|
|
|---|
| 348 |
_d=univention.debug.function('uldap.searchDn filter=%s base=%s scope=%s unique=%d required=%d' % (filter, base, scope, unique, required)) |
348 |
_d=univention.debug.function('uldap.searchDn filter=%s base=%s scope=%s unique=%d required=%d' % (filter, base, scope, unique, required)) |
| 349 |
return map(lambda(x): x[0], self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls)) |
349 |
return map(lambda(x): x[0], self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls)) |
| 350 |
|
350 |
|
| 351 |
def getPolicies(self, dn, policies = None, attrs = None, result = None, fixedattrs = None ): |
351 |
def _get_policies(self, dn): |
|
|
352 |
return self.get(dn, ['univentionPolicyReference']) |
| 353 |
|
| 354 |
def getPolicies(self, dn, policies=None, attrs=None): |
| 352 |
if attrs is None: |
355 |
if attrs is None: |
| 353 |
attrs = {} |
356 |
attrs = {} |
| 354 |
if result is None: |
|
|
| 355 |
result = {} |
| 356 |
if fixedattrs is None: |
| 357 |
fixedattrs = {} |
| 358 |
if policies is None: |
357 |
if policies is None: |
| 359 |
policies = [] |
358 |
policies = [] |
| 360 |
_d=univention.debug.function('uldap.getPolicies dn=%s policies=%s attrs=%s result=%s fixedattrs=%s' % (dn, policies, attrs, result, fixedattrs)) |
359 |
_d = univention.debug.function('uldap.getPolicies dn=%s policies=%s attrs=%s' % ( |
|
|
360 |
dn, policies, attrs)) |
| 361 |
if not dn and not policies: # if policies is set apply a fictionally referenced list of policies |
361 |
if not dn and not policies: # if policies is set apply a fictionally referenced list of policies |
| 362 |
return {} |
362 |
return {} |
| 363 |
|
363 |
|
|
|
|---|
| 371 |
elif not policies and not attrs: |
371 |
elif not policies and not attrs: |
| 372 |
policies=oattrs.get('univentionPolicyReference', []) |
372 |
policies=oattrs.get('univentionPolicyReference', []) |
| 373 |
|
373 |
|
| 374 |
object_classes = [x.lower() for x in oattrs.get('objectClass', [])] |
374 |
object_classes = {x.lower() for x in oattrs.get('objectClass', [])} |
| 375 |
|
375 |
|
|
|
376 |
result = {} |
| 376 |
if dn: |
377 |
if dn: |
| 377 |
parent_dn=self.parentDn(dn) |
378 |
obj_dn = dn |
| 378 |
if parent_dn: |
379 |
while True: |
| 379 |
result=self.getPolicies(parent_dn, result=result, fixedattrs=fixedattrs) |
380 |
for policy_dn in policies: |
| 380 |
|
381 |
self._merge_policy(policy_dn, obj_dn, object_classes, result) |
| 381 |
for pdn in policies: |
382 |
dn = self.parentDn(dn) |
| 382 |
pattrs=self.get(pdn) |
383 |
if not dn: |
| 383 |
ptype=None |
384 |
break |
| 384 |
if pattrs: |
385 |
parent = self.get(dn, ['univentionPolicyReference']) |
| 385 |
for oc in pattrs['objectClass']: |
386 |
if not parent: |
| 386 |
if oc in ( 'top', 'univentionPolicy', 'univentionObject' ): |
|
|
| 387 |
continue |
| 388 |
ptype=oc |
| 389 |
break |
387 |
break |
|
|
388 |
policies = parent.get('univentionPolicyReference', []) |
| 390 |
|
389 |
|
| 391 |
if not ptype: |
390 |
univention.debug.debug( |
| 392 |
continue |
391 |
univention.debug.LDAP, univention.debug.INFO, |
|
|
392 |
"getPolicies: result: %s" % result) |
| 393 |
return result |
| 393 |
|
394 |
|
| 394 |
if pattrs.get('ldapFilter'): |
395 |
def _merge_policy(self, policy_dn, obj_dn, object_classes, result): |
| 395 |
try: |
396 |
pattrs = self.get(policy_dn) |
| 396 |
self.search(pattrs['ldapFilter'][0], base=dn, scope='base', unique=True, required=True) |
397 |
if not pattrs: |
| 397 |
except ldap.NO_SUCH_OBJECT: |
398 |
return |
| 398 |
continue |
|
|
| 399 |
|
399 |
|
| 400 |
if not all(oc.lower() in object_classes for oc in pattrs.get('requiredObjectClasses', [])): |
400 |
try: |
| 401 |
continue |
401 |
classes = set(pattrs['objectClass']) - {'top', 'univentionPolicy', 'univentionObject'} |
| 402 |
if any(oc.lower() in object_classes for oc in pattrs.get('prohibitedObjectClasses', [])): |
402 |
ptype = classes.pop() |
| 403 |
continue |
403 |
except KeyError: |
|
|
404 |
return |
| 404 |
|
405 |
|
| 405 |
result.setdefault(ptype, {}) |
406 |
if pattrs.get('ldapFilter'): |
| 406 |
fixedattrs.setdefault(ptype, {}) |
407 |
try: |
| 407 |
|
408 |
self.search(pattrs['ldapFilter'][0], base=obj_dn, scope='base', unique=True, required=True) |
| 408 |
for key, value in pattrs.items(): |
409 |
except ldap.NO_SUCH_OBJECT: |
| 409 |
if key in ('requiredObjectClasses', 'prohibitedObjectClasses', 'fixedAttributes', 'emptyAttributes', 'objectClass', 'cn', 'univentionObjectType', 'ldapFilter'): |
410 |
return |
| 410 |
continue |
411 |
|
| 411 |
if key not in fixedattrs[ptype]: |
412 |
if not all(oc.lower() in object_classes for oc in pattrs.get('requiredObjectClasses', [])): |
| 412 |
univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "getPolicies: %s sets: %s=%s" % (pdn, key, value)) |
413 |
return |
| 413 |
result[ptype][key]={} |
414 |
if any(oc.lower() in object_classes for oc in pattrs.get('prohibitedObjectClasses', [])): |
| 414 |
result[ptype][key]['policy']=pdn |
415 |
return |
| 415 |
result[ptype][key]['value']=value |
416 |
|
| 416 |
if key in pattrs.get('emptyAttributes', []): |
417 |
fixed = set(pattrs.get('fixedAttributes', ())) |
| 417 |
result[ptype][key]['value']=[] |
418 |
empty = set(pattrs.get('emptyAttributes', ())) |
| 418 |
if key in pattrs.get('fixedAttributes', []): |
419 |
values = result.setdefault(ptype, {}) |
| 419 |
result[ptype][key]['fixed']=1 |
420 |
for key in list(empty) + pattrs.keys() + list(fixed): |
| 420 |
else: |
421 |
if key in {'requiredObjectClasses', 'prohibitedObjectClasses', 'fixedAttributes', 'emptyAttributes', 'objectClass', 'cn', 'univentionObjectType', 'ldapFilter'}: |
| 421 |
result[ptype][key]['fixed']=0 |
422 |
continue |
| 422 |
for key in pattrs.get('fixedAttributes', []): |
423 |
|
| 423 |
if key not in fixedattrs[ptype]: |
424 |
if key not in values or key in fixed: |
| 424 |
fixedattrs[ptype][key]=pdn |
425 |
value = [] if key in empty else pattrs.get(key, []) |
| 425 |
if key not in result[ptype]: |
426 |
univention.debug.debug( |
| 426 |
result[ptype][key]={} |
427 |
univention.debug.LDAP, univention.debug.INFO, |
| 427 |
result[ptype][key]['policy']=pdn |
428 |
"getPolicies: %s sets: %s=%s" % (policy_dn, key, value)) |
| 428 |
result[ptype][key]['value']=[] |
429 |
values[key] = { |
| 429 |
result[ptype][key]['fixed']=1 |
430 |
'policy': policy_dn, |
| 430 |
for key in pattrs.get('emptyAttributes', []): |
431 |
'value': value, |
| 431 |
if key not in result[ptype]: |
432 |
'fixed': 1 if key in fixed else 0, |
| 432 |
result[ptype][key]={} |
433 |
} |
| 433 |
result[ptype][key]['policy']=pdn |
|
|
| 434 |
result[ptype][key]['value']=[] |
| 435 |
elif not ('fixed' in result[ptype][key] and result[ptype][key]['fixed']): |
| 436 |
result[ptype][key]['value']=[] |
| 437 |
|
| 438 |
univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "getPolicies: result: %s" % result) |
| 439 |
return result |
| 440 |
|
434 |
|
| 441 |
def add(self, dn, al): |
435 |
def add(self, dn, al): |
| 442 |
"""Add LDAP entry with dn and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values).""" |
436 |
"""Add LDAP entry with dn and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values).""" |