Attachment #6610 for bug #34184




			'CN=DomainUpdates,CN=System,@%@connector/s4/ldap/base@%@',
			'CN=Password Settings Container,CN=System,@%@connector/s4/ldap/base@%@',
			'DC=RootDNSServers,CN=MicrosoftDNS,CN=System,@%@connector/s4/ldap/base@%@',
			'DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,@%@connector/s4/ldap/base@%@',
			'CN=File Replication Service,CN=System,@%@connector/s4/ldap/base@%@',
			'CN=RpcServices,CN=System,@%@connector/s4/ldap/base@%@',
			'CN=Meetings,CN=System,@%@connector/s4/ldap/base@%@',

				},

		),
@!@

sync_mode_dns = configRegistry.get('connector/s4/mapping/dns/syncmode')
if not sync_mode_dns:
	sync_mode_dns = configRegistry.get('connector/s4/mapping/syncmode')

if configRegistry.get('connector/s4/mapping/dns/position') == 'legacy':
	s4_dns_ldap_base = "CN=System,%s" % (configRegistry['connector/s4/ldap/base'],)
else:
	s4_dns_ldap_base = "DC=DomainDnsZones,%s" % (configRegistry['connector/s4/ldap/base'],)

dns_section = '''
	'dns': univention.s4connector.property (
			ucs_default_dn='cn=dns,%(ldap_base)s',
			con_default_dn='CN=MicrosoftDNS,%(s4_dns_ldap_base)s',
			ucs_module='dns/dns',
			
			identify=univention.s4connector.s4.dns.identify,
			sync_mode='%(sync_mode_dns)s',

			@!@
if configRegistry.get('connector/s4/mapping/dns/syncmode'):
	print "sync_mode='%s'," % configRegistry.get('connector/s4/mapping/dns/syncmode')
else:
	print "sync_mode='%s'," % configRegistry.get('connector/s4/mapping/syncmode')
@!@

			scope='sub',

			con_search_filter='(|(objectClass=dnsNode)(objectClass=dnsZone))',

			position_mapping = [( ',cn=dns,%(ldap_base)s', ',CN=MicrosoftDNS,%(s4_dns_ldap_base)s' )],
''' % {
	'ldap_base': configRegistry['ldap/base'],
	'sync_mode_dns': sync_mode_dns,
	's4_dns_ldap_base': s4_dns_ldap_base,
	}

@!@
ignore_filter = ''
for dns in configRegistry.get('connector/s4/mapping/dns/ignorelist', '').split(','):
	if dns:
		ignore_filter += '(%s)' % (dns)
if ignore_filter:
	dns_section = dns_section + '''
			ignore_filter='(|%s)',''' % ignore_filter

	dns_section = dns_section + '''
			ignore_subtree = global_ignore_subtree,
			
			con_sync_function = univention.s4connector.s4.dns.ucs2con,
			ucs_sync_function = univention.s4connector.s4.dns.con2ucs,

		),'''

print dns_section


if configRegistry.is_true('connector/s4/mapping/gpo', True):
	ignore_filter = ''
	for gpo in configRegistry.get('connector/s4/mapping/gpo/ignorelist', '').split(','):

Lines 109-114 Link Here

(-)debian/univention-s4-connector.postinst (+4 lines)
109	--filter "(objectClass=groupPolicyContainer)"	109	--filter "(objectClass=groupPolicyContainer)"
110	fi	110	fi
111		111
		112	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 9.0.16-11; then
		113	univention-config-registry set connector/s4/mapping/dns/position?'legacy'
		114	fi
		115
112	if [ "$skip_final_restart" != "true" ]; then	116	if [ "$skip_final_restart" != "true" ]; then
113	/etc/init.d/univention-s4-connector restart	117	/etc/init.d/univention-s4-connector restart
114	fi	118	fi

Lines 267-269 Link Here

(-)debian/univention-s4-connector.univention-config-registry-variables (+6 lines)
267	Description[en]=Group policies are stored in Group Policy Objects (GPOs) in the directory /var/lib/samba/sysvol/ on all Samba 4 domain controllers. The GPOs and the corresponding access rights are referenced in Samba 4 LDAP. If this option is activated, the access rights of the GPO references are synchronised to the UCS LDAP along with the references. If the variable is unset, the references are not synchronised.	267	Description[en]=Group policies are stored in Group Policy Objects (GPOs) in the directory /var/lib/samba/sysvol/ on all Samba 4 domain controllers. The GPOs and the corresponding access rights are referenced in Samba 4 LDAP. If this option is activated, the access rights of the GPO references are synchronised to the UCS LDAP along with the references. If the variable is unset, the references are not synchronised.
268	Type=bool	268	Type=bool
269	Categories=service-s4con	269	Categories=service-s4con
		270
		271	[connector/s4/mapping/dns/position]
		272	Description[de]=Diese Variable bestimmt die Basis-DN der DNS Objekte im Samba Verzeichnisdienst. Falls sie auf dem Wert 'legacy' steht, dann sucht der S4-Connector die DNS-Objekte unter CN=System statt unter DC=DomainDNSZones. Diese Variable sollte nur einmalig nach manueller Migration der DNS-Objekte angepasst werden, falls sie noch auf 'legacy' steht.
		273	Description[en]=This variable determins the base DN of DNS objects in the Samba directory service. When set to 'legacy', the S4 Connector searches DNS objects below CN=System instead of below DC=DomainDNSZones. This variable should only be modified once after manual migration of the DNS objects, if it still has the value 'legacy'.
		274	Type=str
		275	Categories=service-s4con




import univention.s4connector
import univention.debug2 as ud
from ldap.controls import LDAPControl
from ldap.controls import SimplePagedResultsControl, LDAPControl
from samba.dcerpc import security
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import misc


DECODE_IGNORELIST=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord']

LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
LDB_CONTROL_DOMAIN_SCOPE_OID = "1.2.840.113556.1.4.1339"
LDB_CONTROL_RELAX_OID = "1.3.6.1.4.1.4203.666.5.12"
LDB_CONTROL_PROVISION_OID = '1.3.6.1.4.1.7165.4.3.16'

# page results
PAGE_SIZE = 1000



		ud.debug(ud.LDAP, ud.INFO, 'add_primary_group_to_addlist: Set primary group to %s (rid) for %s' % (primary_group_rid, object.get('dn')))
		addlist.append(('primaryGroupID', [primary_group_rid]))
		LDB_CONTROL_RELAX_OID = '1.3.6.1.4.1.4203.666.5.12'
		serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))

def __is_groupType_local(groupType):


	ud.debug(ud.LDAP, ud.INFO, "groupType: %s" % groupType)
	if __is_groupType_local(groupType):
		LDB_CONTROL_RELAX_OID = '1.3.6.1.4.1.4203.666.5.12'
		serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))

		sambaSID = object.get('attributes', {}).get('sambaSID', [])[0]

def old_user_dn_mapping(s4connector, given_object):
	object = copy.deepcopy(given_object)

	ctrls = [LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1)]
	ctrls = [LDAPControl('1.2.840.113556.1.4.417',criticality=1)]
	samaccountname = ''

	if object.has_key('sAMAccountName'):

			ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4 GUID'")
			self.config.add_section('S4 GUID')
		try:
			self.ctrl_show_deleted = LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1)
			self.ctrl_show_deleted = LDAPControl('1.2.840.113556.1.4.417',criticality=1)
			res = self.lo_s4.lo.search_ext_s('',ldap.SCOPE_BASE, 'objectclass=*',[],
								serverctrls=[ self.ctrl_show_deleted ],
								timeout=-1, sizelimit=0)


		# objectSid modification for an Samba4 object is only possible with the "provision" control:
		if self.configRegistry.is_true('connector/s4/mapping/sid_to_s4', False):
			LDB_CONTROL_PROVISION_OID = '1.3.6.1.4.1.7165.4.3.16'
			self.serverctrls_for_add_and_modify.append(LDAPControl(LDB_CONTROL_PROVISION_OID,criticality=0) )

		# Save a list of objects just created, this is needed to


		self.lo_s4.lo.set_option(ldap.OPT_REFERRALS,0)

		if not self.configRegistry.get('connector/s4/mapping/dns/position') == 'legacy':
			self.s4_ldap_partitions = (self.s4_ldap_base, "DC=DomainDNSZones,%s" % self.s4_ldap_base)
		else:
			self.s4_ldap_partitions = (self.s4_ldap_base,)


	# encode string to unicode
	def encode(self, string):
		try:


		return max(usnchanged,usncreated)

	def __search_s4_partitions(self, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False):
		'''
		search s4 across all partitions listed in self.s4_ldap_partitions
		'''
		_d=ud.function('ldap.__search_s4_partitions')
		res = []
		for base in self.s4_ldap_partitions:
			res += self.__search_s4(base, scope, filter, attrlist, show_deleted)

		return res

	def __search_s4(self, base=None, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False):
		'''
		search s4

		if not base:
			base=self.lo_s4.base

		ctrls=[
			LDAPControl(LDB_CONTROL_DOMAIN_SCOPE_OID, criticality=0),	## Don't show referrals
			SimplePagedResultsControl(True, PAGE_SIZE, '')),
		]

		if show_deleted:
			ctrls.append(LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1))
			ctrls.append(LDAPControl('1.2.840.113556.1.4.417',criticality=1))

		ud.debug(ud.LDAP, ud.INFO, "Search S4 with filter: %s" % filter)
		msgid = self.lo_s4.lo.search_ext(base, scope, filter, attrlist, serverctrls=ctrls, timeout=-1, sizelimit=0)

			else:
				ud.debug(ud.LDAP, ud.WARN, "S4 ignores PAGE_RESULTS")
				break

		
		return encode_s4_resultlist(res)
		

			if filter !='':
				usnFilter = '(&(%s)(%s))' % ( filter, usnFilter )
				
			res = self.__search_s4_partitions(filter=usnFilter, show_deleted=show_deleted)
			return sorted(res, key=lambda element: element[1][attribute][0])


		# search fpr objects with uSNCreated and uSNChanged in the known range

			filter = '(&(%s)(|(uSNChanged=%s)(uSNCreated=%s)))' % (filter,changeUSN,changeUSN)
		else:
			filter = '(|(uSNChanged=%s)(uSNCreated=%s))' % (changeUSN,changeUSN)
		return self.__search_s4(filter=filter, show_deleted=show_deleted)

		return self.__search_s4_partitions(filter=usnFilter, show_deleted=show_deleted)


	def __dn_from_deleted_object(self, object, GUID):
		'''
		gets dn for deleted object (original dn before the object was moved into the deleted objects container)

Return to bug 34184

Lines 59-64 Link Here

(-)conffiles/etc/univention/s4connector/s4/mapping.py (-15 / +30 lines)
59	'CN=DomainUpdates,CN=System,@%@connector/s4/ldap/base@%@',	59	'CN=DomainUpdates,CN=System,@%@connector/s4/ldap/base@%@',
60	'CN=Password Settings Container,CN=System,@%@connector/s4/ldap/base@%@',	60	'CN=Password Settings Container,CN=System,@%@connector/s4/ldap/base@%@',
61	'DC=RootDNSServers,CN=MicrosoftDNS,CN=System,@%@connector/s4/ldap/base@%@',	61	'DC=RootDNSServers,CN=MicrosoftDNS,CN=System,@%@connector/s4/ldap/base@%@',
		62	'DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,@%@connector/s4/ldap/base@%@',
62	'CN=File Replication Service,CN=System,@%@connector/s4/ldap/base@%@',	63	'CN=File Replication Service,CN=System,@%@connector/s4/ldap/base@%@',
63	'CN=RpcServices,CN=System,@%@connector/s4/ldap/base@%@',	64	'CN=RpcServices,CN=System,@%@connector/s4/ldap/base@%@',
64	'CN=Meetings,CN=System,@%@connector/s4/ldap/base@%@',	65	'CN=Meetings,CN=System,@%@connector/s4/ldap/base@%@',
Lines 599-640 Link Here
599	},	600	},
600		601
601	),	602	),
		603	@!@
		604
		605	sync_mode_dns = configRegistry.get('connector/s4/mapping/dns/syncmode')
		606	if not sync_mode_dns:
		607	sync_mode_dns = configRegistry.get('connector/s4/mapping/syncmode')
		608
		609	if configRegistry.get('connector/s4/mapping/dns/position') == 'legacy':
		610	s4_dns_ldap_base = "CN=System,%s" % (configRegistry['connector/s4/ldap/base'],)
		611	else:
		612	s4_dns_ldap_base = "DC=DomainDnsZones,%s" % (configRegistry['connector/s4/ldap/base'],)
		613
		614	dns_section = '''
602	'dns': univention.s4connector.property (	615	'dns': univention.s4connector.property (
603	ucs_default_dn='cn=dns,@%@ldap/base@%@',	616	ucs_default_dn='cn=dns,%(ldap_base)s',
604	con_default_dn='CN=MicrosoftDNS,CN=System,@%@connector/s4/ldap/base@%@',	617	con_default_dn='CN=MicrosoftDNS,%(s4_dns_ldap_base)s',
605	ucs_module='dns/dns',	618	ucs_module='dns/dns',
606		619
607	identify=univention.s4connector.s4.dns.identify,	620	identify=univention.s4connector.s4.dns.identify,
		621	sync_mode='%(sync_mode_dns)s',
608		622
609	@!@
610	if configRegistry.get('connector/s4/mapping/dns/syncmode'):
611	print "sync_mode='%s'," % configRegistry.get('connector/s4/mapping/dns/syncmode')
612	else:
613	print "sync_mode='%s'," % configRegistry.get('connector/s4/mapping/syncmode')
614	@!@
615
616	scope='sub',	623	scope='sub',
617		624
618	con_search_filter='(\|(objectClass=dnsNode)(objectClass=dnsZone))',	625	con_search_filter='(\|(objectClass=dnsNode)(objectClass=dnsZone))',
619		626
620	position_mapping = [( ',cn=dns,@%@ldap/base@%@', ',CN=MicrosoftDNS,CN=System,@%@connector/s4/ldap/base@%@' )],	627	position_mapping = [( ',cn=dns,%(ldap_base)s', ',CN=MicrosoftDNS,%(s4_dns_ldap_base)s' )],
		628	''' % {
		629	'ldap_base': configRegistry['ldap/base'],
		630	'sync_mode_dns': sync_mode_dns,
		631	's4_dns_ldap_base': s4_dns_ldap_base,
		632	}
621		633
622	@!@
623	ignore_filter = ''	634	ignore_filter = ''
624	for dns in configRegistry.get('connector/s4/mapping/dns/ignorelist', '').split(','):	635	for dns in configRegistry.get('connector/s4/mapping/dns/ignorelist', '').split(','):
625	if dns:	636	if dns:
626	ignore_filter += '(%s)' % (dns)	637	ignore_filter += '(%s)' % (dns)
627	if ignore_filter:	638	if ignore_filter:
628	print " ignore_filter='(\|%s)'," % ignore_filter	639	dns_section = dns_section + '''
629	@!@	640	ignore_filter='(\|%s)',''' % ignore_filter
630		641
		642	dns_section = dns_section + '''
631	ignore_subtree = global_ignore_subtree,	643	ignore_subtree = global_ignore_subtree,
632		644
633	con_sync_function = univention.s4connector.s4.dns.ucs2con,	645	con_sync_function = univention.s4connector.s4.dns.ucs2con,
634	ucs_sync_function = univention.s4connector.s4.dns.con2ucs,	646	ucs_sync_function = univention.s4connector.s4.dns.con2ucs,
635		647
636	),	648	),'''
637	@!@	649
		650	print dns_section
		651
		652
638	if configRegistry.is_true('connector/s4/mapping/gpo', True):	653	if configRegistry.is_true('connector/s4/mapping/gpo', True):
639	ignore_filter = ''	654	ignore_filter = ''
640	for gpo in configRegistry.get('connector/s4/mapping/gpo/ignorelist', '').split(','):	655	for gpo in configRegistry.get('connector/s4/mapping/gpo/ignorelist', '').split(','):

Lines 38-44 Link Here

(-)modules/univention/s4connector/s4/__init__.py (-15 / +34 lines)
38	import univention.s4connector	38	import univention.s4connector
39	import univention.debug2 as ud	39	import univention.debug2 as ud
40	from ldap.controls import LDAPControl	40	from ldap.controls import LDAPControl
41	from ldap.controls import SimplePagedResultsControl	41	from ldap.controls import SimplePagedResultsControl, LDAPControl
42	from samba.dcerpc import security	42	from samba.dcerpc import security
43	from samba.ndr import ndr_pack, ndr_unpack	43	from samba.ndr import ndr_pack, ndr_unpack
44	from samba.dcerpc import misc	44	from samba.dcerpc import misc
Lines 45-50 Link Here
45		45
46	DECODE_IGNORELIST=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord']	46	DECODE_IGNORELIST=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord']
47		47
		48	LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
		49	LDB_CONTROL_DOMAIN_SCOPE_OID = "1.2.840.113556.1.4.1339"
		50	LDB_CONTROL_RELAX_OID = "1.3.6.1.4.1.4203.666.5.12"
		51	LDB_CONTROL_PROVISION_OID = '1.3.6.1.4.1.7165.4.3.16'
		52
48	# page results	53	# page results
49	PAGE_SIZE = 1000	54	PAGE_SIZE = 1000
50		55
Lines 110-116 Link Here
110		115
111	ud.debug(ud.LDAP, ud.INFO, 'add_primary_group_to_addlist: Set primary group to %s (rid) for %s' % (primary_group_rid, object.get('dn')))	116	ud.debug(ud.LDAP, ud.INFO, 'add_primary_group_to_addlist: Set primary group to %s (rid) for %s' % (primary_group_rid, object.get('dn')))
112	addlist.append(('primaryGroupID', [primary_group_rid]))	117	addlist.append(('primaryGroupID', [primary_group_rid]))
113	LDB_CONTROL_RELAX_OID = '1.3.6.1.4.1.4203.666.5.12'
114	serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))	118	serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))
115		119
116	def __is_groupType_local(groupType):	120	def __is_groupType_local(groupType):
Lines 126-132 Link Here
126		130
127	ud.debug(ud.LDAP, ud.INFO, "groupType: %s" % groupType)	131	ud.debug(ud.LDAP, ud.INFO, "groupType: %s" % groupType)
128	if __is_groupType_local(groupType):	132	if __is_groupType_local(groupType):
129	LDB_CONTROL_RELAX_OID = '1.3.6.1.4.1.4203.666.5.12'
130	serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))	133	serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))
131		134
132	sambaSID = object.get('attributes', {}).get('sambaSID', [])[0]	135	sambaSID = object.get('attributes', {}).get('sambaSID', [])[0]
Lines 384-391 Link Here
384	def old_user_dn_mapping(s4connector, given_object):	387	def old_user_dn_mapping(s4connector, given_object):
385	object = copy.deepcopy(given_object)	388	object = copy.deepcopy(given_object)
386		389
387	# LDAP_SERVER_SHOW_DELETED_OID -> 1.2.840.113556.1.4.417	390	ctrls = [LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1)]
388	ctrls = [LDAPControl('1.2.840.113556.1.4.417',criticality=1)]
389	samaccountname = ''	391	samaccountname = ''
390		392
391	if object.has_key('sAMAccountName'):	393	if object.has_key('sAMAccountName'):
Lines 753-760 Link Here
753	ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4 GUID'")	755	ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4 GUID'")
754	self.config.add_section('S4 GUID')	756	self.config.add_section('S4 GUID')
755	try:	757	try:
756	# LDAP_SERVER_SHOW_DELETED_OID -> 1.2.840.113556.1.4.417	758	self.ctrl_show_deleted = LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1)
757	self.ctrl_show_deleted = LDAPControl('1.2.840.113556.1.4.417',criticality=1)
758	res = self.lo_s4.lo.search_ext_s('',ldap.SCOPE_BASE, 'objectclass=*',[],	759	res = self.lo_s4.lo.search_ext_s('',ldap.SCOPE_BASE, 'objectclass=*',[],
759	serverctrls=[ self.ctrl_show_deleted ],	760	serverctrls=[ self.ctrl_show_deleted ],
760	timeout=-1, sizelimit=0)	761	timeout=-1, sizelimit=0)
Lines 773-779 Link Here
773		774
774	# objectSid modification for an Samba4 object is only possible with the "provision" control:	775	# objectSid modification for an Samba4 object is only possible with the "provision" control:
775	if self.configRegistry.is_true('connector/s4/mapping/sid_to_s4', False):	776	if self.configRegistry.is_true('connector/s4/mapping/sid_to_s4', False):
776	LDB_CONTROL_PROVISION_OID = '1.3.6.1.4.1.7165.4.3.16'
777	self.serverctrls_for_add_and_modify.append(LDAPControl(LDB_CONTROL_PROVISION_OID,criticality=0) )	777	self.serverctrls_for_add_and_modify.append(LDAPControl(LDB_CONTROL_PROVISION_OID,criticality=0) )
778		778
779	# Save a list of objects just created, this is needed to	779	# Save a list of objects just created, this is needed to
Lines 865-870 Link Here
865		865
866	self.lo_s4.lo.set_option(ldap.OPT_REFERRALS,0)	866	self.lo_s4.lo.set_option(ldap.OPT_REFERRALS,0)
867		867
		868	if not self.configRegistry.get('connector/s4/mapping/dns/position') == 'legacy':
		869	self.s4_ldap_partitions = (self.s4_ldap_base, "DC=DomainDNSZones,%s" % self.s4_ldap_base)
		870	else:
		871	self.s4_ldap_partitions = (self.s4_ldap_base,)
		872
		873
868	# encode string to unicode	874	# encode string to unicode
869	def encode(self, string):	875	def encode(self, string):
870	try:	876	try:
Lines 1003-1008 Link Here
1003		1009
1004	return max(usnchanged,usncreated)	1010	return max(usnchanged,usncreated)
1005		1011
		1012	def __search_s4_partitions(self, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False):
		1013	'''
		1014	search s4 across all partitions listed in self.s4_ldap_partitions
		1015	'''
		1016	_d=ud.function('ldap.__search_s4_partitions')
		1017	res = []
		1018	for base in self.s4_ldap_partitions:
		1019	res += self.__search_s4(base, scope, filter, attrlist, show_deleted)
		1020
		1021	return res
		1022
1006	def __search_s4(self, base=None, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False):	1023	def __search_s4(self, base=None, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False):
1007	'''	1024	'''
1008	search s4	1025	search s4
Lines 1012-1023 Link Here
1012	if not base:	1029	if not base:
1013	base=self.lo_s4.base	1030	base=self.lo_s4.base
1014		1031
1015	ctrls=[]	1032	ctrls=[
1016	ctrls.append(SimplePagedResultsControl(True, PAGE_SIZE, ''))	1033	LDAPControl(LDB_CONTROL_DOMAIN_SCOPE_OID, criticality=0), ## Don't show referrals
		1034	SimplePagedResultsControl(True, PAGE_SIZE, '')),
		1035	]
1017		1036
1018	if show_deleted:	1037	if show_deleted:
1019	# LDAP_SERVER_SHOW_DELETED_OID -> 1.2.840.113556.1.4.417	1038	ctrls.append(LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1))
1020	ctrls.append(LDAPControl('1.2.840.113556.1.4.417',criticality=1))
1021		1039
1022	ud.debug(ud.LDAP, ud.INFO, "Search S4 with filter: %s" % filter)	1040	ud.debug(ud.LDAP, ud.INFO, "Search S4 with filter: %s" % filter)
1023	msgid = self.lo_s4.lo.search_ext(base, scope, filter, attrlist, serverctrls=ctrls, timeout=-1, sizelimit=0)	1041	msgid = self.lo_s4.lo.search_ext(base, scope, filter, attrlist, serverctrls=ctrls, timeout=-1, sizelimit=0)
Lines 1046-1052 Link Here
1046	else:	1064	else:
1047	ud.debug(ud.LDAP, ud.WARN, "S4 ignores PAGE_RESULTS")	1065	ud.debug(ud.LDAP, ud.WARN, "S4 ignores PAGE_RESULTS")
1048	break	1066	break
1049
1050		1067
1051	return encode_s4_resultlist(res)	1068	return encode_s4_resultlist(res)
1052		1069
Lines 1078-1084 Link Here
1078	if filter !='':	1095	if filter !='':
1079	usnFilter = '(&(%s)(%s))' % ( filter, usnFilter )	1096	usnFilter = '(&(%s)(%s))' % ( filter, usnFilter )
1080		1097
1081	return self.__search_s4( filter=usnFilter, show_deleted=show_deleted)	1098	res = self.__search_s4_partitions(filter=usnFilter, show_deleted=show_deleted)
		1099	return sorted(res, key=lambda element: element[1][attribute][0])
1082		1100
1083		1101
1084	# search fpr objects with uSNCreated and uSNChanged in the known range	1102	# search fpr objects with uSNCreated and uSNChanged in the known range
Lines 1132-1140 Link Here
1132	filter = '(&(%s)(\|(uSNChanged=%s)(uSNCreated=%s)))' % (filter,changeUSN,changeUSN)	1150	filter = '(&(%s)(\|(uSNChanged=%s)(uSNCreated=%s)))' % (filter,changeUSN,changeUSN)
1133	else:	1151	else:
1134	filter = '(\|(uSNChanged=%s)(uSNCreated=%s))' % (changeUSN,changeUSN)	1152	filter = '(\|(uSNChanged=%s)(uSNCreated=%s))' % (changeUSN,changeUSN)
1135	return self.__search_s4(filter=filter, show_deleted=show_deleted)
1136		1153
		1154	return self.__search_s4_partitions(filter=usnFilter, show_deleted=show_deleted)
1137		1155
		1156
1138	def __dn_from_deleted_object(self, object, GUID):	1157	def __dn_from_deleted_object(self, object, GUID):
1139	'''	1158	'''
1140	gets dn for deleted object (original dn before the object was moved into the deleted objects container)	1159	gets dn for deleted object (original dn before the object was moved into the deleted objects container)