Attachment #10205 for bug #50361

View | Details | Raw Unified | Return to bug 50361
Collapse All | Expand All

Lines 626-632 s4_mapping = { Link Here

(-)a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py (-1 / +1 lines)
626	scope='sub',	626	scope='sub',
627	con_search_filter='(\|(objectClass=dnsNode)(objectClass=dnsZone))',	627	con_search_filter='(\|(objectClass=dnsNode)(objectClass=dnsZone))',
628	dn_mapping_function=[univention.s4connector.s4.dns.dns_dn_mapping],	628	dn_mapping_function=[univention.s4connector.s4.dns.dns_dn_mapping],
629	ignore_filter=ignore_filter_from_attr('dc', 'connector/s4/mapping/dns/ignorelist'),	629	ignore_filter=ignore_filter_from_attr(['dc', 'relativeDomainName'], 'connector/s4/mapping/dns/ignorelist'),
630	ignore_subtree=global_ignore_subtree,	630	ignore_subtree=global_ignore_subtree,
631	con_sync_function=univention.s4connector.s4.dns.ucs2con,	631	con_sync_function=univention.s4connector.s4.dns.ucs2con,
632	ucs_sync_function=univention.s4connector.s4.dns.con2ucs,	632	ucs_sync_function=univention.s4connector.s4.dns.con2ucs,




							   connector/s4/mapping/group/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Enterprise Domain Controllers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self,Console Logon" \
							   connector/s4/mapping/group/table/Printer-Admins?"Print Operators" \
							   connector/s4/mapping/container/ignorelist?"mail,kerberos,MicrosoftDNS" \
							   connector/s4/mapping/dns/ignorelist?"_ldap._tcp.Default-First-Site-Name._site,_msdcs"

if [ ! -d /var/lib/univention-connector/s4 ]; then
	mkdir -p /var/lib/univention-connector/s4

		fi
	fi

	# Bug 43397 - cleanup wrong formatted connector/s4/mapping/dns/ignorelist
	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 11.0.6-4 ; then
		ucr set connector/s4/mapping/dns/ignorelist=$(echo "$connector_s4_mapping_dns_ignorelist" | sed -e 's/^DC=//i' -e 's/,DC=/,/gi')
      ucr set connector/s4/mapping/dns/ignorelist=$(echo "$connector_s4_mapping_dns_ignorelist" | sed -e 's/^DC=//i' -e 's/,DC=/,/gi')
	fi

	# Bug 44333

	if [ "$skip_final_restart" != "true" ]; then
		/etc/init.d/univention-s4-connector restart
	fi

	# Bug 50361 - don't sync the _msdcs DNS glue record
	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 13.0.2-53; then
		ucr set connector/s4/mapping/dns/ignorelist="${connector_s4_mapping_dns_ignorelist},_msdcs"
	fi
fi

exit 0




	return ''


def ignore_filter_from_attr(ldap_attributes, ucr_key, default=''):
	"""
	Convenience-wrapper around `ignore_filter_from_tmpl()`.


	... 'one,two,three')
	'(|(cn=one)(cn=two)(cn=three))'
	"""
	if type(ldap_attributes) != list:
		ldap_attributes = [ldap_attributes]

	template_parts = []
	for attribute in ldap_attributes:
		template_parts.append('({}={{0!e}})'.format(attribute))
	template = ''.join(template_parts)

	return ignore_filter_from_tmpl(template, ucr_key, default)



Return to bug 50361

Lines 75-81 univention-config-registry set connector/s4/listener/dir?/var/lib/univention-con Link Here

(-)a/services/univention-s4-connector/debian/univention-s4-connector.postinst (-4 / +8 lines)
75	connector/s4/mapping/group/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Enterprise Domain Controllers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self,Console Logon" \	75	connector/s4/mapping/group/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Enterprise Domain Controllers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self,Console Logon" \
76	connector/s4/mapping/group/table/Printer-Admins?"Print Operators" \	76	connector/s4/mapping/group/table/Printer-Admins?"Print Operators" \
77	connector/s4/mapping/container/ignorelist?"mail,kerberos,MicrosoftDNS" \	77	connector/s4/mapping/container/ignorelist?"mail,kerberos,MicrosoftDNS" \
78	connector/s4/mapping/dns/ignorelist?"_ldap._tcp.Default-First-Site-Name._site"	78	connector/s4/mapping/dns/ignorelist?"_ldap._tcp.Default-First-Site-Name._site,_msdcs"
79		79
80	if [ ! -d /var/lib/univention-connector/s4 ]; then	80	if [ ! -d /var/lib/univention-connector/s4 ]; then
81	mkdir -p /var/lib/univention-connector/s4	81	mkdir -p /var/lib/univention-connector/s4
Lines 159-168 if [ -x /etc/init.d/univention-s4-connector ] && [ -f /usr/share/univention-join Link Here
159	fi	159	fi
160	fi	160	fi
161		161
162	# Bug 43397	162	# Bug 43397 - cleanup wrong formatted connector/s4/mapping/dns/ignorelist
163	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 11.0.6-4 ; then	163	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 11.0.6-4 ; then
164	# cleanup wrong formatted `connector/s4/mapping/dns/ignorelist`	164	ucr set connector/s4/mapping/dns/ignorelist=$(echo "$connector_s4_mapping_dns_ignorelist" \| sed -e 's/^DC=//i' -e 's/,DC=/,/gi')
165	ucr set connector/s4/mapping/dns/ignorelist=$(echo "$connector_s4_mapping_dns_ignorelist" \| sed -e 's/^DC=//i' -e 's/,DC=/,/gi')
166	fi	165	fi
167		166
168	# Bug 44333	167	# Bug 44333
Lines 198-203 if [ -x /etc/init.d/univention-s4-connector ] && [ -f /usr/share/univention-join Link Here
198	if [ "$skip_final_restart" != "true" ]; then	197	if [ "$skip_final_restart" != "true" ]; then
199	/etc/init.d/univention-s4-connector restart	198	/etc/init.d/univention-s4-connector restart
200	fi	199	fi
		200
		201	# Bug 50361 - don't sync the _msdcs DNS glue record
		202	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 13.0.2-53; then
		203	ucr set connector/s4/mapping/dns/ignorelist="${connector_s4_mapping_dns_ignorelist},_msdcs"
		204	fi
201	fi	205	fi
202		206
203	exit 0	207	exit 0

Lines 62-68 def ignore_filter_from_tmpl(template, ucr_key, default=''): Link Here

(-)a/services/univention-s4-connector/modules/univention/s4connector/s4/mapping.py (-2 / +9 lines)
62	return ''	62	return ''
63		63
64		64
65	def ignore_filter_from_attr(attribute, ucr_key, default=''):	65	def ignore_filter_from_attr(ldap_attributes, ucr_key, default=''):
66	"""	66	"""
67	Convenience-wrapper around `ignore_filter_from_tmpl()`.	67	Convenience-wrapper around `ignore_filter_from_tmpl()`.
68		68
Lines 73-79 def ignore_filter_from_attr(attribute, ucr_key, default=''): Link Here
73	... 'one,two,three')	73	... 'one,two,three')
74	'(\|(cn=one)(cn=two)(cn=three))'	74	'(\|(cn=one)(cn=two)(cn=three))'
75	"""	75	"""
76	template = '({}={{0!e}})'.format(attribute)	76	if type(ldap_attributes) != list:
		77	ldap_attributes = [ldap_attributes]
		78
		79	template_parts = []
		80	for attribute in ldap_attributes:
		81	template_parts.append('({}={{0!e}})'.format(attribute))
		82	template = ''.join(template_parts)
		83
77	return ignore_filter_from_tmpl(template, ucr_key, default)	84	return ignore_filter_from_tmpl(template, ucr_key, default)
78		85
79		86