source]
_get_objectGUID(dn)[source]
_get_rejected(id)[source]
_list_rejected()[source]

Returns rejected Samba4-objects

_remove_GUID(GUID)[source]
_remove_dn_from_group_cache(con_dn=None, ucs_dn=None)[source]
_remove_rejected(id)[source]
_remove_subtree_in_s4(parent_s4_object, property_type)[source]
_s4__compare_lowercase(dn, dn_list)

Checks if dn is in dn_list

_s4__dn_from_deleted_object(object, GUID)

gets dn for deleted object (original dn before the object was moved into the deleted objects container)

_s4__encode_GUID(GUID)
_s4__get_change_usn(object)

get change usn as max(uSNCreated,uSNChanged)

_s4__get_highestCommittedUSN()

get highestCommittedUSN stored in S4

_s4__get_s4_deleted(dn)
_s4__group_cache_con_append_member(group, member)
_s4__group_cache_ucs_append_member(group, member)
_s4__has_attribute_value_changed(attribute, old_ucs_object, new_ucs_object)
_s4__identify_s4_type(object)

Identify the type of the specified S4 object

_s4__object_from_element(element)

gets an object from an S4 LDAP-element, implements necessary mapping

Parameters:element – (dn, attributes) tuple from a search in S4-LDAP
Ptype element:tuple
_s4__remove_duplicates_with_order_preserving(searchResult, idFunction)
_s4__search_s4(base=None, scope=2, filter='', attrlist=[], show_deleted=False)

search s4

_s4__search_s4_changeUSN(changeUSN, show_deleted=True, filter='')

search s4 for change with id

_s4__search_s4_changes(show_deleted=False, filter='')

search s4 for changes since last update (changes greater lastUSN)

_s4__search_s4_partitions(scope=2, filter='', attrlist=[], show_deleted=False)

search s4 across all partitions listed in self.s4_ldap_partitions

_s4__update_lastUSN(object)

Update der lastUSN

_save_rejected(id, dn)[source]
_set_DN_for_GUID(GUID, DN)[source]
_set_lastUSN(lastUSN)[source]
addToCreationList(dn)[source]
delete_in_s4(object, property_type)[source]
disable_user_from_ucs(key, object)[source]
disable_user_to_ucs(key, object)[source]
encode(string)[source]
get_lastUSN()[source]
get_object(dn, attrlist=None)[source]

Get an object from S4-LDAP

get_object_dn(dn)[source]
get_s4_members(s4_dn, s4_attrs)[source]
group_members_sync_from_ucs(key, object)[source]

sync groupmembers in S4 if changend in UCS

group_members_sync_to_ucs(key, object)[source]

sync groupmembers in UCS if changend in S4

initialize()[source]
isInCreationList(dn)[source]
list_rejected()[source]
object_memberships_sync_from_ucs(key, object)[source]

sync group membership in S4 if object was changend in UCS

object_memberships_sync_to_ucs(key, object)[source]

sync group membership in UCS if object was changend in S4

one_group_member_sync_from_ucs(s4_group_object, object)[source]

sync groupmembers in S4 if changend one member in AD

one_group_member_sync_to_ucs(ucs_group_object, object)[source]

sync groupmembers in UCS if changend one member in S4

open_s4()[source]
parse_range_retrieval_attrs(s4_attrs, attr)[source]
poll(show_deleted=True)[source]

poll for changes in S4

primary_group_sync_from_ucs(key, object)[source]

sync primary group of an ucs-object to s4

primary_group_sync_to_ucs(key, object)[source]

sync primary group of an s4-object to ucs

removeFromCreationList(dn)[source]
remove_rejected(object)[source]

remove object from rejected

resync_rejected()[source]

tries to resync rejected dn

s4_search_ext_s(*args, **kwargs)[source]
save_rejected(object)[source]

save object as rejected

set_primary_group_to_ucs_user(object_key, object_ucs)[source]

check if correct primary group is set to a fresh UCS-User

sync_from_ucs(property_type, object, pre_mapped_ucs_dn, old_dn=None, old_ucs_object=None, new_ucs_object=None)[source]
value_range_retrieval(s4_dn, s4_attrs, attr)[source]
univention.s4connector.s4.s42samba_time(l)[source]
univention.s4connector.s4.s42unix_time(l)[source]
univention.s4connector.s4.samaccountname_dn_mapping(s4connector, given_object, dn_mapping_stored, ucsobject, propertyname, propertyattrib, ocucs, ucsattrib, ocs4, dn_attr=None)[source]

map dn of given object (which must have an samaccountname in S4) ocucs and ocs4 are objectclasses in UCS and S4

univention.s4connector.s4.samba2s4_time(l)[source]
univention.s4connector.s4.str2dn(dn)[source]
univention.s4connector.s4.unicode_to_utf8(attrib)[source]

The inverse of encode_attrib

univention.s4connector.s4.unix2s4_time(l)[source]
univention.s4connector.s4.user_dn_mapping(s4connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given user using the samaccountname/uid s4connector is an instance of univention.s4connector.s4, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.s4connector.s4.windowscomputer_dn_mapping(s4connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given windows computer using the samaccountname/uid s4connector is an instance of univention.s4connector.s4, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

Submodules

univention.s4connector.s4.computer module

univention.s4connector.s4.computer._shouldBeMacClient(attributes)[source]
univention.s4connector.s4.computer._isAlreadyMac(attributes)[source]
univention.s4connector.s4.computer._replaceListElement(l, oldValue, newValue)[source]
univention.s4connector.s4.computer._convertWinToMac(s4connector, sync_object)[source]
univention.s4connector.s4.computer.checkAndConvertToMacOSX(s4connector, key, sync_object)[source]
univention.s4connector.s4.computer.windowscomputer_sync_s4_to_ucs_check_rename(s4connector, key, sync_object)[source]

univention.s4connector.s4.dc module

univention.s4connector.s4.dc._unixTimeInverval2seconds(unixTime)[source]
univention.s4connector.s4.dc._s2nano(seconds)[source]
univention.s4connector.s4.dc._nano2s(nanoseconds)[source]
univention.s4connector.s4.dc.ucs2con(s4connector, key, object)[source]
univention.s4connector.s4.dc.con2ucs(s4connector, key, object)[source]
univention.s4connector.s4.dc.identify(dn, attr, canonical=0)[source]

univention.s4connector.s4.dns module

class univention.s4connector.s4.dns.PTRRecord(ptr, serial=1, ttl=900, rank=<class 'sphinx.ext.autodoc.DNS_RANK_ZONE'>)[source]

Bases: sphinx.ext.autodoc.DnssrvRpcRecord

class univention.s4connector.s4.dns.MXRecord(name, priority, serial=1, ttl=900, rank=<class 'sphinx.ext.autodoc.DNS_RANK_ZONE'>)[source]

Bases: sphinx.ext.autodoc.DnssrvRpcRecord

univention.s4connector.s4.dns.dns_dn_mapping(s4connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given object (which must have an s4_RR_attr in S4) ol_oc_filter and s4_RR_filter are objectclass filters in UCS and S4

Code is based on univention.s4connector.s4.samaccountname_dn_mapping

univention.s4connector.s4.dns.__get_zone_dn(s4connector, zone_name)[source]
univention.s4connector.s4.dns.__append_dot(str)[source]
univention.s4connector.s4.dns.__remove_dot(str)[source]
univention.s4connector.s4.dns.__split_s4_dnsNode_dn(dn)[source]
univention.s4connector.s4.dns.__split_ol_dNSZone_dn(dn, objectclasses)[source]
univention.s4connector.s4.dns.__create_s4_forward_zone(s4connector, zone_dn)[source]
univention.s4connector.s4.dns.__create_s4_forward_zone_soa(s4connector, soa_dn)[source]
univention.s4connector.s4.dns.__create_s4_dns_node(s4connector, dnsNodeDn, relativeDomainNames, dnsRecords)[source]
univention.s4connector.s4.dns.__pack_aRecord(object, dnsRecords)[source]
univention.s4connector.s4.dns.__unpack_aRecord(object)[source]
univention.s4connector.s4.dns.__pack_soaRecord(object, dnsRecords)[source]
univention.s4connector.s4.dns.__unpack_soaRecord(object)[source]
univention.s4connector.s4.dns.__pack_nsRecord(object, dnsRecords)[source]
univention.s4connector.s4.dns.__unpack_nsRecord(object)[source]
univention.s4connector.s4.dns.__pack_mxRecord(object, dnsRecords)[source]
univention.s4connector.s4.dns.__unpack_mxRecord(object)[source]
univention.s4connector.s4.dns.__pack_txtRecord(object, dnsRecords)[source]
univention.s4connector.s4.dns.__unpack_txtRecord(object)[source]
univention.s4connector.s4.dns.__pack_cName(object, dnsRecords)[source]
univention.s4connector.s4.dns.__unpack_cName(object)[source]
univention.s4connector.s4.dns.__pack_sRVrecord(object, dnsRecords)[source]
univention.s4connector.s4.dns.__unpack_sRVrecord(object)[source]
univention.s4connector.s4.dns.__pack_ptrRecord(object, dnsRecords)[source]
univention.s4connector.s4.dns.__unpack_ptrRecord(object)[source]
univention.s4connector.s4.dns.__get_s4_msdcs_soa(s4connector, zoneName)[source]

Required to keep the SOA serial numbers in sync

univention.s4connector.s4.dns.s4_zone_create(s4connector, object)[source]
univention.s4connector.s4.dns.s4_zone_msdcs_sync(s4connector, object)[source]
univention.s4connector.s4.dns.s4_zone_create_wrapper(s4connector, object)[source]

Handle s4_zone_create to additionally sync to _msdcs.$domainname Required to keep the SOA serial numbers in sync

univention.s4connector.s4.dns.s4_zone_delete(s4connector, object)[source]
univention.s4connector.s4.dns.s4_dns_node_base_create(s4connector, object, dnsRecords)[source]
univention.s4connector.s4.dns.s4_dns_node_base_delete(s4connector, object)[source]
univention.s4connector.s4.dns.s4_host_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_host_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_host_record_delete(s4connector, object)[source]
univention.s4connector.s4.dns.s4_ptr_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_ptr_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_ptr_record_delete(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_cname_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_cname_delete(s4connector, object)[source]
univention.s4connector.s4.dns.s4_cname_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_srv_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_srv_record_delete(s4connector, object)[source]
univention.s4connector.s4.dns.s4_srv_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_txt_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_txt_record_delete(s4connector, object)[source]
univention.s4connector.s4.dns.s4_txt_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_ns_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_ns_record_delete(s4connector, object)[source]
univention.s4connector.s4.dns.s4_ns_record_create(s4connector, object)[source]
univention.s4connector.s4.dns.ucs_zone_create(s4connector, object, dns_type)[source]
univention.s4connector.s4.dns.ucs_zone_delete(s4connector, object, dns_type)[source]
univention.s4connector.s4.dns._identify_dns_ucs_object(s4connector, object)[source]
univention.s4connector.s4.dns._identify_dns_con_object(s4connector, object)[source]
univention.s4connector.s4.dns.ucs2con(s4connector, key, object)[source]
univention.s4connector.s4.dns.con2ucs(s4connector, key, object)[source]

univention.s4connector.s4.main module

univention.s4connector.s4.mapping module

univention.s4connector.s4.mapping.ignore_filter_from_tmpl(template, ucr_key, default='')[source]

Construct an ignore_filter from a ucr_key (connector/s4/mapping/*/ignorelist, a comma delimited list of values), as specified by template while correctly escaping the filter-expression.

template must be formatted as required by format_escaped.

>>> ignore_filter_from_tmpl('(cn={0!e})',
... 'connector/s4/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
univention.s4connector.s4.mapping.ignore_filter_from_attr(attribute, ucr_key, default='')[source]

Convenience-wrapper around ignore_filter_from_tmpl().

This expects a single attribute instead of a template argument.

>>> ignore_filter_from_attr('cn',
... 'connector/s4/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
univention.s4connector.s4.mapping.ucs2s4_sid(s4connector, key, object)[source]
univention.s4connector.s4.mapping.s42ucs_sid(s4connector, key, object)[source]
univention.s4connector.s4.mapping.ucs2s4_givenName(s4connector, key, object)[source]
univention.s4connector.s4.mapping.s42ucs_givenName(s4connector, key, object)[source]
univention.s4connector.s4.mapping.ucs2s4_dn_string(dn)[source]
univention.s4connector.s4.mapping.ucs2s4_dn(s4connector, key, object)[source]
univention.s4connector.s4.mapping.s42ucs_dn_string(dn)[source]
univention.s4connector.s4.mapping.s42ucs_dn(s4connector, key, object)[source]
univention.s4connector.s4.mapping.ucs2s4_user_dn(s4connector, key, object)[source]
univention.s4connector.s4.mapping.s42ucs_user_dn(s4connector, key, object)[source]
univention.s4connector.s4.mapping.ucs2s4_sambaGroupType(s4connector, key, object)[source]
univention.s4connector.s4.mapping.s42ucs_sambaGroupType(s4connector, key, object)[source]

univention.s4connector.s4.ntsecurity_descriptor module

univention.s4connector.s4.ntsecurity_descriptor.encode_sddl_to_sd_in_ndr(domain_sid, ntsd_sddl)[source]
univention.s4connector.s4.ntsecurity_descriptor.decode_sd_in_ndr_to_sddl(domain_sid, value)[source]
univention.s4connector.s4.ntsecurity_descriptor.ntsd_to_s4(s4connector, key, object)[source]
univention.s4connector.s4.ntsecurity_descriptor.ntsd_to_ucs(s4connector, key, s4_object)[source]

univention.s4connector.s4.password module

class univention.s4connector.s4.password.Krb5Context[source]

Bases: object

univention.s4connector.s4.password.calculate_krb5key(unicodePwd, supplementalCredentials, kvno=0)[source]
univention.s4connector.s4.password.calculate_supplementalCredentials(ucs_krb5key, old_supplementalCredentials, nt_hash)[source]
univention.s4connector.s4.password.extract_NThash_from_krb5key(ucs_krb5key)[source]
univention.s4connector.s4.password._append_length(a, str)[source]
univention.s4connector.s4.password.password_sync_ucs_to_s4(s4connector, key, object)[source]
univention.s4connector.s4.password.password_sync_s4_to_ucs(s4connector, key, ucs_object, modifyUserPassword=True)[source]
univention.s4connector.s4.password.password_sync_s4_to_ucs_no_userpassword(s4connector, key, ucs_object)[source]
univention.s4connector.s4.password.lockout_sync_s4_to_ucs(s4connector, key, ucs_object)[source]
Sync account locking state from Samba/AD to OpenLDAP:
sync Samba/AD (lockoutTime != 0) -> OpenLDAP sambaAcctFlags (“L”) and Samba/AD badPasswordTime -> OpenLDAP sambaBadPasswordTime
univention.s4connector.s4.password.lockout_sync_ucs_to_s4(s4connector, key, object)[source]
Sync unlock modification from OpenLDAP to Samba/AD:

sync OpenLDAP (“L” not in sambaAcctFlags) -> Samba/AD lockoutTime = 0

sync OpenLDAP (“L” in sambaAcctFlags) -> Samba/AD lockoutTime = sambaBadPasswordTime and OpenLDAP sambaBadPasswordTime -> Samba/AD badPasswordTime

univention.s4connector.s4.query_config module

univention.s4connector.s4.query_config.fixup(s)[source]

univention.s4connector.s4.sid_mapping module

univention.s4connector.s4.sid_mapping.print_sid_mapping(configRegistry)[source]

Deprecated since version UCS: 4.4

univention.s4connector.s4.sid_mapping.sid_to_s4_mapping(s4connector, key, object)[source]
univention.s4connector.s4.sid_mapping.sid_to_ucs_mapping(s4connector, key, s4_object)[source]
univention.s4connector.s4.sid_mapping.sid_to_s4(s4connector, key, object)[source]
univention.s4connector.s4.sid_mapping.sid_to_ucs(s4connector, key, s4_object)[source]

univention.s4connector.s4.user module

univention.s4connector.s4.user.prefdev_sync_s4_to_ucs(s4connector, key, s4_object)[source]
univention.s4connector.s4.user.prefdev_sync_ucs_to_s4(s4connector, key, ucs_object)[source]
univention.s4connector.s4.user.userCertificate_sync_s4_to_ucs(s4connector, key, s4_object)[source]
univention.s4connector.s4.user.userCertificate_sync_ucs_to_s4(s4connector, key, ucs_object)[source]
univention.s4connector.s4.user.jpegPhoto_sync_s4_to_ucs(s4connector, key, s4_object)[source]
univention.s4connector.s4.user.jpegPhoto_sync_ucs_to_s4(s4connector, key, ucs_object)[source]
univention.s4connector.s4.user.secretary_sync_s4_to_ucs(s4connector, key, s4_object)[source]
univention.s4connector.s4.user.secretary_sync_ucs_to_s4(s4connector, key, ucs_object)[source]