univention.connector.ad package
-
class
univention.connector.ad.
LDAPEscapeFormatter
[source]
Bases: string.Formatter
A custom string formatter that supports a special e conversion, to employ
the function ldap.filter.escape_filter_chars() on the given value.
>>> LDAPEscapeFormatter().format("{0}", "*")
'*'
>>> LDAPEscapeFormatter().format("{0!e}", "*")
'\2a'
Unfortunately this does not support the key/index-less variant
(see http://bugs.python.org/issue13598).
>>> LDAPEscapeFormatter().format("{!e}", "*")
Traceback (most recent call last):
KeyError: ''
-
convert_field
(value, conversion)[source]
-
class
univention.connector.ad.
Simple_AD_Connection
(CONFIGBASENAME, ucr, host, port, base, binddn, bindpw, certificate)[source]
stripped down univention.connector.ad.ad class
difference: accept “bindpwd” directly instead of “bindpw” filename
difference: don’t require mapping
difference: Skip init_group_cache code (i.e. use init_group_cache=False)
difference: don’t use TLS
-
univention.connector.ad.
activate_user
(connector, key, object)[source]
-
class
univention.connector.ad.
ad
(CONFIGBASENAME, property, baseConfig, ad_ldap_host, ad_ldap_port, ad_ldap_base, ad_ldap_binddn, ad_ldap_bindpw, ad_ldap_certificate, listener_dir, init_group_cache=True)[source]
Bases: univention.connector.ucs
-
_ad__check_base64
(string)
-
_ad__compare_lowercase
(dn, dn_list)
Checks if dn is in dn_list
-
_ad__dn_from_deleted_object
(object, GUID)
gets dn for deleted object (original dn before the object was moved into the deleted objects container)
-
_ad__encode_GUID
(GUID)
-
_ad__get_change_usn
(object)
get change usn as max(uSNCreated,uSNChanged)
-
_ad__get_highestCommittedUSN
()
get highestCommittedUSN stored in AD
-
_ad__group_cache_con_append_member
(group, member)
-
_ad__group_cache_ucs_append_member
(group, member)
-
_ad__has_attribute_value_changed
(attribute, object_old, new_object)
-
_ad__identify
(object)
-
_ad__object_from_element
(element)
gets an object from an LDAP-element, implements necessary mapping
-
_ad__search_ad
(base=None, scope=2, filter='', attrlist=[], show_deleted=False)
search ad
-
_ad__search_ad_changeUSN
(changeUSN, show_deleted=True, filter='')
search ad for change with id
-
_ad__search_ad_changes
(show_deleted=False, filter='')
search ad for changes since last update (changes greater lastUSN)
-
_ad__update_lastUSN
(object)
Update der lastUSN
-
_commit_lastUSN
()[source]
-
_get_DN_for_GUID
(GUID)[source]
-
_get_from_root_dse
(attributes=[])[source]
Get attributes from the rootDSE from AD.
-
_get_lastUSN
()[source]
-
_get_objectGUID
(dn)[source]
-
_get_rejected
(id)[source]
-
_list_rejected
()[source]
-
_remove_GUID
(GUID)[source]
-
_remove_dn_from_group_cache
(con_dn=None, ucs_dn=None)[source]
-
_remove_rejected
(id)[source]
-
_save_rejected
(id, dn)[source]
-
_set_DN_for_GUID
(GUID, DN)[source]
-
_set_lastUSN
(lastUSN)[source]
-
_update_group_member_cache
(remove_con_dn=None, remove_ucs_dn=None, add_con_dn=None, add_ucs_dn=None)[source]
-
addToCreationList
(dn)[source]
-
delete_in_ad
(object)[source]
-
disable_user_from_ucs
(key, object)[source]
-
disable_user_to_ucs
(key, object)[source]
-
encode
(string)[source]
-
get_ad_members
(ad_dn, ad_attrs)[source]
-
get_kerberos_ticket
()[source]
-
get_lastUSN
()[source]
-
get_object
(dn, attrlist=None)[source]
-
group_members_sync_from_ucs
(key, object)[source]
sync groupmembers in AD if changend in UCS
-
group_members_sync_to_ucs
(key, object)[source]
sync groupmembers in UCS if changend in AD
-
initialize
()[source]
-
isInCreationList
(dn)[source]
-
list_rejected
()[source]
-
object_memberships_sync_from_ucs
(key, object)[source]
sync group membership in AD if object was changend in UCS
-
object_memberships_sync_to_ucs
(key, object)[source]
sync group membership in UCS if object was changend in AD
-
one_group_member_sync_from_ucs
(ad_group_object, object)[source]
sync groupmembers in AD if changend one member in AD
-
one_group_member_sync_to_ucs
(ucs_group_object, object)[source]
sync groupmembers in UCS if changend one member in AD
-
open_ad
()[source]
-
open_drs_connection
()[source]
-
open_samr
()[source]
-
parse_range_retrieval_attrs
(ad_attrs, attr)[source]
-
poll
(show_deleted=True)[source]
poll for changes in AD
-
primary_group_sync_from_ucs
(key, object)[source]
sync primary group of an ucs-object to ad
-
primary_group_sync_to_ucs
(key, object)[source]
sync primary group of an ad-object to ucs
-
range_retrieval_pattern
= <_sre.SRE_Pattern object>
-
removeFromCreationList
(dn)[source]
-
remove_rejected
(object)[source]
remove object from rejected
-
resync_rejected
()[source]
tries to resync rejected dn
-
save_rejected
(object)[source]
save object as rejected
-
set_primary_group_to_ucs_user
(object_key, object_ucs)[source]
check if correct primary group is set to a fresh UCS-User
-
set_userPrincipalName_from_ucr
(key, object)[source]
-
sync_from_ucs
(property_type, object, pre_mapped_ucs_dn, old_dn=None, object_old=None)[source]
-
value_range_retrieval
(ad_dn, ad_attrs, attr)[source]
-
univention.connector.ad.
ad2samba_time
(l)[source]
-
univention.connector.ad.
ad2unix_time
(l)[source]
-
univention.connector.ad.
compatible_addlist
(list)[source]
-
univention.connector.ad.
compatible_list
(list)[source]
-
univention.connector.ad.
compatible_modlist
(list)[source]
-
univention.connector.ad.
compatible_modstring
(string)[source]
-
univention.connector.ad.
decode_addlist
(list, encoding)[source]
-
univention.connector.ad.
decode_list
(list, encoding)[source]
-
univention.connector.ad.
decode_modlist
(list, encoding)[source]
-
univention.connector.ad.
decode_sid
(value)[source]
-
univention.connector.ad.
disable_user_from_ucs
(connector, key, object)[source]
-
univention.connector.ad.
disable_user_to_ucs
(connector, key, object)[source]
-
univention.connector.ad.
encode_ad_object
(ad_object)[source]
-
univention.connector.ad.
encode_ad_result
(ad_result)[source]
encode an result from an python-ldap search
-
univention.connector.ad.
encode_ad_resultlist
(ad_resultlist)[source]
encode an result from an python-ldap search
-
univention.connector.ad.
encode_addlist
(list, encoding)[source]
-
univention.connector.ad.
encode_attrib
(attrib)[source]
-
univention.connector.ad.
encode_attriblist
(attriblist)[source]
-
univention.connector.ad.
encode_list
(list, encoding)[source]
-
univention.connector.ad.
encode_modlist
(list, encoding)[source]
-
univention.connector.ad.
encode_object_sid
(sid_string, encode_in_base64=True)[source]
-
univention.connector.ad.
encode_sid
(value)[source]
-
univention.connector.ad.
explode_unicode_dn
(dn, notypes=0)[source]
-
univention.connector.ad.
format_escaped
(format_string, *args, **kwargs)[source]
Convenience-wrapper arround LDAPEscapeFormatter.
Use !e do denote format-field that should be escaped using
ldap.filter.escape_filter_chars()‘
>>> format_escaped("{0!e}", "*")
'\2a'
-
univention.connector.ad.
group_dn_mapping
(connector, given_object, dn_mapping_stored, isUCSobject)[source]
map dn of given group using the samaccountname/cn
connector is an instance of univention.connector.ad, given_object an object-dict,
dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file
-
univention.connector.ad.
group_members_sync_from_ucs
(connector, key, object)[source]
-
univention.connector.ad.
group_members_sync_to_ucs
(connector, key, object)[source]
-
exception
univention.connector.ad.
kerberosAuthenticationFailed
[source]
Bases: exceptions.Exception
-
exception
univention.connector.ad.
netbiosDomainnameNotFound
[source]
Bases: exceptions.Exception
-
univention.connector.ad.
object_memberships_sync_from_ucs
(connector, key, object)[source]
-
univention.connector.ad.
object_memberships_sync_to_ucs
(connector, key, object)[source]
-
univention.connector.ad.
old_user_dn_mapping
(connector, given_object)[source]
-
univention.connector.ad.
primary_group_sync_from_ucs
(connector, key, object)[source]
-
univention.connector.ad.
primary_group_sync_to_ucs
(connector, key, object)[source]
-
univention.connector.ad.
samaccountname_dn_mapping
(connector, given_object, dn_mapping_stored, ucsobject, propertyname, propertyattrib, ocucs, ucsattrib, ocad, dn_attr=None)[source]
map dn of given object (which must have an samaccountname in AD)
ocucs and ocad are objectclasses in UCS and AD
-
univention.connector.ad.
samba2ad_time
(l)[source]
-
univention.connector.ad.
set_univentionObjectFlag_to_synced
(connector, key, ucs_object)[source]
-
univention.connector.ad.
set_userPrincipalName_from_ucr
(connector, key, object)[source]
-
univention.connector.ad.
unicode_list
(list, encoding)[source]
-
univention.connector.ad.
unix2ad_time
(l)[source]
-
univention.connector.ad.
user_dn_mapping
(connector, given_object, dn_mapping_stored, isUCSobject)[source]
map dn of given user using the samaccountname/uid
connector is an instance of univention.connector.ad, given_object an object-dict,
dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file
-
univention.connector.ad.
windowscomputer_dn_mapping
(connector, given_object, dn_mapping_stored, isUCSobject)[source]
map dn of given windows computer using the samaccountname/uid
connector is an instance of univention.connector.ad, given_object an object-dict,
dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file
Submodules
univention.connector.ad.main module
univention.connector.ad.mapping module
-
univention.connector.ad.mapping.
ignore_filter_from_tmpl
(template, ucr_key, default='')[source]
Construct an ignore_filter from a ucr_key
(connector/ad/mapping/*/ignorelist, a comma delimited list of values), as
specified by template while correctly escaping the filter-expression.
template must be formatted as required by format_escaped.
>>> ignore_filter_from_tmpl('(cn={0!e})',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
-
univention.connector.ad.mapping.
ignore_filter_from_attr
(attribute, ucr_key, default='')[source]
Convenience-wrapper around ignore_filter_from_tmpl().
This expects a single attribute instead of a template argument.
>>> ignore_filter_from_attr('cn',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
-
univention.connector.ad.mapping.
ucs2ad_sid
(connector, key, object)[source]
-
univention.connector.ad.mapping.
ad2ucs_sid
(connector, key, object)[source]
-
univention.connector.ad.mapping.
ucs2ad_givenName
(connector, key, object)[source]
-
univention.connector.ad.mapping.
ad2ucs_givenName
(connector, key, object)[source]
-
univention.connector.ad.mapping.
ucs2ad_dn_string
(dn)[source]
-
univention.connector.ad.mapping.
ucs2ad_dn
(connector, key, object)[source]
-
univention.connector.ad.mapping.
ad2ucs_dn_string
(dn)[source]
-
univention.connector.ad.mapping.
ad2ucs_dn
(connector, key, object)[source]
-
univention.connector.ad.mapping.
ucs2ad_user_dn
(connector, key, object)[source]
-
univention.connector.ad.mapping.
ad2ucs_user_dn
(connector, key, object)[source]
-
univention.connector.ad.mapping.
ucs2ad_sambaGroupType
(connector, key, object)[source]
-
univention.connector.ad.mapping.
ad2ucs_sambaGroupType
(connector, key, object)[source]
univention.connector.ad.password module
-
univention.connector.ad.password.
nt_password_to_arcfour_hmac_md5
(nt_password)[source]
-
univention.connector.ad.password.
transformKey
(InputKey)[source]
-
univention.connector.ad.password.
mySamEncryptNTLMHash
(hash, key)[source]
-
univention.connector.ad.password.
deriveKey
(baseKey)[source]
-
univention.connector.ad.password.
removeDESLayer
(cryptedHash, rid)[source]
-
univention.connector.ad.password.
decrypt
(key, data, rid)[source]
-
univention.connector.ad.password.
calculate_krb5keys
(supplementalCredentialsblob)[source]
-
univention.connector.ad.password.
set_password_in_ad
(connector, samaccountname, pwd, reconnect=False)[source]
-
univention.connector.ad.password.
decrypt_supplementalCredentials
(connector, spl_crypt)[source]
-
univention.connector.ad.password.
get_password_from_ad
(connector, user_dn, reconnect=False)[source]
-
univention.connector.ad.password.
password_sync_ucs
(connector, key, object)[source]
-
univention.connector.ad.password.
password_sync_kinit
(connector, key, ucs_object)[source]
-
univention.connector.ad.password.
password_sync
(connector, key, ucs_object)[source]
univention.connector.ad.proxyAddresses module
-
univention.connector.ad.proxyAddresses.
valid_mailaddress
(val)[source]
-
univention.connector.ad.proxyAddresses.
equal
(values1, values2)[source]
This is called in these two ways:
1. in sync_from_ucs: values1 are mapped ucs and values2 are con
2. in __set_values: values1 are ucs and values2 are mapped con
-
univention.connector.ad.proxyAddresses.
to_proxyAddresses
(s4connector, key, object)[source]
-
univention.connector.ad.proxyAddresses.
to_mailPrimaryAddress
(s4connector, key, object)[source]
-
univention.connector.ad.proxyAddresses.
to_mailAlternativeAddress
(s4connector, key, object)[source]
-
univention.connector.ad.proxyAddresses.
merge_ucs2con
(mapped_ucs_values, old_con_values=None)[source]
univention.connector.ad.query_config module
-
univention.connector.ad.query_config.
fixup
(s)[source]