univention.connector.ad package

exception univention.connector.ad.kerberosAuthenticationFailed[source]

Bases: exceptions.Exception

exception univention.connector.ad.netbiosDomainnameNotFound[source]

Bases: exceptions.Exception

univention.connector.ad.activate_user(connector, key, object)[source]
univention.connector.ad.set_univentionObjectFlag_to_synced(connector, key, ucs_object)[source]
univention.connector.ad.group_members_sync_from_ucs(connector, key, object)[source]
univention.connector.ad.object_memberships_sync_from_ucs(connector, key, object)[source]
univention.connector.ad.group_members_sync_to_ucs(connector, key, object)[source]
univention.connector.ad.object_memberships_sync_to_ucs(connector, key, object)[source]
univention.connector.ad.primary_group_sync_from_ucs(connector, key, object)[source]
univention.connector.ad.primary_group_sync_to_ucs(connector, key, object)[source]
univention.connector.ad.disable_user_from_ucs(connector, key, object)[source]
univention.connector.ad.set_userPrincipalName_from_ucr(connector, key, object)[source]
univention.connector.ad.disable_user_to_ucs(connector, key, object)[source]
univention.connector.ad.encode_attrib(attrib)[source]
univention.connector.ad.encode_attriblist(attriblist)[source]
univention.connector.ad.encode_ad_object(ad_object)[source]
univention.connector.ad.encode_ad_result(ad_result)[source]

encode an result from an python-ldap search

univention.connector.ad.encode_ad_resultlist(ad_resultlist)[source]

encode an result from an python-ldap search

univention.connector.ad.unix2ad_time(l)[source]
univention.connector.ad.ad2unix_time(l)[source]
univention.connector.ad.samba2ad_time(l)[source]
univention.connector.ad.ad2samba_time(l)[source]
univention.connector.ad.samaccountname_dn_mapping(connector, given_object, dn_mapping_stored, ucsobject, propertyname, propertyattrib, ocucs, ucsattrib, ocad, dn_attr=None)[source]

map dn of given object (which must have an samaccountname in AD) ocucs and ocad are objectclasses in UCS and AD

univention.connector.ad.user_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given user using the samaccountname/uid connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.group_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given group using the samaccountname/cn connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.windowscomputer_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given windows computer using the samaccountname/uid connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.old_user_dn_mapping(connector, given_object)[source]
univention.connector.ad.decode_sid(value)[source]
univention.connector.ad.encode_sid(value)[source]
univention.connector.ad.encode_object_sid(sid_string, encode_in_base64=True)[source]
univention.connector.ad.encode_list(list, encoding)[source]
univention.connector.ad.decode_list(list, encoding)[source]
univention.connector.ad.unicode_list(list, encoding)[source]
univention.connector.ad.encode_modlist(list, encoding)[source]
univention.connector.ad.decode_modlist(list, encoding)[source]
univention.connector.ad.encode_addlist(list, encoding)[source]
univention.connector.ad.decode_addlist(list, encoding)[source]
univention.connector.ad.compatible_list(list)[source]
univention.connector.ad.compatible_modlist(list)[source]
univention.connector.ad.compatible_addlist(list)[source]
univention.connector.ad.compatible_modstring(string)[source]
univention.connector.ad.explode_unicode_dn(dn, notypes=0)[source]
class univention.connector.ad.LDAPEscapeFormatter[source]

Bases: string.Formatter

A custom string formatter that supports a special e conversion, to employ the function ldap.filter.escape_filter_chars() on the given value.

>>> LDAPEscapeFormatter().format("{0}", "*")
'*'
>>> LDAPEscapeFormatter().format("{0!e}", "*")
'\2a'

Unfortunately this does not support the key/index-less variant (see http://bugs.python.org/issue13598).

>>> LDAPEscapeFormatter().format("{!e}", "*")
Traceback (most recent call last):
KeyError: ''
convert_field(value, conversion)[source]
univention.connector.ad.format_escaped(format_string, *args, **kwargs)[source]

Convenience-wrapper arround LDAPEscapeFormatter.

Use !e do denote format-field that should be escaped using ldap.filter.escape_filter_chars()

>>> format_escaped("{0!e}", "*")
'\2a'
class univention.connector.ad.Simple_AD_Connection(CONFIGBASENAME, ucr, host, port, base, binddn, bindpw, certificate)[source]

stripped down univention.connector.ad.ad class difference: accept “bindpwd” directly instead of “bindpw” filename difference: don’t require mapping difference: Skip init_group_cache code (i.e. use init_group_cache=False) difference: don’t use TLS

class univention.connector.ad.ad(CONFIGBASENAME, property, baseConfig, ad_ldap_host, ad_ldap_port, ad_ldap_base, ad_ldap_binddn, ad_ldap_bindpw, ad_ldap_certificate, listener_dir, init_group_cache=True)[source]

Bases: univention.connector.ucs

range_retrieval_pattern = <_sre.SRE_Pattern object>
open_drs_connection()[source]
open_samr()[source]
get_kerberos_ticket()[source]
open_ad()[source]
encode(string)[source]
_get_lastUSN()[source]
get_lastUSN()[source]
_commit_lastUSN()[source]
_set_lastUSN(lastUSN)[source]
_get_DN_for_GUID(GUID)[source]
_set_DN_for_GUID(GUID, DN)[source]
_remove_GUID(GUID)[source]
_save_rejected(id, dn)[source]
_get_rejected(id)[source]
_remove_rejected(id)[source]
_list_rejected()[source]
list_rejected()[source]
save_rejected(object)[source]

save object as rejected

remove_rejected(object)[source]

remove object from rejected

addToCreationList(dn)[source]
removeFromCreationList(dn)[source]
isInCreationList(dn)[source]
parse_range_retrieval_attrs(ad_attrs, attr)[source]
value_range_retrieval(ad_dn, ad_attrs, attr)[source]
get_ad_members(ad_dn, ad_attrs)[source]
get_object(dn, attrlist=None)[source]
_get_from_root_dse(attributes=[])[source]

Get attributes from the rootDSE from AD.

set_primary_group_to_ucs_user(object_key, object_ucs)[source]

check if correct primary group is set to a fresh UCS-User

primary_group_sync_from_ucs(key, object)[source]

sync primary group of an ucs-object to ad

primary_group_sync_to_ucs(key, object)[source]

sync primary group of an ad-object to ucs

object_memberships_sync_from_ucs(key, object)[source]

sync group membership in AD if object was changend in UCS

group_members_sync_from_ucs(key, object)[source]

sync groupmembers in AD if changend in UCS

object_memberships_sync_to_ucs(key, object)[source]

sync group membership in UCS if object was changend in AD

one_group_member_sync_to_ucs(ucs_group_object, object)[source]

sync groupmembers in UCS if changend one member in AD

one_group_member_sync_from_ucs(ad_group_object, object)[source]

sync groupmembers in AD if changend one member in AD

group_members_sync_to_ucs(key, object)[source]

sync groupmembers in UCS if changend in AD

set_userPrincipalName_from_ucr(key, object)[source]
_ad__check_base64(string)
_ad__compare_lowercase(dn, dn_list)

Checks if dn is in dn_list

_ad__dn_from_deleted_object(object, GUID)

gets dn for deleted object (original dn before the object was moved into the deleted objects container)

_ad__encode_GUID(GUID)
_ad__get_change_usn(object)

get change usn as max(uSNCreated,uSNChanged)

_ad__get_highestCommittedUSN()

get highestCommittedUSN stored in AD

_ad__group_cache_con_append_member(group, member)
_ad__group_cache_ucs_append_member(group, member)
_ad__identify(object)
_ad__object_from_element(element)

gets an object from an LDAP-element, implements necessary mapping

_ad__search_ad(base=None, scope=2, filter='', attrlist=[], show_deleted=False)

search ad

_ad__search_ad_changeUSN(changeUSN, show_deleted=True, filter='')

search ad for change with id

_ad__search_ad_changes(show_deleted=False, filter='')

search ad for changes since last update (changes greater lastUSN)

_ad__update_lastUSN(object)

Update der lastUSN

disable_user_from_ucs(key, object)[source]
disable_user_to_ucs(key, object)[source]
initialize()[source]
resync_rejected()[source]

tries to resync rejected dn

poll(show_deleted=True)[source]

poll for changes in AD

sync_from_ucs(property_type, object, pre_mapped_ucs_dn, old_dn=None, old_ucs_object=None)[source]
_get_objectGUID(dn)[source]
delete_in_ad(object)[source]

Submodules

univention.connector.ad.main module

univention.connector.ad.mapping module

univention.connector.ad.mapping.ignore_filter_from_tmpl(template, ucr_key, default='')[source]

Construct an ignore_filter from a ucr_key (connector/ad/mapping/*/ignorelist, a comma delimited list of values), as specified by template while correctly escaping the filter-expression.

template must be formatted as required by format_escaped.

>>> ignore_filter_from_tmpl('(cn={0!e})',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
univention.connector.ad.mapping.ignore_filter_from_attr(attribute, ucr_key, default='')[source]

Convenience-wrapper arround ignore_filter_from_tmpl().

This expects a single attribute instead of a template argument.

>>> ignore_filter_from_attr('cn',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
univention.connector.ad.mapping.ucs2ad_sid(connector, key, object)[source]
univention.connector.ad.mapping.ad2ucs_sid(connector, key, object)[source]
univention.connector.ad.mapping.ucs2ad_givenName(connector, key, object)[source]
univention.connector.ad.mapping.ad2ucs_givenName(connector, key, object)[source]
univention.connector.ad.mapping.ucs2ad_dn_string(dn)[source]
univention.connector.ad.mapping.ucs2ad_dn(connector, key, object)[source]
univention.connector.ad.mapping.ad2ucs_dn_string(dn)[source]
univention.connector.ad.mapping.ad2ucs_dn(connector, key, object)[source]
univention.connector.ad.mapping.ucs2ad_user_dn(connector, key, object)[source]
univention.connector.ad.mapping.ad2ucs_user_dn(connector, key, object)[source]
univention.connector.ad.mapping.ucs2ad_sambaGroupType(connector, key, object)[source]
univention.connector.ad.mapping.ad2ucs_sambaGroupType(connector, key, object)[source]

univention.connector.ad.password module

univention.connector.ad.password.nt_password_to_arcfour_hmac_md5(nt_password)[source]
univention.connector.ad.password.transformKey(InputKey)[source]
univention.connector.ad.password.mySamEncryptNTLMHash(hash, key)[source]
univention.connector.ad.password.deriveKey(baseKey)[source]
univention.connector.ad.password.removeDESLayer(cryptedHash, rid)[source]
univention.connector.ad.password.decrypt(key, data, rid)[source]
univention.connector.ad.password.set_password_in_ad(connector, samaccountname, pwd)[source]
univention.connector.ad.password.get_password_from_ad(connector, user_dn, reconnect=False)[source]
univention.connector.ad.password.password_sync_ucs(connector, key, object)[source]
univention.connector.ad.password.password_sync_kinit(connector, key, ucs_object)[source]
univention.connector.ad.password.password_sync(connector, key, ucs_object)[source]

univention.connector.ad.proxyAddresses module

univention.connector.ad.proxyAddresses.valid_mailaddress(val)[source]
univention.connector.ad.proxyAddresses.equal(values1, values2)[source]

This is called in these two ways: 1. in sync_from_ucs: values1 are mapped ucs and values2 are con 2. in __set_values: values1 are ucs and values2 are mapped con

univention.connector.ad.proxyAddresses.to_proxyAddresses(s4connector, key, object)[source]
univention.connector.ad.proxyAddresses.to_mailPrimaryAddress(s4connector, key, object)[source]
univention.connector.ad.proxyAddresses.to_mailAlternativeAddress(s4connector, key, object)[source]
univention.connector.ad.proxyAddresses.merge_ucs2con(mapped_ucs_values, old_con_values=None)[source]

univention.connector.ad.query_config module

univention.connector.ad.query_config.fixup(s)[source]