univention.management.console package

Submodules

univention.management.console.acl module

UMC ACL implementation

This module implements the UMC ACLs used to define the access rights for users and groups to the UMC service.

UMC ACLs are defined by creating UMC operation set objects that are added to UMC policies. These policies can be connected with users or groups.

An UMC operation set consists of a list of UMC command patterns like

udm/* objectType=nagios/*

This specifies that all commands hat match the pattern udm/* can be called if the option objectType is given and the value matches the pattern nagios/*.

Patterns for commands and options may just use the asterik and know no other wildcards. For options there is one additional format allowed to specify that the option may not exist. Therefor the following format is used

udm/* !objectType
class univention.management.console.acl.Rule[source]

Bases: dict

A simple class representing one ACL rule in a form that can be simply serialized.

fromUser

Returns True if the rule was connected with a user, otherwise False

host

Returns a hostname pattern. If the pattern matches the hostname the command is allowed on the host

command

Returns the command pattern this rule describes

options

Returns the option pattern for the rule

flavor

Returns the flavor if given otherwise None

class univention.management.console.acl.ACLs(ldap_base=None, acls=None)[source]

Bases: object

Provides methods to determine the access rights of users to specific UMC commands. It defines a cache for ACLs, a parser for command definitions of ACLs and functions for comparsion.

CACHE_DIR = '/var/cache/univention-management-console/acls'

defines the directory for the cache files

_systemroles = (<module 'univention.admin.handlers.computers.domaincontroller_master' from '/var/lib/jenkins/workspace/Mitarbeiter/phahn/UCS-API-Doc/py/univention/admin/handlers/computers/domaincontroller_master.py'>, <module 'univention.admin.handlers.computers.domaincontroller_backup' from '/var/lib/jenkins/workspace/Mitarbeiter/phahn/UCS-API-Doc/py/univention/admin/handlers/computers/domaincontroller_backup.py'>, <module 'univention.admin.handlers.computers.domaincontroller_slave' from '/var/lib/jenkins/workspace/Mitarbeiter/phahn/UCS-API-Doc/py/univention/admin/handlers/computers/domaincontroller_slave.py'>, <module 'univention.admin.handlers.computers.memberserver' from '/var/lib/jenkins/workspace/Mitarbeiter/phahn/UCS-API-Doc/py/univention/admin/handlers/computers/memberserver.py'>)

list of all supported computer types for ACL rules

_expand_hostlist(hostlist)[source]
_append(fromUser, ldap_object)[source]
_is_allowed(acls, command, hostname, options, flavor)[source]
is_command_allowed(command, hostname=None, options={}, flavor=None)[source]

This method verifies if the given command (with options and flavor) is on the named host allowed.

Parameters:
  • command (str) – the command to check access for
  • hostname (str) – FQDN of the host
  • options (dict) – the command options given in the UMCP request
  • flavor (str) – the flavor given in the UMCP request
Return type:

bool

_dump()[source]

Dumps the ACLs for the user

_read_from_file(username)[source]
_write_to_file(username)[source]
json()[source]

Returns the ACL definitions in a JSON compatible form.

MATCH_FULL = 2
MATCH_NONE = 0
MATCH_PART = 1
_ACLs__command_match(cmd1, cmd2)

if cmd1 == cmd2 return self.COMMAND_MATCH if cmd2 is part of cmd1 return self.COMMAND_PART if noting return self.COMMAND_NONE

_ACLs__compare_rules(rule1, rule2)

Hacky version of rule comparison

_ACLs__flavor_match(flavor1, flavor2)

if flavor1 == flavor2 or flavor1 is None or the pattern ‘*’ return self.COMMAND_MATCH if flavor2 is part of flavor1 return self.COMMAND_PART if noting return self.COMMAND_NONE

_ACLs__option_match(opt_pattern, opts)
_ACLs__parse_command(command)
class univention.management.console.acl.LDAP_ACLs(lo, username, ldap_base)[source]

Bases: univention.management.console.acl.ACLs

Reads ACLs from LDAP directory for the given username. By inheriting the class ACLs the ACL definitions can be cached on the local system. If the LDAP server can not be reached the cache is used if available.

FROM_USER = True
FROM_GROUP = False
_get_policy_for_dn(dn)[source]
_read_from_ldap()[source]

univention.management.console.auth module

class univention.management.console.auth.AuthenticationResult(result)[source]

Bases: object

class univention.management.console.auth.AuthHandler[source]

Bases: notifier.signals.Provider

_AuthHandler__authenticate_thread(username, password, new_password, **custom_prompts)
_AuthHandler__authentication_result(thread, result, request)
_AuthHandler__canonicalize_username(username)
authenticate(msg)[source]

univention.management.console.base module

Python API for UMC modules

The python API for UMC modules primary consists of one base class that must be implemented. As an addition the python API provides some helper functions and classes:

  • exception classes
  • translation support
  • logging functions
  • UCR access

The XML file defining the UMC module specifies functions for the commands provided by the module. These functions must be implemented as methods of a class named Instance that inherits Base.

The following python code example matches the definition in the previous section:

from univention.management.console import Translation
from univention.management.console.config import ucr
from univention.management.console.modules import Base
from univention.management.console.modules.decorators import sanitize
from univention.management.console.modules.sanitizers import IntegerSanitizer
from univention.management.console.log import MODULE

_ = Translation('univention-management-console-modules-udm').translate

class Instance(Base):

        @sanitize(end=IntegerSanitizer(minimum=0),)
        def query(self, request):
                end = request.options['end']
                result = list(range(end))
                self.finished(request.id, result)

Each command methods has one parameter that contains the UMCP request of type Request. Such an object has the following properties:

id
is the unique identifier of the request
options
contains the arguments for the command. For most commands it is a dictionary.
flavor
is the name of the flavor that was used to invoke the command. This might be None

The query method in the example above shows how to retrieve the command parameters and what to do to send the result back to the client. Important is that returning a value in a command function does not send anything back to the client. Therefor the function finished must be invoked. The first parameter is the identifier of the request that will be answered and the second parameter the data structure containing the result. As the result is converted to JSON it must just contain data types that can be converted.

The base class for modules provides some properties and methods that could be useful when writing UMC modules:

Properties * username: The username of the owner of this session * password: The password of the user * auth_type: The authentication method which was used to authenticate this user

Methods * init: Is invoked after the module process has been initialised. At that moment, the settings, like locale and username and password are available. * permitted: Can be used to determine if a specific UMCP command can be invoked by the current user. This method has two parameters: The ‘’command’’ name and the ‘’options’‘.

exception univention.management.console.base.UMC_OptionTypeError(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

deprecated, please use .sanitizers instead!

msg = 'An option has the wrong type.'
exception univention.management.console.base.UMC_OptionMissing(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

deprecated, please use .sanitizers instead!

msg = 'One or more options are missing.'
exception univention.management.console.base.UMC_CommandError(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

deprecated, please use .sanitizers instead!

msg = 'The command has failed.'
class univention.management.console.base.Base(domain='univention-management-console')[source]

Bases: notifier.signals.Provider, univention.lib.i18n.Translation

The base class for UMC modules of version 2 or higher

update_language(locales)[source]
set_locale(_locale)[source]
username
user_dn
password
acls
auth_type
init()[source]

this function is invoked after the initial UMCP SET command that passes the base configuration to the module process

destroy()[source]

this function is invoked before the module process is exiting.

execute(method, request, *args, **kwargs)[source]
_parse_accept_language(request)[source]

Parses language tokens from Accept-Language, transforms it into locale and set the language.

security_checks(request, function)[source]
thread_finished_callback(thread, result, request)[source]
error_handling(etype, exc, etraceback)[source]

Translate generic UDM exceptions back to LDAP exceptions.

Parameters:
  • etype – The exception class.
  • exc – The exception instance.
  • etraceback – The exception traceback instance; may be None.
default_response_headers()[source]
get_user_ldap_connection()[source]
bind_user_connection(lo)[source]
_Base__error_handling(request, method, etype, exc, etraceback)

Handle UMC exception.

As requests are processes by python-notifier in a separate thread, any exception only contains the traceback relative to the notifier thread. To make them more useable we want to combine them with the calling part to get a complete stack trace. This is complicated by the fact that python-notifier no longer stores the original traceback, as this creates a memory leak. Instead only the rendered traceback is stored.

Parameters:
  • request – The original UMC request.
  • method – The failed UMC command.
  • etype – The exception class.
  • exc – The exception instance.
  • etraceback – The exception traceback instance; may be None.
require_password()[source]
required_options(request, *options)[source]

Raises an UMC_OptionMissing exception if any of the given options is not found in request.options

Deprecated. Please use univention.management.console.modules.sanitizers

permitted(command, options, flavor=None)[source]
finished(id, response, message=None, success=True, status=None, mimetype=None, headers=None, error=None)[source]

Should be invoked by module to finish the processing of a request. ‘id’ is the request command identifier

result(response)[source]

univention.management.console.category module

Category definitions

The UMC server provides the possibility to define categories used to sort the available UMC modules into groups. Each module can be in as many groups as desired.

The category definitions are stored in XML files that structured as in the following example

<?xml version="1.0" encoding="UTF-8"?>
<umc version="2.0">
  <categories>
    <category id="id1">
      <name>Category 1</name>
    </category>
    <category id="id2">
      <name>Category 2 on {hostname}.{domainname}</name>
    </category>
  </categories>
</umc>

Each file can define several categories. For each of these categories an unique identifier and the english description must be specified. The translations are stored in extra po files that are generated by the UMC build tools.

Within the description of a category UCR variable names can be used that will be substituted by the value. Therefor the name of the variables must be given in curly braces {VARIABLE}.

class univention.management.console.category.XML_Definition(root=None, filename=None, domain=None)[source]

Bases: xml.etree.ElementTree.ElementTree

Represents a category definition.

name

Returns the descriptive name of the category

id

Returns the unique identifier of the category

icon
color
priority

Returns the priority of the category. If no priority is defined the default priority of -1 is returned. None is returned if the specified priority is not a valid float

Return type:float or None
json()[source]

Returns a JSON compatible representation of the category

Return type:dict
class univention.management.console.category.Manager[source]

Bases: dict

This class manages all available categories.

DIRECTORY = '/usr/share/univention-management-console/categories'
all()[source]
load()[source]

univention.management.console.config module

Configuration

Global configuration variables and objects for the UMC server.

This module provides a global ConfigRegistry instance ucr some constants that are used internally.

univention.management.console.config.get_int(variable, default)[source]

univention.management.console.error module

exception univention.management.console.error.UMC_Error(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: exceptions.Exception

with_traceback = False
msg = None
status = 400
exception univention.management.console.error.BadRequest(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

msg = 'Bad request'
status = 400
exception univention.management.console.error.Unauthorized(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

msg = 'Unauthorized'
status = 401
exception univention.management.console.error.Forbidden(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

msg = 'Forbidden'
status = 403
exception univention.management.console.error.NotFound(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

msg = 'Not found'
status = 404
exception univention.management.console.error.MethodNotAllowed(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

msg = 'Method not allowed'
status = 405
exception univention.management.console.error.NotAcceptable(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

status = 406
exception univention.management.console.error.UnprocessableEntity(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

status = 422
exception univention.management.console.error.ServerError(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

msg = 'Internal error'
status = 500
exception univention.management.console.error.BadGateway(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

status = 502
exception univention.management.console.error.ServiceUnavailable(message=None, status=None, result=None, headers=None, traceback=None)[source]

Bases: univention.management.console.error.UMC_Error

status = 503
exception univention.management.console.error.PasswordRequired[source]

Bases: univention.management.console.error.Unauthorized

exception univention.management.console.error.LDAP_ServerDown[source]

Bases: univention.management.console.error.UMC_Error

_error_msg()[source]
exception univention.management.console.error.LDAP_ConnectionFailed(exc)[source]

Bases: univention.management.console.error.LDAP_ServerDown

_error_msg()[source]

univention.management.console.ldap module

Decorators for common ldap functionality. Example usage:

@machine_connection(write=True) def foobar(self, ldap_connection=None, ldap_position=None):

return ldap_connection.search(‘uid=Administrator’)
def foobar():
def bind(lo):
lo.bind(‘Administrator’, ‘univention’)

lo, po = get_user_connection(bind=bind, write=True) return lo.search(‘uid=Administrator’)

univention.management.console.locales module

Locales

The translations provided by the UMC server are technically based on gettext library. As the server needs to provide translations for several different components that deliver their own translation files this module provides a simple way for the UMC server to get the required translations. Components that provide their own translation files:

  • the UMC core — python code directly imported by the UMC server
  • categories
  • module definitions
class univention.management.console.locales.I18N(locale=None, domain=None)[source]

Bases: object

Provides a translation function for a given language and translation domain.

Parameters:
  • locale (str) – the locale to provide
  • domain (str) – the translation domain to use
LOCALE_DIR = '/usr/share/univention-management-console/i18n/'
load(locale=None, domain=None)[source]

Tries to load the translation file specified by the given locale and domain. If the given locale could not be found the method tries to find the translation domain for the systems default locale. No translation is provided when this fails too.

Parameters:
  • locale (str) – the locale to provide
  • domain (str) – the translation domain to use
exists(message)[source]

Verifies if the translation file contains a translation for the given text.

Parameters:message (str) – the text to search for
Return type:bool
_(message)[source]

Translates the given text if a translation is available. Otherwise the given text is returned.

Parameters:message (str) – text to translate
Return type:str
class univention.management.console.locales.I18N_Manager[source]

Bases: dict

This class handles the I18N instances within an UMC session.

As the UMC server handles all sessions opened on a system that may all use a different language it uses one I18N_Manager per session.

set_locale(locale)[source]

Sets the locale to use within the I18N_Manager.

Parameters:locale (str) – locale to use
_(message, domain=None)[source]

Translates the given text. Therefor all known translation domains or if not None the given domain is searched for a translation.

Parameters:
  • message (str) – text to translation
  • domain (str) – translation domain

univention.management.console.log module

Logging

This module provides a wrapper for univention.debug

univention.management.console.log.COMPONENTS = (0, 1, 3, 4, 10, 16, 21, 19, 20, 17, 18, 15)

list of available debugging components

univention.management.console.log._reset_debug_loglevel()[source]
univention.management.console.log.log_init(filename, log_level=2)[source]

Initializes Univention debug.

Parameters:
  • filename (str) – The filename just needs to be a relative name. The directory /var/log/univention/ is prepended and the suffix ‘.log’ is appended.
  • log_level (int) – log level to use (1-4)
univention.management.console.log.log_set_level(level=0)[source]

Sets the log level for all components.

Parameters:level (int) – log level to set
univention.management.console.log.log_reopen()[source]

Reopenes the logfile and reset the current loglevel

class univention.management.console.log.ILogger(id)[source]

Bases: object

This class provides a simple interface to access the univention debug function for the given component.

Parameters:id (int) – id of the component to use
error(message)[source]

Write a debug message with level ERROR

warn(message)[source]

Write a debug message with level WARN

process(message)[source]

Write a debug message with level PROCESS

info(message)[source]

Write a debug message with level INFO

_ILogger__log(level, message, logger)

univention.management.console.module module

Module definitions

The UMC server does not load the python modules to get the details about the modules name, description and functionality. Therefore each UMC module must provide an XML file containing this kind of information.

The following example defines a module with the id udm

<?xml version="1.0" encoding="UTF-8"?>
<umc version="2.0">
        <module id="udm" icon="udm-module" version="1.0">
                <name>Univention Directory Manager</name>
                <description>Manages all UDM modules</description>
                <flavor icon="udm-users" id="users/user">
                        <name>Users</name>
                        <description>Managing users</description>
                </flavor>
                <categories>
                        <category name="domain" />
                </categories>
                <requiredCommands>
                        <requiredCommand name="udm/query" />
                </requiredCommands>
                <command name="udm/query" function="query" />
                <command name="udm/containers" function="containers" />
        </module>
</umc>

The module tag defines the basic details of a UMC module

id
This identifier must be unique among the modules of an UMC server. Other files may extend the definition of a module by adding more flavors or categories.
icon
The value of this attribute defines an identifier for the icon that should be used for the module. Details for installing icons can be found in the section chapter-packaging

The child elements name and description define the English human readable name and description of the module. For other translations the build tools will create translation files. Details can be found in the section chapter-packaging.

This example defines a so called flavor. A flavor defines a new name, description and icon for the same UMC module. This can be used to show several”virtual” modules in the overview of the web frontend. Additionally the flavor is passed to the UMC server with each request i.e. the UMC modul has the possibility to act differently for a specific flavor.

As the next element categories is defined in the example. The child elements category set the categories wthin the overview where the module should be shown. Each module can be more than one category. The attribute name is to identify the category internally. The UMC server brings a set of pre-defined categories:

favorites
This category is intended to be filled by the user herself.
system
Tools manipulating the system itself (e.g. software installation) should go in here.

At the end of the definition file a list of commands is specified. The UMC server only passes commands to a UMC module that are defined. A command definition has two attributes:

name
is the name of the command that is passed to the UMC module. Within the UMCP message it is the first argument after the UMCP COMMAND.
function
defines the method to be invoked within the python module when the command is called.
keywords
defined keywords for the module to ensure searchability

The translations are stored in extra po files that are generated by the UMC build tools.

class univention.management.console.module.Command(name='', method=None, allow_anonymous=False)[source]

Bases: univention.management.console.tools.JSON_Object

Represents a UMCP command handled by a module

SEPARATOR = '/'
fromJSON(json)[source]
class univention.management.console.module.Flavor(id='', icon='', name='', description='', overwrites=None, deactivated=False, priority=-1, translationId=None, keywords=None, categories=None, required_commands=None, version=None, hidden=False)[source]

Bases: univention.management.console.tools.JSON_Object

Defines a flavor of a module. This provides another name and icon in the overview and may influence the behaviour of the module.

merge(other)[source]
class univention.management.console.module.Module(id='', name='', url='', description='', icon='', categories=None, flavors=None, commands=None, priority=-1, keywords=None, translationId=None, required_commands=None, version=None)[source]

Bases: univention.management.console.tools.JSON_Object

Represents a command attribute

fromJSON(json)[source]
append_flavors(flavors)[source]
merge_flavors(other_flavors)[source]
merge(other)[source]

merge another Module object into current one

Bases: univention.management.console.module.Module

class univention.management.console.module.XML_Definition(root=None, filename=None)[source]

Bases: xml.etree.ElementTree.ElementTree

container for the interface description of a module

name
version
url
description
keywords
id
priority
translationId
notifier
icon
deactivated
flavors

Retrieve list of flavor objects

categories
commands()[source]

Generator to iterate over the commands

get_module()[source]
get_flavor(name)[source]

Retrieves details of a flavor

get_command(name)[source]

Retrieves details of a command

class univention.management.console.module.Manager[source]

Bases: dict

Manager of all available modules

DIRECTORY = '/usr/share/univention-management-console/modules'
modules()[source]

Returns list of module names

load()[source]

Loads the list of available modules. As the list is cleared before, the method can also be used for reloading

is_command_allowed(acls, command, hostname=None, options={}, flavor=None)[source]
permitted_commands(hostname, acls)[source]

Retrieves a list of all modules and commands available according to the ACLs (instance of LDAP_ACLs)

{ id : Module, ... }

module_providing(modules, command)[source]

Searches a dictionary of modules (as returned by permitted_commands) for the given command. If found, the id of the module is returned, otherwise None

univention.management.console.pam module

exception univention.management.console.pam.AuthenticationError[source]

Bases: exceptions.Exception

exception univention.management.console.pam.AuthenticationFailed[source]

Bases: univention.management.console.pam.AuthenticationError

exception univention.management.console.pam.AuthenticationInformationMissing(message, missing_prompts)[source]

Bases: univention.management.console.pam.AuthenticationError

exception univention.management.console.pam.AccountExpired[source]

Bases: univention.management.console.pam.AuthenticationError

exception univention.management.console.pam.PasswordExpired[source]

Bases: univention.management.console.pam.AuthenticationError

exception univention.management.console.pam.PasswordChangeFailed[source]

Bases: univention.management.console.pam.AuthenticationError

class univention.management.console.pam.PamAuth(locale=None)[source]

Bases: object

known_errors = {'Insufficient Password Quality': 'The password is too simple.', ': it is too simplistic/systematic': 'The password is too simple.', 'Password already used': 'The password was already used.', 'Bad: new password must be different than the old one': 'The password was already used.', 'Schlechtes Passwort: Es basiert auf einem (umgekehrten) W\xc3\xb6rterbucheintrag': 'The password is based on a dictionary word.', ': Es ist zu einfach/systematisch': 'The password is too simple.', 'Bad: new and old password are too similar': 'The password is too similar to the old one.', ': Password already used': 'The password was already used.', ': Password is too short': 'The password is too short.', 'is the same as the old one': 'The password was already used.', ': Es ist zu kurz': 'The password is too short.', 'Schlechtes Passwort: Es basiert auf einem W\xc3\xb6rterbucheintrag': 'The password is based on a dictionary word.', 'Schlechtes Passwort: ist ein Palindrome': 'The password is a palindrome.', ': Es basiert auf einem W\xc3\xb6rterbucheintrag': 'The password is based on a dictionary word.', 'is a palindrome': 'The password is a palindrome.', 'Schlechtes Passwort: Es basiert auf einem (umgekehrten) W\xf6rterbucheintrag': 'The password is based on a dictionary word.', 'Schlechtes Passwort: Es basiert auf einem W?rterbucheintrag': 'The password is based on a dictionary word.', 'Passwort nicht ge\xe4ndert': 'The password was already used.', 'password unchanged': 'The password was already used.', 'Password does not meet complexity requirements': 'The password is too simple.', 'Password Insufficient': 'The password is too simple.', ': Es ist VIEL zu kurz': 'The password is too short.', 'Passwort nicht ge\xc3\xa4ndert': 'The password was already used.', 'You must choose a longer passwordPassword Too Short': 'The password is too short.', 'is too simple': 'The password is too simple.', ': Es enth\xc3\xa4lt nicht genug unterschiedliche Zeichen': 'The password does not contain enough different characters.', 'is too similar to the old one': 'The password is too similar to the old one.', 'Schlechtes Passwort: ist dem alten zu \xe4hnlich': 'The password is too similar to the old one.', <_sre.SRE_Pattern object>: 'The password was already used.', 'Error: Password does not meet complexity requirements': 'The password is too simple.', 'Password is too short': 'The password is too short.', ': is a palindrome': 'The password is a palindrome.', 'Password change rejected, password changes may not be permitted on this account, or the minimum password age may not have elapsed.': 'The minimum password age is not reached yet.', 'Bad: new password is too simple': 'The password is too simple.', 'contains too long of a monotonic character sequence': 'The password does not contain enough different characters.', 'Password has been already used. Choose another.': 'The password was already used.', <_sre.SRE_Pattern object>: 'The password is too short.', 'Schlechtes Passwort: wurde gedreht': 'The password is a palindrome.', 'BAD PASSWORD: it is WAY too short': 'The password is too short.', 'Schlechtes Passwort: Es ist zu kurz': 'The password is too short.', "Password doesn't meet complexity requirement.": 'The password is too simple.', <_sre.SRE_Pattern object>: 'The password is too short.', 'Bad: new password is just a wrapped version of the old one': 'The password is too similar to the old one.', ': it does not contain enough DIFFERENT characters': 'The password does not contain enough different characters.', 'is rotated': 'The password was already used.', 'Schlechtes Passwort: ist dem alten zu ?hnlich': 'The password is too similar to the old one.', 'BAD PASSWORD: is too simple': 'The password is too simple.', 'case changes only': 'The password is too similar to the old one.', 'You must wait longer to change your password': 'The minimum password age is not reached yet.', <_sre.SRE_Pattern object>: 'The password was already used.', 'Schlechtes Passwort: Es basiert auf einem (umgekehrten) W?rterbucheintrag': 'The password is based on a dictionary word.', 'Bad: new and old password must differ by more than just case': 'The password is too similar to the old one.', "The passwort didn't pass quality check": 'The password is too simple.', ': Password does not meet complexity requirements': 'The password is too simple.', ': it is WAY too short': 'The password is too short.', 'Password has been already used.': 'The password was already used.', 'Schlechtes Passwort: Es basiert auf einem W\xf6rterbucheintrag': 'The password is based on a dictionary word.', ': it is based on a dictionary word': 'The password is based on a dictionary word.', 'Schlechtes Passwort: ist dem alten zu \xc3\xa4hnlich': 'The password is too similar to the old one.', 'not enough character classes': 'The password does not contain enough different characters.', 'contains too many same characters consecutively': 'The password does not contain enough different characters.', 'Unable to reach any changepw server in realm %s': 'Make sure the kerberos service is functioning or inform an Administrator.', 'Bad: new password cannot be a palindrome': 'The password is a palindrome.', 'Schlechtes Passwort: Es ist VIEL zu kurz': 'The password is too short.', 'Schlechtes Passwort: ist zu einfach': 'The password is too simple.', 'Password Too Young': 'The minimum password age is not reached yet.'}
custom_prompts = ('OTP',)
authenticate(username, password, **answers)[source]
change_password(username, old_password, new_password)[source]
init()[source]
start(username, data)[source]
conversation(auth, query_list, data)[source]
_conversation(auth, query_list, data)[source]
_parse_error_message_from(pam_err, prompts)[source]
error_message(pam_err)[source]
_parse_password_change_fail_reason(prompt)[source]

univention.management.console.resources module

univention.management.console.tools module

class univention.management.console.tools.JSON_Object[source]

Bases: object

Converts Python object into JSON compatible data structures. Types like lists, tuples and dictionary are converted directly. If none of these types matches the method tries to convert the attributes of the object and generate a dict to represent it.

_json_list(obj)[source]
_json_dict(obj)[source]
json()[source]
class univention.management.console.tools.JSON_List[source]

Bases: list, univention.management.console.tools.JSON_Object

class univention.management.console.tools.JSON_Dict[source]

Bases: dict, univention.management.console.tools.JSON_Object

univention.management.console.tools.locale_get()[source]

Get locale name for messages. If no specific locale is set for process the default setting is returned.