Toggle navigation

.rst .pdf

Contents

univention.s4connector.s4 package

univention.s4connector.s4.group_members_sync_from_ucs(connector, key, object)

univention.s4connector.s4.object_memberships_sync_from_ucs(connector, key, object)

univention.s4connector.s4.group_members_sync_to_ucs(connector, key, object)

univention.s4connector.s4.object_memberships_sync_to_ucs(connector, key, object)

univention.s4connector.s4.primary_group_sync_from_ucs(connector, key, object)

univention.s4connector.s4.primary_group_sync_to_ucs(connector, key, object)

univention.s4connector.s4.disable_user_from_ucs(connector, key, object)

univention.s4connector.s4.disable_user_to_ucs(connector, key, object)

univention.s4connector.s4.add_primary_group_to_addlist(connector, property_type, object, addlist, serverctrls)

univention.s4connector.s4.check_for_local_group_and_extend_serverctrls_and_sid(connector, property_type, object, add_or_modlist, serverctrls)

univention.s4connector.s4.fix_dn_in_search(result)

univention.s4connector.s4.fix_dn(dn)

univention.s4connector.s4.str2dn(dn)

univention.s4connector.s4.unix2s4_time(ltime)

univention.s4connector.s4.s42unix_time(ltime)

univention.s4connector.s4.samba2s4_time(ltime)

univention.s4connector.s4.s42samba_time(ltime)

univention.s4connector.s4.samaccountname_dn_mapping(connector, given_object, dn_mapping_stored, ucsobject, propertyname, propertyattrib, ocucs, ucsattrib, ocad, dn_attr=None)

map dn of given object (which must have an samaccountname in S4) ocucs and ocad are objectclasses in UCS and S4

univention.s4connector.s4.user_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)

map dn of given user using the samaccountname/uid connector is an instance of univention.s4connector.s4, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.s4connector.s4.group_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)

map dn of given group using the samaccountname/cn connector is an instance of univention.s4connector.s4, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.s4connector.s4.windowscomputer_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)

map dn of given windows computer using the samaccountname/uid s4connector is an instance of univention.s4connector.s4, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.s4connector.s4.dc_dn_mapping(s4connector, given_object, dn_mapping_stored, isUCSobject)

map dn of given dc computer using the samaccountname/uid s4connector is an instance of univention.s4connector.s4, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.s4connector.s4.decode_sid(value)

univention.s4connector.s4.compare_sid_lists(sid_list1, sid_list2)

Compare the SID / RID attributes. Depending on the sync direction and SID sync configuration the function gets two SID lists or two RID values.

class univention.s4connector.s4.LDAPEscapeFormatter

Bases: string.Formatter

A custom string formatter that supports a special e conversion, to employ the function ldap.filter.escape_filter_chars() on the given value.

>>> LDAPEscapeFormatter().format("{0}", "*")
'*'
>>> LDAPEscapeFormatter().format("{0!e}", "*")
'\2a'

Unfortunately this does not support the key/index-less variant (see http://bugs.python.org/issue13598).

>>> LDAPEscapeFormatter().format("{!e}", "*")
Traceback (most recent call last):
KeyError: ''

convert_field(value, conversion)

univention.s4connector.s4.format_escaped(format_string, *args, **kwargs)

Convenience-wrapper around LDAPEscapeFormatter.

Use !e do denote format-field that should be escaped using ldap.filter.escape_filter_chars()’

>>> format_escaped("{0!e}", "*")
'\2a'

class univention.s4connector.s4.s4(CONFIGBASENAME, property, configRegistry, s4_ldap_host, s4_ldap_port, s4_ldap_base, s4_ldap_binddn, s4_ldap_bindpw, s4_ldap_certificate, listener_dir, logfilename=None, debug_level=None)

Bases: univention.s4connector.ucs

RANGE_RETRIEVAL_PATTERN = re.compile('^([^;]+);range=(\\d+)-(\\d+|\\*)$')

classmethod main(ucr=None, configbasename='connector', **kwargs)

init_ldap_connections()

init_group_cache()

s4_search_ext_s(*args, **kwargs)

open_s4()

get_lastUSN()

list_rejected()

save_rejected(object)

save object as rejected

remove_rejected(object)

remove object from rejected

addToCreationList(dn)

removeFromCreationList(dn)

isInCreationList(dn)

get_object_dn(dn)

parse_range_retrieval_attrs(ad_attrs, attr)

value_range_retrieval(ad_dn, ad_attrs, attr)

get_s4_members(ad_dn, ad_attrs)

get_object(dn, attrlist=None)

Get an object from S4-LDAP

set_primary_group_to_ucs_user(object_key, object_ucs)

check if correct primary group is set to a fresh UCS-User

primary_group_sync_from_ucs(key, object)

sync primary group of an ucs-object to ad

primary_group_sync_to_ucs(key, object)

sync primary group of an ad-object to ucs

object_memberships_sync_from_ucs(key, object)

sync group membership in AD if object was changend in UCS

group_members_sync_from_ucs(key, object)

sync groupmembers in AD if changend in UCS

object_memberships_sync_to_ucs(key, object)

sync group membership in UCS if object was changend in AD

one_group_member_sync_to_ucs(ucs_group_object, object)

sync groupmembers in UCS if changend one member in AD

one_group_member_sync_from_ucs(s4_group_object, object)

sync groupmembers in AD if changend one member in AD

group_members_sync_to_ucs(key, object)

sync groupmembers in UCS if changend in AD

disable_user_from_ucs(key, object)

disable_user_to_ucs(key, object)

initialize()

resync_rejected()

tries to resync rejected dn

poll(show_deleted=True)

poll for changes in AD

sync_from_ucs(property_type, object, pre_mapped_ucs_dn, old_dn=None, old_ucs_object=None, new_ucs_object=None)

delete_in_s4(object, property_type)

Submodules

univention.s4connector.s4.computer module

univention.s4connector.s4.computer.checkAndConvertToMacOSX(s4connector, key, sync_object)

univention.s4connector.s4.computer.windowscomputer_sync_s4_to_ucs_check_rename(s4connector, key, sync_object)

univention.s4connector.s4.dc module

univention.s4connector.s4.dc.ucs2con(s4connector, key, object)

univention.s4connector.s4.dc.con2ucs(s4connector, key, object)

univention.s4connector.s4.dc.identify(dn, attr, canonical=0)

univention.s4connector.s4.dns module

class univention.s4connector.s4.dns.PTRRecord(*args: Any, **kwargs: Any)

Bases: samba.dcerpc.dnsp.DnssrvRpcRecord

class univention.s4connector.s4.dns.MXRecord(*args: Any, **kwargs: Any)

Bases: samba.dcerpc.dnsp.DnssrvRpcRecord

univention.s4connector.s4.dns.dns_dn_mapping(s4connector, given_object, dn_mapping_stored, isUCSobject)

map dn of given object (which must have an s4_RR_attr in S4) ol_oc_filter and s4_RR_filter are objectclass filters in UCS and S4

Code is based on univention.s4connector.s4.samaccountname_dn_mapping

univention.s4connector.s4.dns.s4_zone_create(s4connector, object)

univention.s4connector.s4.dns.s4_zone_msdcs_sync(s4connector, object)

univention.s4connector.s4.dns.s4_zone_create_wrapper(s4connector, object)

Handle s4_zone_create to additionally sync to _msdcs.$domainname Required to keep the SOA serial numbers in sync

univention.s4connector.s4.dns.s4_zone_delete(s4connector, object)

univention.s4connector.s4.dns.s4_dns_node_base_create(s4connector, object, dnsRecords)

univention.s4connector.s4.dns.s4_dns_node_base_delete(s4connector, object)

univention.s4connector.s4.dns.s4_host_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_host_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_host_record_delete(s4connector, object)

univention.s4connector.s4.dns.s4_ptr_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_ptr_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_ptr_record_delete(s4connector, object)

univention.s4connector.s4.dns.ucs_cname_create(s4connector, object)

univention.s4connector.s4.dns.ucs_cname_delete(s4connector, object)

univention.s4connector.s4.dns.s4_cname_create(s4connector, object)

univention.s4connector.s4.dns.ucs_srv_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_srv_record_delete(s4connector, object)

univention.s4connector.s4.dns.s4_srv_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_txt_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_txt_record_delete(s4connector, object)

univention.s4connector.s4.dns.s4_txt_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_ns_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_ns_record_delete(s4connector, object)

univention.s4connector.s4.dns.s4_ns_record_create(s4connector, object)

univention.s4connector.s4.dns.ucs_zone_create(s4connector, object, dns_type)

univention.s4connector.s4.dns.ucs_zone_delete(s4connector, object, dns_type)

univention.s4connector.s4.dns.ucs2con(s4connector, key, object)

univention.s4connector.s4.dns.con2ucs(s4connector, key, object)

univention.s4connector.s4.main module

univention.s4connector.s4.main.bind_stdout(options, statuslogfile)

univention.s4connector.s4.main.daemon(lock_file, options)

univention.s4connector.s4.main.connect(options)

univention.s4connector.s4.main.lock(filename)

univention.s4connector.s4.main.main()

univention.s4connector.s4.mapping module

univention.s4connector.s4.mapping.ignore_filter_from_tmpl(template, ucr_key, default='')

Construct an ignore_filter from a ucr_key (connector/s4/mapping/*/ignorelist, a comma delimited list of values), as specified by template while correctly escaping the filter-expression.

template must be formatted as required by format_escaped.

>>> ignore_filter_from_tmpl('(cn={0!e})',
... 'connector/s4/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'

univention.s4connector.s4.mapping.ignore_filter_from_attr(attribute, ucr_key, default='')

Convenience-wrapper around ignore_filter_from_tmpl().

This expects a single attribute instead of a template argument.

>>> ignore_filter_from_attr('cn',
... 'connector/s4/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'

univention.s4connector.s4.mapping.get_sid_mapping()

univention.s4connector.s4.mapping.load_localmapping(filename='/etc/univention/connector/s4/localmapping.py')

univention.s4connector.s4.ntsecurity_descriptor module

univention.s4connector.s4.ntsecurity_descriptor.encode_sddl_to_sd_in_ndr(domain_sid, ntsd_sddl)

univention.s4connector.s4.ntsecurity_descriptor.decode_sd_in_ndr_to_sddl(domain_sid, value)

univention.s4connector.s4.ntsecurity_descriptor.ntsd_to_s4(s4connector, key, object)

univention.s4connector.s4.ntsecurity_descriptor.ntsd_to_ucs(s4connector, key, s4_object)

univention.s4connector.s4.password module

class univention.s4connector.s4.password.Krb5Context

Bases: object

univention.s4connector.s4.password.calculate_krb5key(unicodePwd, supplementalCredentials, kvno=0)

univention.s4connector.s4.password.calculate_supplementalCredentials(ucs_krb5key, old_supplementalCredentials, nt_hash)

univention.s4connector.s4.password.extract_NThash_from_krb5key(ucs_krb5key)

univention.s4connector.s4.password.password_sync_ucs_to_s4(s4connector, key, object)

univention.s4connector.s4.password.password_sync_s4_to_ucs(s4connector, key, ucs_object, modifyUserPassword=True)

univention.s4connector.s4.password.password_sync_s4_to_ucs_no_userpassword(s4connector, key, ucs_object)

univention.s4connector.s4.password.lockout_sync_s4_to_ucs(s4connector, key, ucs_object)

Sync account locking state from Samba/AD to OpenLDAP:

sync Samba/AD (lockoutTime != 0) -> OpenLDAP sambaAcctFlags (“L”) and Samba/AD badPasswordTime -> OpenLDAP sambaBadPasswordTime

univention.s4connector.s4.password.lockout_sync_ucs_to_s4(s4connector, key, object)

Sync unlock modification from OpenLDAP to Samba/AD:

sync OpenLDAP (“L” not in sambaAcctFlags) -> Samba/AD lockoutTime = 0

sync OpenLDAP (“L” in sambaAcctFlags) -> Samba/AD lockoutTime = sambaBadPasswordTime and OpenLDAP sambaBadPasswordTime -> Samba/AD badPasswordTime

univention.s4connector.s4.query_config module

univention.s4connector.s4.query_config.fixup(s)

univention.s4connector.s4.sid_mapping module

Helper function to create the SID mapping definition.

univention.s4connector.s4.sid_mapping.sid_to_s4_mapping(s4connector, key, object)

univention.s4connector.s4.sid_mapping.sid_to_ucs_mapping(s4connector, key, s4_object)

univention.s4connector.s4.sid_mapping.sid_to_s4(s4connector, key, object)

univention.s4connector.s4.sid_mapping.sid_to_ucs(s4connector, key, s4_object)

univention.s4connector.s4.user module

univention.s4connector.s4.user.prefdev_sync_s4_to_ucs(s4connector, key, s4_object)

univention.s4connector.s4.user.prefdev_sync_ucs_to_s4(s4connector, key, ucs_object)

univention.s4connector.s4.user.userCertificate_sync_s4_to_ucs(s4connector, key, s4_object)

univention.s4connector.s4.user.userCertificate_sync_ucs_to_s4(s4connector, key, ucs_object)

univention.s4connector.s4.user.jpegPhoto_sync_s4_to_ucs(s4connector, key, s4_object)

univention.s4connector.s4.user.jpegPhoto_sync_ucs_to_s4(s4connector, key, ucs_object)

univention.s4connector.s4.user.secretary_sync_s4_to_ucs(s4connector, key, s4_object)

univention.s4connector.s4.user.secretary_sync_ucs_to_s4(s4connector, key, ucs_object)

previous

univention.s4connector package

next

univention.saml package