univention.connector.ad package

class univention.connector.ad.LDAPEscapeFormatter

Bases: string.Formatter

A custom string formatter that supports a special e conversion, to employ the function ldap.filter.escape_filter_chars() on the given value.

>>> LDAPEscapeFormatter().format("{0}", "*")
'*'
>>> LDAPEscapeFormatter().format("{0!e}", "*")
'\2a'

Unfortunately this does not support the key/index-less variant (see http://bugs.python.org/issue13598).

>>> LDAPEscapeFormatter().format("{!e}", "*")
Traceback (most recent call last):
KeyError: ''

convert_field(value, conversion)

class univention.connector.ad.Simple_AD_Connection(CONFIGBASENAME, ucr, host, port, base, binddn, bindpw, certificate)

stripped down univention.connector.ad.ad class difference: accept “bindpwd” directly instead of “bindpw” filename difference: don’t require mapping difference: Skip init_group_cache code (i.e. use init_group_cache=False) difference: don’t use TLS

univention.connector.ad.activate_user(connector, key, object)

class univention.connector.ad.ad(CONFIGBASENAME, property, baseConfig, ad_ldap_host, ad_ldap_port, ad_ldap_base, ad_ldap_binddn, ad_ldap_bindpw, ad_ldap_certificate, listener_dir, init_group_cache=True)

Bases: univention.connector.ucs

_ad__check_base64(string)

_ad__compare_lowercase(dn, dn_list)

Checks if dn is in dn_list

_ad__dn_from_deleted_object(object, GUID)

gets dn for deleted object (original dn before the object was moved into the deleted objects container)

_ad__encode_GUID(GUID)

_ad__get_change_usn(object)

get change usn as max(uSNCreated,uSNChanged)

_ad__get_highestCommittedUSN()

get highestCommittedUSN stored in AD

_ad__group_cache_con_append_member(group, member)

_ad__group_cache_ucs_append_member(group, member)

_ad__has_attribute_value_changed(attribute, object_old, new_object)

_ad__identify(object)

_ad__object_from_element(element)

gets an object from an LDAP-element, implements necessary mapping

_ad__search_ad(base=None, scope=2, filter='', attrlist=[], show_deleted=False)

search ad

_ad__search_ad_changeUSN(changeUSN, show_deleted=True, filter='')

search ad for change with id

_ad__search_ad_changes(show_deleted=False, filter='')

search ad for changes since last update (changes greater lastUSN)

_ad__update_lastUSN(object)

Update der lastUSN

_commit_lastUSN()

_get_DN_for_GUID(GUID)

_get_from_root_dse(attributes=[])

Get attributes from the rootDSE from AD.

_get_lastUSN()

_get_objectGUID(dn)

_get_rejected(id)

_list_rejected()

_remove_GUID(GUID)

_remove_dn_from_group_cache(con_dn=None, ucs_dn=None)

_remove_rejected(id)

_save_rejected(id, dn)

_set_DN_for_GUID(GUID, DN)

_set_lastUSN(lastUSN)

_update_group_member_cache(remove_con_dn=None, remove_ucs_dn=None, add_con_dn=None, add_ucs_dn=None)

addToCreationList(dn)

delete_in_ad(object)

disable_user_from_ucs(key, object)

disable_user_to_ucs(key, object)

encode(string)

get_ad_members(ad_dn, ad_attrs)

get_kerberos_ticket()

get_lastUSN()

get_object(dn, attrlist=None)

group_members_sync_from_ucs(key, object)

sync groupmembers in AD if changend in UCS

group_members_sync_to_ucs(key, object)

sync groupmembers in UCS if changend in AD

initialize()

isInCreationList(dn)

list_rejected()

object_memberships_sync_from_ucs(key, object)

sync group membership in AD if object was changend in UCS

object_memberships_sync_to_ucs(key, object)

sync group membership in UCS if object was changend in AD

one_group_member_sync_from_ucs(ad_group_object, object)

sync groupmembers in AD if changend one member in AD

one_group_member_sync_to_ucs(ucs_group_object, object)

sync groupmembers in UCS if changend one member in AD

open_ad()

open_drs_connection()

open_samr()

parse_range_retrieval_attrs(ad_attrs, attr)

poll(show_deleted=True)

poll for changes in AD

primary_group_sync_from_ucs(key, object)

sync primary group of an ucs-object to ad

primary_group_sync_to_ucs(key, object)

sync primary group of an ad-object to ucs

range_retrieval_pattern = <_sre.SRE_Pattern object>

removeFromCreationList(dn)

remove_rejected(object)

remove object from rejected

resync_rejected()

tries to resync rejected dn

save_rejected(object)

save object as rejected

set_primary_group_to_ucs_user(object_key, object_ucs)

check if correct primary group is set to a fresh UCS-User

set_userPrincipalName_from_ucr(key, object)

sync_from_ucs(property_type, object, pre_mapped_ucs_dn, old_dn=None, object_old=None)

value_range_retrieval(ad_dn, ad_attrs, attr)

univention.connector.ad.ad2samba_time(l)

univention.connector.ad.ad2unix_time(l)

univention.connector.ad.compatible_addlist(list)

univention.connector.ad.compatible_list(list)

univention.connector.ad.compatible_modlist(list)

univention.connector.ad.compatible_modstring(string)

univention.connector.ad.decode_addlist(list, encoding)

univention.connector.ad.decode_list(list, encoding)

univention.connector.ad.decode_modlist(list, encoding)

univention.connector.ad.decode_sid(value)

univention.connector.ad.disable_user_from_ucs(connector, key, object)

univention.connector.ad.disable_user_to_ucs(connector, key, object)

univention.connector.ad.encode_ad_object(ad_object)

univention.connector.ad.encode_ad_result(ad_result)

encode an result from an python-ldap search

univention.connector.ad.encode_ad_resultlist(ad_resultlist)

encode an result from an python-ldap search

univention.connector.ad.encode_addlist(list, encoding)

univention.connector.ad.encode_attrib(attrib)

univention.connector.ad.encode_attriblist(attriblist)

univention.connector.ad.encode_list(list, encoding)

univention.connector.ad.encode_modlist(list, encoding)

univention.connector.ad.encode_object_sid(sid_string, encode_in_base64=True)

univention.connector.ad.encode_sid(value)

univention.connector.ad.explode_unicode_dn(dn, notypes=0)

univention.connector.ad.format_escaped(format_string, *args, **kwargs)

Convenience-wrapper arround LDAPEscapeFormatter.

Use !e do denote format-field that should be escaped using ldap.filter.escape_filter_chars()‘

>>> format_escaped("{0!e}", "*")
'\2a'

univention.connector.ad.group_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)

map dn of given group using the samaccountname/cn connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.group_members_sync_from_ucs(connector, key, object)

univention.connector.ad.group_members_sync_to_ucs(connector, key, object)

exception univention.connector.ad.kerberosAuthenticationFailed

Bases: exceptions.Exception

exception univention.connector.ad.netbiosDomainnameNotFound

Bases: exceptions.Exception

univention.connector.ad.object_memberships_sync_from_ucs(connector, key, object)

univention.connector.ad.object_memberships_sync_to_ucs(connector, key, object)

univention.connector.ad.old_user_dn_mapping(connector, given_object)

univention.connector.ad.primary_group_sync_from_ucs(connector, key, object)

univention.connector.ad.primary_group_sync_to_ucs(connector, key, object)

univention.connector.ad.samaccountname_dn_mapping(connector, given_object, dn_mapping_stored, ucsobject, propertyname, propertyattrib, ocucs, ucsattrib, ocad, dn_attr=None)

map dn of given object (which must have an samaccountname in AD) ocucs and ocad are objectclasses in UCS and AD

univention.connector.ad.samba2ad_time(l)

univention.connector.ad.set_univentionObjectFlag_to_synced(connector, key, ucs_object)

univention.connector.ad.set_userPrincipalName_from_ucr(connector, key, object)

univention.connector.ad.unicode_list(list, encoding)

univention.connector.ad.unix2ad_time(l)

univention.connector.ad.user_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)

map dn of given user using the samaccountname/uid connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.windowscomputer_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)

map dn of given windows computer using the samaccountname/uid connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

Submodules

univention.connector.ad.main module

univention.connector.ad.mapping module

univention.connector.ad.mapping.ignore_filter_from_tmpl(template, ucr_key, default='')

Construct an ignore_filter from a ucr_key (connector/ad/mapping/*/ignorelist, a comma delimited list of values), as specified by template while correctly escaping the filter-expression.

template must be formatted as required by format_escaped.

>>> ignore_filter_from_tmpl('(cn={0!e})',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'

univention.connector.ad.mapping.ignore_filter_from_attr(attribute, ucr_key, default='')

Convenience-wrapper around ignore_filter_from_tmpl().

This expects a single attribute instead of a template argument.

>>> ignore_filter_from_attr('cn',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'

univention.connector.ad.mapping.ucs2ad_sid(connector, key, object)

univention.connector.ad.mapping.ad2ucs_sid(connector, key, object)

univention.connector.ad.mapping.ucs2ad_givenName(connector, key, object)

univention.connector.ad.mapping.ad2ucs_givenName(connector, key, object)

univention.connector.ad.mapping.ucs2ad_dn_string(dn)

univention.connector.ad.mapping.ucs2ad_dn(connector, key, object)

univention.connector.ad.mapping.ad2ucs_dn_string(dn)

univention.connector.ad.mapping.ad2ucs_dn(connector, key, object)

univention.connector.ad.mapping.ucs2ad_user_dn(connector, key, object)

univention.connector.ad.mapping.ad2ucs_user_dn(connector, key, object)

univention.connector.ad.mapping.ucs2ad_sambaGroupType(connector, key, object)

univention.connector.ad.mapping.ad2ucs_sambaGroupType(connector, key, object)

univention.connector.ad.password module

univention.connector.ad.password.nt_password_to_arcfour_hmac_md5(nt_password)

univention.connector.ad.password.transformKey(InputKey)

univention.connector.ad.password.mySamEncryptNTLMHash(hash, key)

univention.connector.ad.password.deriveKey(baseKey)

univention.connector.ad.password.removeDESLayer(cryptedHash, rid)

univention.connector.ad.password.decrypt(key, data, rid)

univention.connector.ad.password.calculate_krb5keys(supplementalCredentialsblob)

univention.connector.ad.password.set_password_in_ad(connector, samaccountname, pwd, reconnect=False)

univention.connector.ad.password.decrypt_supplementalCredentials(connector, spl_crypt)

univention.connector.ad.password.get_password_from_ad(connector, user_dn, reconnect=False)

univention.connector.ad.password.password_sync_ucs(connector, key, object)

univention.connector.ad.password.password_sync_kinit(connector, key, ucs_object)

univention.connector.ad.password.password_sync(connector, key, ucs_object)

univention.connector.ad.proxyAddresses module

univention.connector.ad.proxyAddresses.valid_mailaddress(val)

univention.connector.ad.proxyAddresses.equal(values1, values2)

This is called in these two ways: 1. in sync_from_ucs: values1 are mapped ucs and values2 are con 2. in __set_values: values1 are ucs and values2 are mapped con

univention.connector.ad.proxyAddresses.to_proxyAddresses(s4connector, key, object)

univention.connector.ad.proxyAddresses.to_mailPrimaryAddress(s4connector, key, object)

univention.connector.ad.proxyAddresses.to_mailAlternativeAddress(s4connector, key, object)

univention.connector.ad.proxyAddresses.merge_ucs2con(mapped_ucs_values, old_con_values=None)

univention.connector.ad.query_config module

univention.connector.ad.query_config.fixup(s)