'CN=DomainUpdates,CN=System,@%@connector/s4/ldap/base@%@',

			'CN=DomainUpdates,CN=System,@%@connector/s4/ldap/base@%@',

			'CN=Password Settings Container,CN=System,@%@connector/s4/ldap/base@%@',

			'CN=Password Settings Container,CN=System,@%@connector/s4/ldap/base@%@',

			'DC=RootDNSServers,CN=MicrosoftDNS,CN=System,@%@connector/s4/ldap/base@%@',

			'DC=RootDNSServers,CN=MicrosoftDNS,CN=System,@%@connector/s4/ldap/base@%@',

			'CN=File Replication Service,CN=System,@%@connector/s4/ldap/base@%@',

			'CN=File Replication Service,CN=System,@%@connector/s4/ldap/base@%@',

			'CN=RpcServices,CN=System,@%@connector/s4/ldap/base@%@',

			'CN=RpcServices,CN=System,@%@connector/s4/ldap/base@%@',

			'CN=Meetings,CN=System,@%@connector/s4/ldap/base@%@',

			'CN=Meetings,CN=System,@%@connector/s4/ldap/base@%@',

				},

				},

		),

		),

	'dns': univention.s4connector.property (

	'dns': univention.s4connector.property (

			ucs_module='dns/dns',

			ucs_module='dns/dns',

			identify=univention.s4connector.s4.dns.identify,

			identify=univention.s4connector.s4.dns.identify,

			scope='sub',

			scope='sub',

			con_search_filter='(|(objectClass=dnsNode)(objectClass=dnsZone))',

			con_search_filter='(|(objectClass=dnsNode)(objectClass=dnsZone))',

ignore_filter = ''

ignore_filter = ''

for dns in configRegistry.get('connector/s4/mapping/dns/ignorelist', '').split(','):

for dns in configRegistry.get('connector/s4/mapping/dns/ignorelist', '').split(','):

	if dns:

	if dns:

		ignore_filter += '(%s)' % (dns)

		ignore_filter += '(%s)' % (dns)

if ignore_filter:

if ignore_filter:

			ignore_subtree = global_ignore_subtree,

			ignore_subtree = global_ignore_subtree,

			con_sync_function = univention.s4connector.s4.dns.ucs2con,

			con_sync_function = univention.s4connector.s4.dns.ucs2con,

			ucs_sync_function = univention.s4connector.s4.dns.con2ucs,

			ucs_sync_function = univention.s4connector.s4.dns.con2ucs,

if configRegistry.is_true('connector/s4/mapping/gpo', True):

if configRegistry.is_true('connector/s4/mapping/gpo', True):

	ignore_filter = ''

	ignore_filter = ''

	for gpo in configRegistry.get('connector/s4/mapping/gpo/ignorelist', '').split(','):

	for gpo in configRegistry.get('connector/s4/mapping/gpo/ignorelist', '').split(','):

		fi

		fi

	fi

	fi

	if [ "$skip_final_restart" != "true" ]; then

	if [ "$skip_final_restart" != "true" ]; then

		/etc/init.d/univention-s4-connector restart

		/etc/init.d/univention-s4-connector restart

	fi

	fi

Description[en]=Group policies are stored in Group Policy Objects (GPOs) in the directory /var/lib/samba/sysvol/ on all Samba 4 domain controllers. The GPOs and the corresponding access rights are referenced in Samba 4 LDAP. If this option is activated, the access rights of the GPO references are synchronised to the UCS LDAP along with the references. If the variable is unset, the references are not synchronised.

Description[en]=Group policies are stored in Group Policy Objects (GPOs) in the directory /var/lib/samba/sysvol/ on all Samba 4 domain controllers. The GPOs and the corresponding access rights are referenced in Samba 4 LDAP. If this option is activated, the access rights of the GPO references are synchronised to the UCS LDAP along with the references. If the variable is unset, the references are not synchronised.

Type=bool

Type=bool

Categories=service-s4con

Categories=service-s4con

			ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: No mapping was found for dn: %s" % dn)

			ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: No mapping was found for dn: %s" % dn)

			return True

			return True

	def get_ucs_ldap_object(self, dn):

	def get_ucs_ldap_object(self, dn):

		_d=ud.function('ldap.get_ucs_ldap_object')

		_d=ud.function('ldap.get_ucs_ldap_object')

import univention.s4connector

import univention.s4connector

import univention.debug2 as ud

import univention.debug2 as ud

from ldap.controls import LDAPControl

from ldap.controls import LDAPControl

from samba.dcerpc import security

from samba.dcerpc import security

from samba.ndr import ndr_pack, ndr_unpack

from samba.ndr import ndr_pack, ndr_unpack

from samba.dcerpc import misc

from samba.dcerpc import misc

DECODE_IGNORELIST=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord']

DECODE_IGNORELIST=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord']

# page results

# page results

PAGE_SIZE = 1000

PAGE_SIZE = 1000

		ud.debug(ud.LDAP, ud.INFO, 'add_primary_group_to_addlist: Set primary group to %s (rid) for %s' % (primary_group_rid, object.get('dn')))

		ud.debug(ud.LDAP, ud.INFO, 'add_primary_group_to_addlist: Set primary group to %s (rid) for %s' % (primary_group_rid, object.get('dn')))

		addlist.append(('primaryGroupID', [primary_group_rid]))

		addlist.append(('primaryGroupID', [primary_group_rid]))

		serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))

		serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))

def __is_groupType_local(groupType):

def __is_groupType_local(groupType):

	ud.debug(ud.LDAP, ud.INFO, "groupType: %s" % groupType)

	ud.debug(ud.LDAP, ud.INFO, "groupType: %s" % groupType)

	if __is_groupType_local(groupType):

	if __is_groupType_local(groupType):

		serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))

		serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0))

		sambaSID = object.get('attributes', {}).get('sambaSID', [])[0]

		sambaSID = object.get('attributes', {}).get('sambaSID', [])[0]

						try:

						try:

							if value.lower() == ucsval.lower():

							if value.lower() == ucsval.lower():

								value = conval

								value = conval

								continue

								continue

						except UnicodeDecodeError:

						except UnicodeDecodeError:

							pass # values are not the same codec

							pass # values are not the same codec

					for ucsval, conval in s4connector.property[propertyname].mapping_table[propertyattrib]:

					for ucsval, conval in s4connector.property[propertyname].mapping_table[propertyattrib]:

						if samaccountname.lower() == conval.lower():

						if samaccountname.lower() == conval.lower():

							samaccountname = ucsval

							samaccountname = ucsval

							continue

							continue

						else:

						else:

							ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: samaccountname not in mapping-table")

							ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: samaccountname not in mapping-table")

def old_user_dn_mapping(s4connector, given_object):

def old_user_dn_mapping(s4connector, given_object):

	object = copy.deepcopy(given_object)

	object = copy.deepcopy(given_object)

	samaccountname = ''

	samaccountname = ''

	if object.has_key('sAMAccountName'):

	if object.has_key('sAMAccountName'):

			ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4 GUID'")

			ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4 GUID'")

			self.config.add_section('S4 GUID')

			self.config.add_section('S4 GUID')

		try:

		try:

			res = self.lo_s4.lo.search_ext_s('',ldap.SCOPE_BASE, 'objectclass=*',[],

			res = self.lo_s4.lo.search_ext_s('',ldap.SCOPE_BASE, 'objectclass=*',[],

								serverctrls=[ self.ctrl_show_deleted ],

								serverctrls=[ self.ctrl_show_deleted ],

								timeout=-1, sizelimit=0)

								timeout=-1, sizelimit=0)

		# objectSid modification for an Samba4 object is only possible with the "provision" control:

		# objectSid modification for an Samba4 object is only possible with the "provision" control:

		if self.configRegistry.is_true('connector/s4/mapping/sid_to_s4', False):

		if self.configRegistry.is_true('connector/s4/mapping/sid_to_s4', False):

			self.serverctrls_for_add_and_modify.append(LDAPControl(LDB_CONTROL_PROVISION_OID,criticality=0) )

			self.serverctrls_for_add_and_modify.append(LDAPControl(LDB_CONTROL_PROVISION_OID,criticality=0) )

		# Save a list of objects just created, this is needed to

		# Save a list of objects just created, this is needed to

		self.lo_s4.lo.set_option(ldap.OPT_REFERRALS,0)

		self.lo_s4.lo.set_option(ldap.OPT_REFERRALS,0)

	# encode string to unicode

	# encode string to unicode

	def encode(self, string):

	def encode(self, string):

		try:

		try:

	def isInCreationList(self, dn):

	def isInCreationList(self, dn):

		return dn.lower() in self.creation_list

		return dn.lower() in self.creation_list

	def get_object(self, dn):

	def get_object(self, dn):

		_d=ud.function('ldap.get_object')

		_d=ud.function('ldap.get_object')

		for i in [0, 1]: # do it twice if the LDAP connection was closed

		for i in [0, 1]: # do it twice if the LDAP connection was closed

		return max(usnchanged,usncreated)

		return max(usnchanged,usncreated)

	def __search_s4(self, base=None, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False):

	def __search_s4(self, base=None, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False):

		'''

		'''

		search s4

		search s4

		if not base:

		if not base:

			base=self.lo_s4.base

			base=self.lo_s4.base

		if show_deleted:

		if show_deleted:

		ud.debug(ud.LDAP, ud.INFO, "Search S4 with filter: %s" % filter)

		ud.debug(ud.LDAP, ud.INFO, "Search S4 with filter: %s" % filter)

		msgid = self.lo_s4.lo.search_ext(base, scope, filter, attrlist, serverctrls=ctrls, timeout=-1, sizelimit=0)

		msgid = self.lo_s4.lo.search_ext(base, scope, filter, attrlist, serverctrls=ctrls, timeout=-1, sizelimit=0)

			else:

			else:

				ud.debug(ud.LDAP, ud.WARN, "S4 ignores PAGE_RESULTS")

				ud.debug(ud.LDAP, ud.WARN, "S4 ignores PAGE_RESULTS")

				break

				break

		return encode_s4_resultlist(res)

		return encode_s4_resultlist(res)

			if filter !='':

			if filter !='':

				usnFilter = '(&(%s)(%s))' % ( filter, usnFilter )

				usnFilter = '(&(%s)(%s))' % ( filter, usnFilter )

		# search fpr objects with uSNCreated and uSNChanged in the known range

		# search fpr objects with uSNCreated and uSNChanged in the known range

			filter = '(&(%s)(|(uSNChanged=%s)(uSNCreated=%s)))' % (filter,changeUSN,changeUSN)

			filter = '(&(%s)(|(uSNChanged=%s)(uSNCreated=%s)))' % (filter,changeUSN,changeUSN)

		else:

		else:

			filter = '(|(uSNChanged=%s)(uSNCreated=%s))' % (changeUSN,changeUSN)

			filter = '(|(uSNChanged=%s)(uSNCreated=%s))' % (changeUSN,changeUSN)

	def __dn_from_deleted_object(self, object, GUID):

	def __dn_from_deleted_object(self, object, GUID):

		'''

		'''

		gets dn for deleted object (original dn before the object was moved into the deleted objects container)

		gets dn for deleted object (original dn before the object was moved into the deleted objects container)

import univention.debug2 as ud

import univention.debug2 as ud

import univention.s4connector.s4

import univention.s4connector.s4

import univention.admin.uldap

import univention.admin.uldap

from samba.provision.sambadns import ARecord

from samba.provision.sambadns import ARecord

# def __init__(self, ip_addr, serial=1, ttl=3600):

# def __init__(self, ip_addr, serial=1, ttl=3600):

import univention.admin.handlers.dns.reverse_zone

import univention.admin.handlers.dns.reverse_zone

import univention.admin.handlers.dns.ptr_record

import univention.admin.handlers.dns.ptr_record

''' HELPER functions '''

''' HELPER functions '''

def __append_dot(str):

def __append_dot(str):

	if str[-1] != '.':

	if str[-1] != '.':

		raise 

		raise 

	return zoneName

	return zoneName

	al=[]

	al=[]

	al.append(('objectClass', ['top', 'dnsZone']))

	al.append(('objectClass', ['top', 'dnsZone']))

	ud.debug(ud.LDAP, ud.INFO, '_dns_zone_forward_con_create: dn: %s' % zoneDn)

	ud.debug(ud.LDAP, ud.INFO, '_dns_zone_forward_con_create: dn: %s' % zoneDn)

	ud.debug(ud.LDAP, ud.INFO, '_dns_zone_forward_con_create: al: %s' % al)

	ud.debug(ud.LDAP, ud.INFO, '_dns_zone_forward_con_create: al: %s' % al)

	s4connector.lo_s4.lo.add_s(zoneDn, al)

	s4connector.lo_s4.lo.add_s(zoneDn, al)

	al=[]

	al=[]

	al.append(('objectClass', ['top', 'dnsNode']))

	al.append(('objectClass', ['top', 'dnsNode']))

	al.append(('dc', ['@']))

	al.append(('dc', ['@']))

def s4_zone_create(s4connector, object):

def s4_zone_create(s4connector, object):

	_d=ud.function('s4_zone_create')

	_d=ud.function('s4_zone_create')

	# Create the forward zone in S4 if it does not exist

	# Create the forward zone in S4 if it does not exist

	try:

	try:

		searchResult=s4connector.lo_s4.lo.search_s(zoneDn, ldap.SCOPE_BASE, '(objectClass=*)',['dn'])

		searchResult=s4connector.lo_s4.lo.search_s(zoneDn, ldap.SCOPE_BASE, '(objectClass=*)',['dn'])

	except ldap.NO_SUCH_OBJECT:

	except ldap.NO_SUCH_OBJECT:

	# Create @ object

	# Create @ object

	zoneDnAt='DC=@,%s' % zoneDn

	zoneDnAt='DC=@,%s' % zoneDn

		if searchResult and searchResult[0][1]:

		if searchResult and searchResult[0][1]:

			old_dnsRecords=searchResult[0][1].get('dnsRecord')

			old_dnsRecords=searchResult[0][1].get('dnsRecord')

	except ldap.NO_SUCH_OBJECT:

	except ldap.NO_SUCH_OBJECT:

	dnsRecords=[]

	dnsRecords=[]

def s4_zone_delete(s4connector, object):

def s4_zone_delete(s4connector, object):

	_d=ud.function('s4_zone_delete')

	_d=ud.function('s4_zone_delete')

	zoneDnAt='DC=@,%s' % zoneDn

	zoneDnAt='DC=@,%s' % zoneDn

def s4_dns_node_base_create(s4connector, object, dnsRecords):

def s4_dns_node_base_create(s4connector, object, dnsRecords):

	_d=ud.function('s4_dns_node_base_create')

	_d=ud.function('s4_dns_node_base_create')

	relativeDomainNames=object['attributes'].get('relativeDomainName')

	relativeDomainNames=object['attributes'].get('relativeDomainName')

	relativeDomainNames=univention.s4connector.s4.compatible_list(relativeDomainNames)

	relativeDomainNames=univention.s4connector.s4.compatible_list(relativeDomainNames)

	old_dnsRecords=[]

	old_dnsRecords=[]

	# Create dnsNode object

	# Create dnsNode object

	try:

	try:

		searchResult=s4connector.lo_s4.lo.search_s(dnsNodeDn, ldap.SCOPE_BASE, '(objectClass=*)')

		searchResult=s4connector.lo_s4.lo.search_s(dnsNodeDn, ldap.SCOPE_BASE, '(objectClass=*)')

		if searchResult and searchResult[0][1]:

		if searchResult and searchResult[0][1]:

def s4_dns_node_base_delete(s4connector, object):

def s4_dns_node_base_delete(s4connector, object):

	_d=ud.function('s4_dns_node_base_delete')

	_d=ud.function('s4_dns_node_base_delete')

	relativeDomainNames=object['attributes'].get('relativeDomainName')

	relativeDomainNames=object['attributes'].get('relativeDomainName')

	relativeDomainNames=univention.s4connector.s4.compatible_list(relativeDomainNames)

	relativeDomainNames=univention.s4connector.s4.compatible_list(relativeDomainNames)

	try:

	try:

		res=s4connector.lo_s4.lo.delete_s(dnsNodeDn)

		res=s4connector.lo_s4.lo.delete_s(dnsNodeDn)

	except ldap.NO_SUCH_OBJECT:

	except ldap.NO_SUCH_OBJECT:

	return True

	return True

	# split zone

	# split zone

	dn=ldap.explode_dn(dn)

	dn=ldap.explode_dn(dn)

	_d=ud.function('ucs_host_record_create')

	_d=ud.function('ucs_host_record_create')

	ud.debug(ud.LDAP, ud.INFO, 'ucs_host_record_create: object: %s' % object)

	ud.debug(ud.LDAP, ud.INFO, 'ucs_host_record_create: object: %s' % object)

	# unpack the host record

	# unpack the host record

	a=__unpack_aRecord(object)

	a=__unpack_aRecord(object)

	_d=ud.function('ucs_host_record_delete')

	_d=ud.function('ucs_host_record_delete')

	ud.debug(ud.LDAP, ud.INFO, 'ucs_host_record_delete: object: %s' % object)

	ud.debug(ud.LDAP, ud.INFO, 'ucs_host_record_delete: object: %s' % object)

	searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

	searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

	if len(searchResult) > 0:

	if len(searchResult) > 0:

	_d=ud.function('ucs_ptr_record_create')

	_d=ud.function('ucs_ptr_record_create')

	ud.debug(ud.LDAP, ud.INFO, 'ucs_ptr_record_create: object: %s' % object)

	ud.debug(ud.LDAP, ud.INFO, 'ucs_ptr_record_create: object: %s' % object)

	# unpack the host record

	# unpack the host record

	ptr=__unpack_ptrRecord(object)

	ptr=__unpack_ptrRecord(object)

	_d=ud.function('ucs_ptr_record_delete')

	_d=ud.function('ucs_ptr_record_delete')

	ud.debug(ud.LDAP, ud.INFO, 'ucs_ptr_record_delete: object: %s' % object)

	ud.debug(ud.LDAP, ud.INFO, 'ucs_ptr_record_delete: object: %s' % object)

	searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

	searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

	if len(searchResult) > 0:

	if len(searchResult) > 0:

	_d=ud.function('ucs_cname_create')

	_d=ud.function('ucs_cname_create')

	ud.debug(ud.LDAP, ud.INFO, 'ucs_cname_create: object: %s' % object)

	ud.debug(ud.LDAP, ud.INFO, 'ucs_cname_create: object: %s' % object)

	# unpack the host record

	# unpack the host record

	c=__unpack_cName(object)

	c=__unpack_cName(object)

	_d=ud.function('ucs_cname_delete')

	_d=ud.function('ucs_cname_delete')

	ud.debug(ud.LDAP, ud.INFO, 'ucs_cname_delete: object: %s' % object)

	ud.debug(ud.LDAP, ud.INFO, 'ucs_cname_delete: object: %s' % object)

	searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

	searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

	if len(searchResult) > 0:

	if len(searchResult) > 0:

	_d=ud.function('ucs_srv_record_create')

	_d=ud.function('ucs_srv_record_create')

	ud.debug(ud.LDAP, ud.INFO, 'ucs_srv_record_create: object: %s' % object)

	ud.debug(ud.LDAP, ud.INFO, 'ucs_srv_record_create: object: %s' % object)

	# unpack the host record

	# unpack the host record

	srv=__unpack_sRVrecord(object)

	srv=__unpack_sRVrecord(object)

	_d=ud.function('ucs_srv_record_delete')

	_d=ud.function('ucs_srv_record_delete')

	ud.debug(ud.LDAP, ud.INFO, 'ucs_srv_record_delete: object: %s' % object)

	ud.debug(ud.LDAP, ud.INFO, 'ucs_srv_record_delete: object: %s' % object)

	searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

	searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

	if len(searchResult) > 0:

	if len(searchResult) > 0:

	dnsRecords=[]

	dnsRecords=[]

	relativeDomainName=object['attributes'].get('relativeDomainName')

	relativeDomainName=object['attributes'].get('relativeDomainName')

	relativeDomainName=univention.s4connector.s4.compatible_list(relativeDomainName)

	relativeDomainName=univention.s4connector.s4.compatible_list(relativeDomainName)

def ucs_zone_create(s4connector, object, dns_type):

def ucs_zone_create(s4connector, object, dns_type):

	_d=ud.function('ucs_zone_create')

	_d=ud.function('ucs_zone_create')

	# create the zone if the dc=@ object was created

	# create the zone if the dc=@ object was created

	if relativeDomainName != '@':

	if relativeDomainName != '@':

def ucs_zone_delete(s4connector, object, dns_type):

def ucs_zone_delete(s4connector, object, dns_type):

	_d=ud.function('ucs_zone_delete')

	_d=ud.function('ucs_zone_delete')

	if relativeDomainName == '@':

	if relativeDomainName == '@':

		searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

		searchResult=s4connector.lo.search(filter='(&(relativeDomainName=%s)(zoneName=%s))' % (relativeDomainName, zoneName), unique=1)

		ud.debug(ud.LDAP, ud.INFO, 'dns ucs2con: Ignore unkown dns object: %s' % object['dn'])

		ud.debug(ud.LDAP, ud.INFO, 'dns ucs2con: Ignore unkown dns object: %s' % object['dn'])

		return True

		return True

	if dns_type == 'forward_zone' or dns_type == 'reverse_zone':

	if dns_type == 'forward_zone' or dns_type == 'reverse_zone':

		if object['modtype'] in ['add', 'modify']:

		if object['modtype'] in ['add', 'modify']: