commit 22e3c4f80e86eac1d776d7de49375aec9dfc14fe
Author: Florian Best <best@univention.de>
Date:   Fri Jul 1 00:25:51 2016 +0200

    Bug #41659: introduce new file with python-support during upgrade

diff --git a/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst b/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst
index efa1cb1..b070e6c 100644
--- a/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst
+++ b/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst
@@ -32,6 +32,10 @@
 
 #DEBHELPER#
 
+if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 11.0.3-26; then
+	ln -s /usr/share/pyshared/univention/admin/handlers/computers/base.py /usr/lib/pymodules/python2.7/univention/admin/handlers/computers/base.py
+fi
+
 if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 10.0.29-53; then
 	ln -s /usr/share/pyshared/univention/admin/policy.py /usr/lib/pymodules/python2.7/univention/admin/policy.py
 fi

commit 8f67efe732886844b4a751be8a2d73e3091fff80
Author: Florian Best <best@univention.de>
Date:   Fri Jul 1 00:10:58 2016 +0200

    Bug #41659: unify computers/* code

diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py
new file mode 100644
index 0000000..de2f6e3
--- /dev/null
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py
@@ -0,0 +1,358 @@
+# -*- coding: utf-8 -*-
+#
+# Univention Admin Modules
+#  admin module for generic computer objects
+#
+# Copyright 2016 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# <http://www.gnu.org/licenses/>.
+
+import time
+from ldap.filter import filter_format
+
+import univention.admin.filter
+import univention.admin.handlers
+import univention.admin.password
+import univention.admin.allocators
+import univention.admin.localization
+import univention.admin.uldap
+import univention.admin.nagios as nagios
+import univention.admin.handlers.groups.group
+
+translation=univention.admin.localization.translation('univention.admin.handlers.computers')
+_=translation.translate
+
+
+class computerBase(univention.admin.handlers.simpleComputer, nagios.Support):
+	CONFIG_NAME = None
+	SERVER_ROLE = None
+	SERVER_TYPE = None
+	SAMBA_ACCOUNT_FLAG = None
+	DEFAULT_OCS = []
+	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
+		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
+		nagios.Support.__init__(self)
+
+	def open(self):
+		univention.admin.handlers.simpleComputer.open( self )
+		self.nagios_open()
+
+		if self.exists():
+			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
+				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
+				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
+				if primaryGroupNumber:
+					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
+					if primaryGroupResult:
+						self['primaryGroup']=primaryGroupResult[0]
+						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
+					else:
+						self['primaryGroup']=None
+						self.save()
+						raise univention.admin.uexceptions.primaryGroup
+				else:
+					self['primaryGroup']=None
+					self.save()
+					raise univention.admin.uexceptions.primaryGroup
+			if 'samba' in self.options:
+				sid = self.oldattr.get('sambaSID', [''])[0]
+				pos = sid.rfind('-')
+				self.info['sambaRID'] = sid[pos+1:]
+
+		self.modifypassword=0
+		if self.exists():
+			userPassword=self.oldattr.get('userPassword',[''])[0]
+			if userPassword:
+				self.info['password']=userPassword
+				self.modifypassword=0
+			self.save()
+		else:
+			self.modifypassword=0
+			if 'posix' in self.options:
+				res=univention.admin.config.getDefaultValue(self.lo, self.CONFIG_NAME, position=self.position)
+				if res:
+					self['primaryGroup']=res
+
+	def _ldap_pre_create(self):
+		super(object, self)._ldap_pre_create()
+		if not self['password']:
+			self['password']=self.oldattr.get('password',[''])[0]
+			self.modifypassword=0
+
+	def _ldap_addlist(self):
+		self.check_required_options()
+		ocs=list(self.DEFAULT_OCS)
+		al=[]
+		if 'kerberos' in self.options:
+			domain=univention.admin.uldap.domain(self.lo, self.position)
+			realm=domain.getKerberosRealm()
+
+			if realm:
+				al.append(('krb5MaxLife', '86400'))
+				al.append(('krb5MaxRenew', '604800'))
+				al.append(('krb5KDCFlags', '126'))
+				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
+				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
+			else:
+				# can't do kerberos
+				self._remove_option( 'kerberos' )
+		if 'posix' in self.options:
+			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
+			self.alloc.append(('uidNumber',self.uidNum))
+			gidNum = self.get_gid_for_primary_group()
+			al.append(('uidNumber', [self.uidNum]))
+			al.append(('gidNumber', [gidNum]))
+
+		if self.modifypassword or self['password']:
+			if 'kerberos' in self.options:
+				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
+				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
+			if 'posix' in self.options:
+				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
+				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
+			if 'samba' in self.options:
+				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
+				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
+				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
+				sambaPwdLastSetValue = str(long(time.time()))
+				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
+			self.modifypassword=0
+		if 'samba' in self.options:
+			acctFlags=univention.admin.samba.acctFlags(flags={self.SAMBA_ACCOUNT_FLAG:1})
+			if self.s4connector_present:
+				# In this case Samba 4 must create the SID, the s4 connector will sync the
+				# new sambaSID back from Samba 4.
+				self.machineSid='S-1-4-%s' % self.uidNum
+			else:
+				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
+				self.alloc.append(('sid',self.machineSid))
+			al.append(('sambaSID', [self.machineSid]))
+			al.append(('sambaAcctFlags', [acctFlags.decode()]))
+			al.append(('displayName', self.info['name']))
+
+		al.insert(0, ('objectClass', ocs))
+		if self.SERVER_ROLE:
+			al.append(('univentionServerRole', '', self.SERVER_ROLE))
+		return al
+
+	def check_required_options(self):
+		pass
+
+	def _ldap_post_create(self):
+		if 'posix' in self.options:
+			if hasattr(self, 'uid') and self.uid:
+				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
+			univention.admin.handlers.simpleComputer.primary_group( self )
+			univention.admin.handlers.simpleComputer.update_groups( self )
+		univention.admin.handlers.simpleComputer._ldap_post_create( self )
+		self.nagios_ldap_post_create()
+
+	def _ldap_pre_remove(self):
+		self.open()
+		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
+			self.uidNum=self.oldattr['uidNumber'][0]
+
+	def _ldap_post_remove(self):
+		if 'posix' in self.options:
+			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
+		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
+		if groupObjects:
+			for i in range(0, len(groupObjects)):
+				groupObjects[i].open()
+				if self.dn in groupObjects[i]['users']:
+					groupObjects[i]['users'].remove(self.dn)
+					groupObjects[i].modify(ignore_license=1)
+
+		self.nagios_ldap_post_remove()
+		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
+		# Need to clean up oldinfo. If remove was invoked, because the
+		# creation of the object has failed, the next try will result in
+		# a 'object class violation' (Bug #19343)
+		self.oldinfo = {}
+
+	def krb5_principal(self):
+		domain=univention.admin.uldap.domain(self.lo, self.position)
+		realm=domain.getKerberosRealm()
+		if self.info.has_key('domain') and self.info['domain']:
+			kerberos_domain=self.info['domain']
+		else:
+			kerberos_domain=domain.getKerberosRealm()
+		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
+
+	def _ldap_post_modify(self):
+		univention.admin.handlers.simpleComputer.primary_group( self )
+		univention.admin.handlers.simpleComputer.update_groups( self )
+		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
+		self.nagios_ldap_post_modify()
+
+	def _ldap_pre_modify(self):
+		if self.hasChanged('password'):
+			if not self['password']:
+				self['password']=self.oldattr.get('password',[''])[0]
+				self.modifypassword=0
+			elif not self.info['password']:
+				self['password']=self.oldattr.get('password',[''])[0]
+				self.modifypassword=0
+			else:
+				self.modifypassword=1
+		self.nagios_ldap_pre_modify()
+		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
+
+
+	def _ldap_modlist(self):
+		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
+
+		self.nagios_ldap_modlist(ml)
+
+		if self.hasChanged('name'):
+			if 'posix' in self.options:
+				if hasattr(self, 'uidNum'):
+					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
+				requested_uid="%s$" % self['name']
+				try:
+					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
+				except Exception:
+					self.cancel()
+					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
+
+				self.alloc.append(('uid',self.uid))
+
+				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
+
+			if 'samba' in self.options:
+				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
+
+			if 'kerberos' in self.options:
+				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
+
+		if self.modifypassword and self['password']:
+			if 'kerberos' in self.options:
+				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
+				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
+				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
+				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
+			if 'posix' in self.options:
+				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
+				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
+			if 'samba' in self.options:
+				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
+				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
+				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
+				sambaPwdLastSetValue = str(long(time.time()))
+				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
+
+		# add samba option
+		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
+			acctFlags=univention.admin.samba.acctFlags(flags={self.SAMBA_ACCOUNT_FLAG:1})
+			if self.s4connector_present:
+				# In this case Samba 4 must create the SID, the s4 connector will sync the
+				# new sambaSID back from Samba 4.
+				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
+			else:
+				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
+				self.alloc.append(('sid',self.machineSid))
+			ml.append(('sambaSID', '', [self.machineSid]))
+			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
+			ml.append(('displayName', '', self.info['name']))
+			sambaPwdLastSetValue = str(long(time.time()))
+			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
+		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
+			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
+				if self.oldattr.get(key, []):
+					ml.insert(0, (key, self.oldattr.get(key, []), ''))
+
+		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
+			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
+			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
+
+		return ml
+
+	def cleanup(self):
+		self.open()
+		self.nagios_cleanup()
+		univention.admin.handlers.simpleComputer.cleanup( self )
+
+	def cancel(self):
+		for i,j in self.alloc:
+			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
+			univention.admin.allocators.release(self.lo, self.position, i, j)
+
+	def link(self):
+		result = []
+		if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]:
+			result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ],
+						'ipaddr': self['ip'][ 0 ],
+						}]
+		if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0:
+			zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0]
+			if not result:
+				result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }]
+			result[0]['fqdn'] = '%s.%s' % (self['name'], zone)
+		if result:
+			result[0]['name'] = _('Open Univention Management Console on this computer')
+			return result
+		return None
+
+	@classmethod
+	def rewrite(cls, filter, mapping):
+		if filter.variable == 'ip':
+			filter.variable='aRecord'
+		else:
+			univention.admin.mapping.mapRewrite(filter, cls.mapping)
+
+	@classmethod
+	def lookup_filter(cls, filter_s=None, lo=None):
+		filter_s = univention.admin.filter.replace_fqdn_filter( filter_s )
+		if str(filter_s).find('(dnsAlias=') != -1:
+			filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)
+			if filter_s:
+				return cls.lookup_filter(filter_s, lo)
+			else:
+				return None
+		lookup_filter_obj = univention.admin.filter.conjunction('&', [x for x in [
+				univention.admin.filter.expression('objectClass', 'univentionHost'),
+				univention.admin.filter.expression('objectClass', cls.SERVER_TYPE),
+				None if not cls.SERVER_ROLE else univention.admin.filter.expression('univentionServerRole', cls.SERVER_ROLE),
+			] if x is not None])
+
+		# ATTENTION: has its own rewrite function.
+		lookup_filter_obj.append_unmapped_filter_string(filter_s, cls.rewrite, cls.mapping)
+		return lookup_filter_obj
+
+	@classmethod
+	def lookup(cls, co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
+
+		filter=cls.lookup_filter(filter_s, lo)
+		if filter is None:
+			return []
+		res=[]
+		for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
+			res.append( cls( co, lo, None, dn, attributes = attrs ) )
+		return res
+
+	@classmethod
+	def identify(cls, dn, attr, canonical=0):
+		return 'univentionHost' in attr.get('objectClass', []) and cls.SERVER_TYPE in attr.get('objectClass', []) and (True if not cls.SERVER_ROLE else cls.SERVER_ROLE in attr.get('univentionServerRole', []))
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py
index dc4c1b0..640796b 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 #
 # Univention Admin Modules
-#  admin module for the DC Backup hosts 
+#  admin module for the DC Backup hosts
 #
 # Copyright 2004-2016 Univention GmbH
 #
@@ -30,21 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-from ldap.filter import filter_format
-
 from univention.admin.layout import Tab, Group
 import univention.admin.filter
 import univention.admin.handlers
-import univention.admin.password
-import univention.admin.allocators
 import univention.admin.localization
-import univention.admin.uldap
 import univention.admin.nagios as nagios
-import univention.admin.handlers.dns.forward_zone
-import univention.admin.handlers.dns.reverse_zone
-import univention.admin.handlers.groups.group
-import univention.admin.handlers.networks.network
-import time
+from univention.admin.handlers.computers.base import computerBase
 
 translation=univention.admin.localization.translation('univention.admin.handlers.computers')
 _=translation.translate
@@ -402,304 +393,16 @@
 nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout)
 
 
-class object(univention.admin.handlers.simpleComputer, nagios.Support):
+class object(computerBase):
 	module=module
-
-	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
-		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
-		nagios.Support.__init__(self)
-
-	def open(self):
-		univention.admin.handlers.simpleComputer.open( self )
-		self.nagios_open()
-
-		self.modifypassword=0
-		if self.exists():
-			userPassword=self.oldattr.get('userPassword',[''])[0]
-			if userPassword:
-				self.info['password']=userPassword
-				self.modifypassword=0
-		if self.exists():
-
-			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
-				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
-				if primaryGroupNumber:
-					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
-					if primaryGroupResult:
-						self['primaryGroup']=primaryGroupResult[0]
-						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
-					else:
-						self['primaryGroup']=None
-						self.save()
-						raise univention.admin.uexceptions.primaryGroup
-				else:
-					self['primaryGroup']=None
-					self.save()
-					raise univention.admin.uexceptions.primaryGroup
-			if 'samba' in self.options:
-				sid = self.oldattr.get('sambaSID', [''])[0]
-				pos = sid.rfind('-')
-				self.info['sambaRID'] = sid[pos+1:]
-
-			self.save()
-		else:
-			self.modifypassword=0
-			if 'posix' in self.options:
-				res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position)
-				if res:
-					self['primaryGroup']=res
-
-	def _ldap_pre_create(self):
-		super(object, self)._ldap_pre_create()
-		if not self['password']:
-			self['password']=self.oldattr.get('password',[''])[0]
-			self.modifypassword=0
-
-	def _ldap_addlist(self):
-		ocs=['top', 'person', 'univentionHost', 'univentionDomainController']
-		al=[]
-		if 'kerberos' in self.options:
-			domain=univention.admin.uldap.domain(self.lo, self.position)
-			realm=domain.getKerberosRealm()
-
-			if realm:
-				al.append(('krb5MaxLife', '86400'))
-				al.append(('krb5MaxRenew', '604800'))
-				al.append(('krb5KDCFlags', '126'))
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			else:
-				# can't do kerberos
-				self._remove_option( 'kerberos' )
-		if 'posix' in self.options:
-			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
-			self.alloc.append(('uidNumber',self.uidNum))
-			gidNum = self.get_gid_for_primary_group()
-			al.append(('uidNumber', [self.uidNum]))
-			al.append(('gidNumber', [gidNum]))
-
-		if self.modifypassword or self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-			self.modifypassword=0
-		if 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'S':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.uidNum
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			al.append(('sambaSID', [self.machineSid]))
-			al.append(('sambaAcctFlags', [acctFlags.decode()]))
-			al.append(('displayName', self.info['name']))
-
-		al.insert(0, ('objectClass', ocs))
-		al.append(('univentionServerRole', '', 'backup'))
-		return al
-
-	def _ldap_post_create(self):
-		if 'posix' in self.options:
-			if hasattr(self, 'uid') and self.uid:
-				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
-			univention.admin.handlers.simpleComputer.primary_group( self )
-			univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_create( self )
-		self.nagios_ldap_post_create()
-
-	def _ldap_pre_remove(self):
-		self.open()
-		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
-			self.uidNum=self.oldattr['uidNumber'][0]
-
-	def _ldap_post_remove(self):
-		if 'posix' in self.options:
-			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
-		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
-		if groupObjects:
-			for i in range(0, len(groupObjects)):
-				groupObjects[i].open()
-				if self.dn in groupObjects[i]['users']:
-					groupObjects[i]['users'].remove(self.dn)
-					groupObjects[i].modify(ignore_license=1)
-
-		self.nagios_ldap_post_remove()
-		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
-		# Need to clean up oldinfo. If remove was invoked, because the
-		# creation of the object has failed, the next try will result in
-		# a 'object class violation' (Bug #19343)
-		self.oldinfo = {}
-
-	def krb5_principal(self):
-		domain=univention.admin.uldap.domain(self.lo, self.position)
-		realm=domain.getKerberosRealm()
-		if self.info.has_key('domain') and self.info['domain']:
-			kerberos_domain=self.info['domain']
-		else:
-			kerberos_domain=domain.getKerberosRealm()
-		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
-
-	def _ldap_post_modify(self):
-		univention.admin.handlers.simpleComputer.primary_group( self )
-		univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
-		self.nagios_ldap_post_modify()
-
-	def _ldap_pre_modify(self):
-		if self.hasChanged('password'):
-			if not self['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			elif not self.info['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			else:
-				self.modifypassword=1
-		self.nagios_ldap_pre_modify()
-		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
-
-
-	def _ldap_modlist(self):
-		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
-
-		self.nagios_ldap_modlist(ml)
-
-		if self.hasChanged('name'):
-			if 'posix' in self.options:
-				if hasattr(self, 'uidNum'):
-					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
-				requested_uid="%s$" % self['name']
-				try:
-					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
-				except Exception:
-					self.cancel()
-					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
-					return []
-
-				self.alloc.append(('uid',self.uid))
-
-				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
-
-			if 'samba' in self.options:
-				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
-
-			if 'kerberos' in self.options:
-				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
-
-		if self.modifypassword and self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-
-		# add samba option
-		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'S':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			ml.append(('sambaSID', '', [self.machineSid]))
-			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
-			ml.append(('displayName', '', self.info['name']))
-			sambaPwdLastSetValue = str(long(time.time()))
-			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
-			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
-				if self.oldattr.get(key, []):
-					ml.insert(0, (key, self.oldattr.get(key, []), ''))
-
-		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
-			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
-
-		return ml
-
-	def cleanup(self):
-		self.open()
-		self.nagios_cleanup()
-		univention.admin.handlers.simpleComputer.cleanup( self )
-
-	def cancel(self):
-		for i,j in self.alloc:
-			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
-			univention.admin.allocators.release(self.lo, self.position, i, j)
-
-	def link(self):
-		result = []
-		if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]:
-			result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ],
-						'ipaddr': self['ip'][ 0 ],
-						}]
-		if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0:
-			zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0]
-			if not result:
-				result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }]
-			result[0]['fqdn'] = '%s.%s' % (self['name'], zone)
-		if result:
-			result[0]['name'] = _('Open Univention Management Console on this computer')
-			return result
-		return None
-
-def rewrite(filter, mapping):
-	if filter.variable == 'ip':
-		filter.variable='aRecord'
-	else:
-		univention.admin.mapping.mapRewrite(filter, mapping)
-
-def lookup_filter(filter_s=None, lo=None):
-	filter_s = univention.admin.filter.replace_fqdn_filter( filter_s )
-	if str(filter_s).find('(dnsAlias=') != -1:
-		filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)
-		if filter_s:
-			return lookup_filter(filter_s, lo)
-		else:
-			return None
-	lookup_filter_obj = \
-		univention.admin.filter.conjunction('&', [
-			univention.admin.filter.expression('objectClass', 'univentionHost'),
-			univention.admin.filter.expression('objectClass', 'univentionDomainController'),
-			univention.admin.filter.expression('univentionServerRole', 'backup'),
-		])
-
-	# ATTENTION: has its own rewrite function.
-	lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping)
-	return lookup_filter_obj
-
-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
-
-	filter=lookup_filter(filter_s, lo)
-	if filter is None:
-		return []
-	res=[]
-	for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
-		res.append( object( co, lo, None, dn, attributes = attrs ) )
-	return res
-
-def identify(dn, attr, canonical=0):
-	return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'backup' in attr.get('univentionServerRole', [])
+	mapping = mapping
+	CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup'
+	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController']
+	SAMBA_ACCOUNT_FLAG = 'S'
+	SERVER_TYPE = 'univentionDomainController'
+	SERVER_ROLE = 'backup'
+
+rewrite = object.rewrite
+lookup_filter = object.lookup_filter
+lookup = object.lookup
+identify = object.identify
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py
index 919d410..d6fe011 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py
@@ -30,21 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-from ldap.filter import filter_format
-
 from univention.admin.layout import Tab, Group
 import univention.admin.filter
 import univention.admin.handlers
-import univention.admin.password
-import univention.admin.allocators
 import univention.admin.localization
-import univention.admin.uldap
 import univention.admin.nagios as nagios
-import univention.admin.handlers.dns.forward_zone
-import univention.admin.handlers.dns.reverse_zone
-import univention.admin.handlers.groups.group
-import univention.admin.handlers.networks.network
-import time
+from univention.admin.handlers.computers.base import computerBase
 
 translation=univention.admin.localization.translation('univention.admin.handlers.computers')
 _=translation.translate
@@ -402,298 +393,16 @@
 nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout)
 
 
-class object(univention.admin.handlers.simpleComputer, nagios.Support):
+class object(computerBase):
 	module=module
-
-	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
-		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
-		nagios.Support.__init__(self)
-
-	def open(self):
-		univention.admin.handlers.simpleComputer.open( self )
-		self.nagios_open()
-
-		self.modifypassword=0
-		if self.exists():
-			userPassword=self.oldattr.get('userPassword',[''])[0]
-			if userPassword:
-				self.info['password']=userPassword
-				self.modifypassword=0
-		if self.exists():
-
-			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
-				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
-				if primaryGroupNumber:
-					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
-					if primaryGroupResult:
-						self['primaryGroup']=primaryGroupResult[0]
-						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
-					else:
-						self['primaryGroup']=None
-						self.save()
-						raise univention.admin.uexceptions.primaryGroup
-				else:
-					self['primaryGroup']=None
-					self.save()
-					raise univention.admin.uexceptions.primaryGroup
-			if 'samba' in self.options:
-				sid = self.oldattr.get('sambaSID', [''])[0]
-				pos = sid.rfind('-')
-				self.info['sambaRID'] = sid[pos+1:]
-
-			self.save()
-		else:
-			self.modifypassword=0
-			if 'posix' in self.options:
-				res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position)
-				if res:
-					self['primaryGroup']=res
-
-	def _ldap_pre_create(self):
-		super(object, self)._ldap_pre_create()
-		if not self['password']:
-			self['password']=self.oldattr.get('password',[''])[0]
-			self.modifypassword=0
-
-	def _ldap_addlist(self):
-		ocs=['top', 'person', 'univentionHost', 'univentionDomainController']
-		al=[]
-		if 'kerberos' in self.options:
-			al.append(('krb5MaxLife', '86400'))
-			al.append(('krb5MaxRenew', '604800'))
-			al.append(('krb5KDCFlags', '126'))
-			krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-			al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-
-		if 'posix' in self.options:
-			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
-			self.alloc.append(('uidNumber',self.uidNum))
-			gidNum = self.get_gid_for_primary_group()
-			al.append(('uidNumber', [self.uidNum]))
-			al.append(('gidNumber', [gidNum]))
-
-		if self.modifypassword or self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-			self.modifypassword=0
-		if 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'S':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.uidNum
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			al.append(('sambaSID', [self.machineSid]))
-			al.append(('sambaAcctFlags', [acctFlags.decode()]))
-			al.append(('displayName', self.info['name']))
-
-		al.insert(0, ('objectClass', ocs))
-		al.append(('univentionServerRole', '', 'master'))
-		return al
-
-	def _ldap_post_create(self):
-		if 'posix' in self.options:
-			if hasattr(self, 'uid') and self.uid:
-				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
-			univention.admin.handlers.simpleComputer.primary_group( self )
-			univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_create( self )
-		self.nagios_ldap_post_create()
-
-	def _ldap_pre_remove(self):
-		self.open()
-		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
-			self.uidNum=self.oldattr['uidNumber'][0]
-
-	def _ldap_post_remove(self):
-		if 'posix' in self.options:
-			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
-		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
-		if groupObjects:
-			for i in range(0, len(groupObjects)):
-				groupObjects[i].open()
-				if self.dn in groupObjects[i]['users']:
-					groupObjects[i]['users'].remove(self.dn)
-					groupObjects[i].modify(ignore_license=1)
-
-		self.nagios_ldap_post_remove()
-		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
-		# Need to clean up oldinfo. If remove was invoked, because the
-		# creation of the object has failed, the next try will result in
-		# a 'object class violation' (Bug #19343)
-		self.oldinfo = {}
-
-	def krb5_principal(self):
-		domain=univention.admin.uldap.domain(self.lo, self.position)
-		realm=domain.getKerberosRealm()
-		if self.info.has_key('domain') and self.info['domain']:
-			kerberos_domain=self.info['domain']
-		else:
-			kerberos_domain=domain.getKerberosRealm()
-		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
-
-	def _ldap_post_modify(self):
-		univention.admin.handlers.simpleComputer.primary_group( self )
-		univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
-		self.nagios_ldap_post_modify()
-
-	def _ldap_pre_modify(self):
-		if self.hasChanged('password'):
-			if not self['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			elif not self.info['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			else:
-				self.modifypassword=1
-		self.nagios_ldap_pre_modify()
-		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
-
-
-	def _ldap_modlist(self):
-		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
-
-		self.nagios_ldap_modlist(ml)
-
-		if self.hasChanged('name'):
-			if 'posix' in self.options:
-				if hasattr(self, 'uidNum'):
-					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
-				requested_uid="%s$" % self['name']
-				try:
-					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
-				except Exception:
-					self.cancel()
-					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
-					return []
-
-				self.alloc.append(('uid',self.uid))
-
-				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
-
-			if 'samba' in self.options:
-				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
-
-			if 'kerberos' in self.options:
-				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
-
-		if self.modifypassword and self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-
-		# add samba option
-		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'S':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			ml.append(('sambaSID', '', [self.machineSid]))
-			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
-			ml.append(('displayName', '', self.info['name']))
-			sambaPwdLastSetValue = str(long(time.time()))
-			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
-			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
-				if self.oldattr.get(key, []):
-					ml.insert(0, (key, self.oldattr.get(key, []), ''))
-
-		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
-			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
-
-		return ml
-
-	def cleanup(self):
-		self.open()
-		self.nagios_cleanup()
-		univention.admin.handlers.simpleComputer.cleanup( self )
-
-	def cancel(self):
-		for i,j in self.alloc:
-			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
-			univention.admin.allocators.release(self.lo, self.position, i, j)
-
-	def link(self):
-		result = []
-		if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]:
-			result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ],
-						'ipaddr': self['ip'][ 0 ],
-						}]
-		if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0:
-			zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0]
-			if not result:
-				result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }]
-			result[0]['fqdn'] = '%s.%s' % (self['name'], zone)
-		if result:
-			result[0]['name'] = _('Open Univention Management Console on this computer')
-			return result
-		return None
-
-def rewrite(filter, mapping):
-	if filter.variable == 'ip':
-		filter.variable='aRecord'
-	else:
-		univention.admin.mapping.mapRewrite(filter, mapping)
-
-def lookup_filter(filter_s=None, lo=None):
-	filter_s = univention.admin.filter.replace_fqdn_filter( filter_s )
-	if str(filter_s).find('(dnsAlias=') != -1:
-		filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)
-		if filter_s:
-			return lookup_filter(filter_s, lo)
-		else:
-			return None
-	lookup_filter_obj = \
-		univention.admin.filter.conjunction('&', [
-			univention.admin.filter.expression('objectClass', 'univentionHost'),
-			univention.admin.filter.expression('objectClass', 'univentionDomainController'),
-			univention.admin.filter.expression('univentionServerRole', 'master'),
-		])
-
-	# ATTENTION: has its own rewrite function.
-	lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping)
-	return lookup_filter_obj
-
-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
-
-	filter=lookup_filter(filter_s, lo)
-	if filter is None:
-		return []
-	res=[]
-	for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
-		res.append( object( co, lo, None, dn, attributes = attrs ) )
-	return res
-
-def identify(dn, attr, canonical=0):
-	return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'master' in attr.get('univentionServerRole', [])
+	mapping = mapping
+	CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup'
+	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController']
+	SAMBA_ACCOUNT_FLAG = 'S'
+	SERVER_TYPE = 'univentionDomainController'
+	SERVER_ROLE = 'master'
+
+rewrite = object.rewrite
+lookup_filter = object.lookup_filter
+lookup = object.lookup
+identify = object.identify
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py
index 43efc7e..d983362 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py
@@ -30,21 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-from ldap.filter import filter_format
-
 from univention.admin.layout import Tab, Group
 import univention.admin.filter
 import univention.admin.handlers
-import univention.admin.password
-import univention.admin.allocators
 import univention.admin.localization
-import univention.admin.uldap
 import univention.admin.nagios as nagios
-import univention.admin.handlers.dns.forward_zone
-import univention.admin.handlers.dns.reverse_zone
-import univention.admin.handlers.groups.group
-import univention.admin.handlers.networks.network
-import time
+from univention.admin.handlers.computers.base import computerBase
 
 translation=univention.admin.localization.translation('univention.admin.handlers.computers')
 _=translation.translate
@@ -402,304 +393,16 @@
 nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout)
 
 
-class object(univention.admin.handlers.simpleComputer, nagios.Support):
+class object(computerBase):
 	module=module
-
-	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
-		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
-		nagios.Support.__init__(self)
-
-	def open(self):
-		univention.admin.handlers.simpleComputer.open( self )
-		self.nagios_open()
-
-		self.modifypassword=0
-		if self.exists():
-			userPassword=self.oldattr.get('userPassword',[''])[0]
-			if userPassword:
-				self.info['password']=userPassword
-				self.modifypassword=0
-		if self.exists():
-
-			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
-				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
-				if primaryGroupNumber:
-					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
-					if primaryGroupResult:
-						self['primaryGroup']=primaryGroupResult[0]
-						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
-					else:
-						self['primaryGroup']=None
-						self.save()
-						raise univention.admin.uexceptions.primaryGroup
-				else:
-					self['primaryGroup']=None
-					self.save()
-					raise univention.admin.uexceptions.primaryGroup
-			if 'samba' in self.options:
-				sid = self.oldattr.get('sambaSID', [''])[0]
-				pos = sid.rfind('-')
-				self.info['sambaRID'] = sid[pos+1:]
-
-			self.save()
-		else:
-			self.modifypassword=0
-			if 'posix' in self.options:
-				res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerGroup', position=self.position)
-				if res:
-					self['primaryGroup']=res
-
-	def _ldap_pre_create(self):
-		super(object, self)._ldap_pre_create()
-		if not self['password']:
-			self['password']=self.oldattr.get('password',[''])[0]
-			self.modifypassword=0
-
-	def _ldap_addlist(self):
-		ocs=['top', 'person', 'univentionHost', 'univentionDomainController']
-		al=[]
-		if 'kerberos' in self.options:
-			domain=univention.admin.uldap.domain(self.lo, self.position)
-			realm=domain.getKerberosRealm()
-
-			if realm:
-				al.append(('krb5MaxLife', '86400'))
-				al.append(('krb5MaxRenew', '604800'))
-				al.append(('krb5KDCFlags', '126'))
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			else:
-				# can't do kerberos
-				self._remove_option( 'kerberos' )
-		if 'posix' in self.options:
-			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
-			self.alloc.append(('uidNumber',self.uidNum))
-			gidNum = self.get_gid_for_primary_group()
-			al.append(('uidNumber', [self.uidNum]))
-			al.append(('gidNumber', [gidNum]))
-
-		if self.modifypassword or self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-			self.modifypassword=0
-		if 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'S':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.uidNum
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			al.append(('sambaSID', [self.machineSid]))
-			al.append(('sambaAcctFlags', [acctFlags.decode()]))
-			al.append(('displayName', self.info['name']))
-
-		al.insert(0, ('objectClass', ocs))
-		al.append(('univentionServerRole', '', 'slave'))
-		return al
-
-	def _ldap_post_create(self):
-		if 'posix' in self.options:
-			if hasattr(self, 'uid') and self.uid:
-				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
-			univention.admin.handlers.simpleComputer.primary_group( self )
-			univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_create( self )
-		self.nagios_ldap_post_create()
-
-	def _ldap_pre_remove(self):
-		self.open()
-		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
-			self.uidNum=self.oldattr['uidNumber'][0]
-
-	def _ldap_post_remove(self):
-		if 'posix' in self.options:
-			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
-		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
-		if groupObjects:
-			for i in range(0, len(groupObjects)):
-				groupObjects[i].open()
-				if self.dn in groupObjects[i]['users']:
-					groupObjects[i]['users'].remove(self.dn)
-					groupObjects[i].modify(ignore_license=1)
-
-		self.nagios_ldap_post_remove()
-		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
-		# Need to clean up oldinfo. If remove was invoked, because the
-		# creation of the object has failed, the next try will result in
-		# a 'object class violation' (Bug #19343)
-		self.oldinfo = {}
-
-	def krb5_principal(self):
-		domain=univention.admin.uldap.domain(self.lo, self.position)
-		realm=domain.getKerberosRealm()
-		if self.info.has_key('domain') and self.info['domain']:
-			kerberos_domain=self.info['domain']
-		else:
-			kerberos_domain=domain.getKerberosRealm()
-		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
-
-	def _ldap_post_modify(self):
-		univention.admin.handlers.simpleComputer.primary_group( self )
-		univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
-		self.nagios_ldap_post_modify()
-
-	def _ldap_pre_modify(self):
-		if self.hasChanged('password'):
-			if not self['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			elif not self.info['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			else:
-				self.modifypassword=1
-		self.nagios_ldap_pre_modify()
-		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
-
-
-	def _ldap_modlist(self):
-		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
-
-		self.nagios_ldap_modlist(ml)
-
-		if self.hasChanged('name'):
-			if 'posix' in self.options:
-				if hasattr(self, 'uidNum'):
-					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
-				requested_uid="%s$" % self['name']
-				try:
-					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
-				except Exception:
-					self.cancel()
-					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
-					return []
-
-				self.alloc.append(('uid',self.uid))
-
-				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
-
-			if 'samba' in self.options:
-				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
-
-			if 'kerberos' in self.options:
-				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
-
-		if self.modifypassword and self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-
-		# add samba option
-		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'S':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			ml.append(('sambaSID', '', [self.machineSid]))
-			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
-			ml.append(('displayName', '', self.info['name']))
-			sambaPwdLastSetValue = str(long(time.time()))
-			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
-			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
-				if self.oldattr.get(key, []):
-					ml.insert(0, (key, self.oldattr.get(key, []), ''))
-
-		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
-			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
-
-		return ml
-
-	def cleanup(self):
-		self.open()
-		self.nagios_cleanup()
-		univention.admin.handlers.simpleComputer.cleanup( self )
-
-	def cancel(self):
-		for i,j in self.alloc:
-			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
-			univention.admin.allocators.release(self.lo, self.position, i, j)
-
-	def link(self):
-		result = []
-		if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]:
-			result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ],
-						'ipaddr': self['ip'][ 0 ],
-						}]
-		if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0:
-			zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0]
-			if not result:
-				result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }]
-			result[0]['fqdn'] = '%s.%s' % (self['name'], zone)
-		if result:
-			result[0]['name'] = _('Open Univention Management Console on this computer')
-			return result
-		return None
-
-def rewrite(filter, mapping):
-	if filter.variable == 'ip':
-		filter.variable='aRecord'
-	else:
-		univention.admin.mapping.mapRewrite(filter, mapping)
-
-def lookup_filter(filter_s=None, lo=None):
-	filter_s = univention.admin.filter.replace_fqdn_filter( filter_s )
-	if str(filter_s).find('(dnsAlias=') != -1:
-		filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)
-		if filter_s:
-			return lookup_filter(filter_s, lo)
-		else:
-			return None
-	lookup_filter_obj = \
-		univention.admin.filter.conjunction('&', [
-			univention.admin.filter.expression('objectClass', 'univentionHost'),
-			univention.admin.filter.expression('objectClass', 'univentionDomainController'),
-			univention.admin.filter.expression('univentionServerRole', 'slave'),
-		])
-
-	# ATTENTION: has its own rewrite function.
-	lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping)
-	return lookup_filter_obj
-
-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
-
-	filter=lookup_filter(filter_s, lo)
-	if filter is None:
-		return []
-	res=[]
-	for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
-		res.append( object( co, lo, None, dn, attributes = attrs ) )
-	return res
-
-def identify(dn, attr, canonical=0):
-	return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'slave' in attr.get('univentionServerRole', [])
+	mapping = mapping
+	CONFIG_NAME = 'univentionDefaultDomainControllerGroup'
+	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController']
+	SAMBA_ACCOUNT_FLAG = 'S'
+	SERVER_TYPE = 'univentionDomainController'
+	SERVER_ROLE = 'slave'
+
+rewrite = object.rewrite
+lookup_filter = object.lookup_filter
+lookup = object.lookup
+identify = object.identify
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py
index a4d4951..5490cd7 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py
@@ -30,21 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-from ldap.filter import filter_format
-
 from univention.admin.layout import Tab, Group
 import univention.admin.filter
 import univention.admin.handlers
-import univention.admin.password
-import univention.admin.allocators
 import univention.admin.localization
-import univention.admin.uldap
 import univention.admin.nagios as nagios
-import univention.admin.handlers.dns.forward_zone
-import univention.admin.handlers.dns.reverse_zone
-import univention.admin.handlers.groups.group
-import univention.admin.handlers.networks.network
-import time
+from univention.admin.handlers.computers.base import computerBase
 
 translation=univention.admin.localization.translation('univention.admin.handlers.computers')
 _=translation.translate
@@ -341,263 +332,21 @@
 nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout)
 
 
-class object(univention.admin.handlers.simpleComputer, nagios.Support):
+class object(computerBase):
 	module=module
+	mapping = mapping
+	CONFIG_NAME = 'univentionDefaultClientGroup'
+	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionLinuxClient']
+	SAMBA_ACCOUNT_FLAG = 'W'
+	SERVER_TYPE = 'univentionLinuxClient'
 
-	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
-		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
-		nagios.Support.__init__(self)
-
-	def open(self):
-		univention.admin.handlers.simpleComputer.open( self )
-		self.nagios_open()
-
-		self.modifypassword=0
-		if self.exists():
-			userPassword=self.oldattr.get('userPassword',[''])[0]
-			if userPassword:
-				self.info['password']=userPassword
-				self.modifypassword=0
-		if self.exists():
-
-			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
-				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
-				if primaryGroupNumber:
-					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
-					if primaryGroupResult:
-						self['primaryGroup']=primaryGroupResult[0]
-						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
-					else:
-						self['primaryGroup']=None
-						self.save()
-						raise univention.admin.uexceptions.primaryGroup
-				else:
-					self['primaryGroup']=None
-					self.save()
-					raise univention.admin.uexceptions.primaryGroup
-			if 'samba' in self.options:
-				sid = self.oldattr.get('sambaSID', [''])[0]
-				pos = sid.rfind('-')
-				self.info['sambaRID'] = sid[pos+1:]
-
-			self.save()
-		else:
-			self.modifypassword=0
-			if 'posix' in self.options:
-				res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position)
-				if res:
-					self['primaryGroup']=res
-
-	def _ldap_pre_create(self):
-		super(object, self)._ldap_pre_create()
-		if not self['password']:
-			self['password']=self.oldattr.get('password',[''])[0]
-			self.modifypassword=0
-
-	def _ldap_addlist(self):
+	def check_required_options(self):
 		if not set(self.options) & set(['posix', 'kerberos']):
 			raise univention.admin.uexceptions.invalidOptions(_(' At least posix or kerberos is required.'))
+del object.link
 
-		ocs=['top', 'person', 'univentionHost', 'univentionLinuxClient']
-		al=[]
-		if 'kerberos' in self.options:
-			domain=univention.admin.uldap.domain(self.lo, self.position)
-			realm=domain.getKerberosRealm()
-
-			if realm:
-				al.append(('krb5MaxLife', '86400'))
-				al.append(('krb5MaxRenew', '604800'))
-				al.append(('krb5KDCFlags', '126'))
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			else:
-				# can't do kerberos
-				self._remove_option( 'kerberos' )
-		if 'posix' in self.options:
-			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
-			self.alloc.append(('uidNumber',self.uidNum))
-			gidNum = self.get_gid_for_primary_group()
-			al.append(('uidNumber', [self.uidNum]))
-			al.append(('gidNumber', [gidNum]))
-
-		if self.modifypassword or self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-			self.modifypassword=0
-		if 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.uidNum
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			al.append(('sambaSID', [self.machineSid]))
-			al.append(('sambaAcctFlags', [acctFlags.decode()]))
-			al.append(('displayName', self.info['name']))
-
-		al.insert(0, ('objectClass', ocs))
-
-		return al
-
-	def _ldap_post_create(self):
-		if 'posix' in self.options:
-			if hasattr(self, 'uid') and self.uid:
-				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
-			univention.admin.handlers.simpleComputer.primary_group( self )
-			univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_create( self )
-		self.nagios_ldap_post_create()
-
-	def _ldap_pre_remove(self):
-		self.open()
-		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
-			self.uidNum=self.oldattr['uidNumber'][0]
-
-	def _ldap_post_remove(self):
-		if 'posix' in self.options:
-			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
-		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
-		if groupObjects:
-			for i in range(0, len(groupObjects)):
-				groupObjects[i].open()
-				if self.dn in groupObjects[i]['users']:
-					groupObjects[i]['users'].remove(self.dn)
-					groupObjects[i].modify(ignore_license=1)
-
-		self.nagios_ldap_post_remove()
-		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
-		# Need to clean up oldinfo. If remove was invoked, because the
-		# creation of the object has failed, the next try will result in
-		# a 'object class violation' (Bug #19343)
-		self.oldinfo = {}
-
-	def krb5_principal(self):
-		domain=univention.admin.uldap.domain(self.lo, self.position)
-		realm=domain.getKerberosRealm()
-		if self.info.has_key('domain') and self.info['domain']:
-			kerberos_domain=self.info['domain']
-		else:
-			kerberos_domain=domain.getKerberosRealm()
-		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
-
-	def _ldap_post_modify(self):
-		univention.admin.handlers.simpleComputer.primary_group( self )
-		univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
-		self.nagios_ldap_post_modify()
+rewrite = object.rewrite
 
-	def _ldap_pre_modify(self):
-		if self.hasChanged('password'):
-			if not self['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			elif not self.info['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			else:
-				self.modifypassword=1
-		self.nagios_ldap_pre_modify()
-		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
-
-
-	def _ldap_modlist(self):
-		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
-
-		self.nagios_ldap_modlist(ml)
-
-		if self.hasChanged('name'):
-			if 'posix' in self.options:
-				if hasattr(self, 'uidNum'):
-					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
-				requested_uid="%s$" % self['name']
-				try:
-					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
-				except Exception:
-					self.cancel()
-					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
-					return []
-
-				self.alloc.append(('uid',self.uid))
-
-				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
-
-			if 'samba' in self.options:
-				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
-
-			if 'kerberos' in self.options:
-				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
-
-		if self.modifypassword and self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-
-		# add samba option
-		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			ml.append(('sambaSID', '', [self.machineSid]))
-			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
-			ml.append(('displayName', '', self.info['name']))
-			sambaPwdLastSetValue = str(long(time.time()))
-			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
-			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
-				if self.oldattr.get(key, []):
-					ml.insert(0, (key, self.oldattr.get(key, []), ''))
-
-		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
-			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
-
-		return ml
-
-	def cleanup(self):
-		self.open()
-		self.nagios_cleanup()
-		univention.admin.handlers.simpleComputer.cleanup( self )
-
-	def cancel(self):
-		for i,j in self.alloc:
-			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
-			univention.admin.allocators.release(self.lo, self.position, i, j)
-
-
-def rewrite(filter, mapping):
-	if filter.variable == 'ip':
-		filter.variable='aRecord'
-	else:
-		univention.admin.mapping.mapRewrite(filter, mapping)
 
 def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
 
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py
index 328758c..c98ae5d 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py
@@ -30,21 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-from ldap.filter import filter_format
-
 from univention.admin.layout import Tab, Group
 import univention.admin.filter
 import univention.admin.handlers
-import univention.admin.password
-import univention.admin.allocators
 import univention.admin.localization
-import univention.admin.uldap
 import univention.admin.nagios as nagios
-import univention.admin.handlers.dns.forward_zone
-import univention.admin.handlers.dns.reverse_zone
-import univention.admin.handlers.groups.group
-import univention.admin.handlers.networks.network
-import time
+from univention.admin.handlers.computers.base import computerBase
 
 translation=univention.admin.localization.translation('univention.admin.handlers.computers')
 _=translation.translate
@@ -329,272 +320,30 @@
 mapping=univention.admin.mapping.mapping()
 mapping.register('name', 'cn', None, univention.admin.mapping.ListToString)
 mapping.register('description', 'description', None, univention.admin.mapping.ListToString)
-mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString)
-mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString)
 mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString)
 mapping.register('inventoryNumber', 'univentionInventoryNumber')
 mapping.register('mac', 'macAddress' )
 mapping.register('network', 'univentionNetworkLink', None, univention.admin.mapping.ListToString)
 mapping.register('unixhome', 'homeDirectory', None, univention.admin.mapping.ListToString)
 mapping.register('shell', 'loginShell', None, univention.admin.mapping.ListToString)
+mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString)
+mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString)
 
 # add Nagios extension
 nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout)
 
 
-class object(univention.admin.handlers.simpleComputer, nagios.Support):
+class object(computerBase):
 	module=module
+	mapping = mapping
+	CONFIG_NAME = 'univentionDefaultClientGroup'
+	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionMacOSClient']
+	SAMBA_ACCOUNT_FLAG = 'W'
+	SERVER_TYPE = 'univentionMacOSClient'
+del object.link
 
-	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
-		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
-		nagios.Support.__init__(self)
-
-	def open(self):
-		univention.admin.handlers.simpleComputer.open( self )
-		self.nagios_open()
-
-		self.modifypassword=0
-		if self.exists():
-			userPassword=self.oldattr.get('userPassword',[''])[0]
-			if userPassword:
-				self.info['password']=userPassword
-				self.modifypassword=0
-		if self.exists():
-
-			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
-				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
-				if primaryGroupNumber:
-					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
-					if primaryGroupResult:
-						self['primaryGroup']=primaryGroupResult[0]
-						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
-					else:
-						self['primaryGroup']=None
-						self.save()
-						raise univention.admin.uexceptions.primaryGroup
-				else:
-					self['primaryGroup']=None
-					self.save()
-					raise univention.admin.uexceptions.primaryGroup
-			if 'samba' in self.options:
-				sid = self.oldattr.get('sambaSID', [''])[0]
-				pos = sid.rfind('-')
-				self.info['sambaRID'] = sid[pos+1:]
-
-			self.save()
-		else:
-			self.modifypassword=0
-			if 'posix' in self.options:
-				res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position)
-				if res:
-					self['primaryGroup']=res
-
-	def _ldap_pre_create(self):
-		super(object, self)._ldap_pre_create()
-		if not self['password']:
-			self['password']=self.oldattr.get('password',[''])[0]
-			self.modifypassword=0
-
-	def _ldap_addlist(self):
-		ocs=['top', 'person', 'univentionHost', 'univentionMacOSClient']
-		al=[]
-		if 'kerberos' in self.options:
-			domain=univention.admin.uldap.domain(self.lo, self.position)
-			realm=domain.getKerberosRealm()
-
-			if realm:
-				al.append(('krb5MaxLife', '86400'))
-				al.append(('krb5MaxRenew', '604800'))
-				al.append(('krb5KDCFlags', '126'))
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			else:
-				# can't do kerberos
-				self._remove_option( 'kerberos' )
-		if 'posix' in self.options:
-			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
-			self.alloc.append(('uidNumber',self.uidNum))
-			gidNum = self.get_gid_for_primary_group()
-			al.append(('uidNumber', [self.uidNum]))
-			al.append(('gidNumber', [gidNum]))
-
-		if self.modifypassword or self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-			self.modifypassword=0
-		if 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.uidNum
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			al.append(('sambaSID', [self.machineSid]))
-			al.append(('sambaAcctFlags', [acctFlags.decode()]))
-			al.append(('displayName', self.info['name']))
-
-		al.insert(0, ('objectClass', ocs))
-
-		return al
-
-	def _ldap_post_create(self):
-		if 'posix' in self.options:
-			if hasattr(self, 'uid') and self.uid:
-				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
-			univention.admin.handlers.simpleComputer.primary_group( self )
-			univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_create( self )
-		self.nagios_ldap_post_create()
-
-	def _ldap_pre_remove(self):
-		self.open()
-		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
-			self.uidNum=self.oldattr['uidNumber'][0]
-
-	def _ldap_post_remove(self):
-		if 'posix' in self.options:
-			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
-		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
-		if groupObjects:
-			for i in range(0, len(groupObjects)):
-				groupObjects[i].open()
-				if self.dn in groupObjects[i]['users']:
-					groupObjects[i]['users'].remove(self.dn)
-					groupObjects[i].modify(ignore_license=1)
-
-		self.nagios_ldap_post_remove()
-		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
-		# Need to clean up oldinfo. If remove was invoked, because the
-		# creation of the object has failed, the next try will result in
-		# a 'object class violation' (Bug #19343)
-		self.oldinfo = {}
-
-	def krb5_principal(self):
-		domain=univention.admin.uldap.domain(self.lo, self.position)
-		realm=domain.getKerberosRealm()
-		if self.info.has_key('domain') and self.info['domain']:
-			kerberos_domain=self.info['domain']
-		else:
-			kerberos_domain=domain.getKerberosRealm()
-		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
-
-	def _ldap_post_modify(self):
-		univention.admin.handlers.simpleComputer.primary_group( self )
-		univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
-		self.nagios_ldap_post_modify()
-
-	def _ldap_pre_modify(self):
-		if self.hasChanged('password'):
-			if not self['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			elif not self.info['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			else:
-				self.modifypassword=1
-		self.nagios_ldap_pre_modify()
-		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
-
-
-	def _ldap_modlist(self):
-		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
-
-		self.nagios_ldap_modlist(ml)
-
-		if self.hasChanged('name'):
-			if 'posix' in self.options:
-				if hasattr(self, 'uidNum'):
-					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
-				requested_uid="%s$" % self['name']
-				try:
-					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
-				except Exception:
-					self.cancel()
-					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
-					return []
-
-				self.alloc.append(('uid',self.uid))
-
-				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
-
-			if 'samba' in self.options:
-				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
-
-			if 'kerberos' in self.options:
-				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
-
-		if self.modifypassword and self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-
-		# add samba option
-		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			ml.append(('sambaSID', '', [self.machineSid]))
-			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
-			ml.append(('displayName', '', self.info['name']))
-			sambaPwdLastSetValue = str(long(time.time()))
-			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
-			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
-				if self.oldattr.get(key, []):
-					ml.insert(0, (key, self.oldattr.get(key, []), ''))
-
-		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
-			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
-
-		return ml
-
-	def cleanup(self):
-		self.open()
-		self.nagios_cleanup()
-		univention.admin.handlers.simpleComputer.cleanup( self )
-
-	def cancel(self):
-		for i,j in self.alloc:
-			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
-			univention.admin.allocators.release(self.lo, self.position, i, j)
-
-def rewrite(filter, mapping):
-	if filter.variable == 'ip':
-		filter.variable='aRecord'
-	else:
-		univention.admin.mapping.mapRewrite(filter, mapping)
+rewrite = object.rewrite
+identify = object.identify
 
 def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
 
@@ -618,8 +367,3 @@ def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0,
 		for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
 			res.append( object( co, lo, None, dn, attributes = attrs ) )
 	return res
-
-def identify(dn, attr, canonical=0):
-		
-	return 'univentionHost' in attr.get('objectClass', []) and 'univentionMacOSClient' in attr.get('objectClass', [])
-
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py
index 2665135..ac17b7e 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py
@@ -30,21 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-from ldap.filter import filter_format
-
 from univention.admin.layout import Tab, Group
 import univention.admin.filter
 import univention.admin.handlers
-import univention.admin.password
-import univention.admin.allocators
 import univention.admin.localization
-import univention.admin.uldap
 import univention.admin.nagios as nagios
-import univention.admin.handlers.dns.forward_zone
-import univention.admin.handlers.dns.reverse_zone
-import univention.admin.handlers.groups.group
-import univention.admin.handlers.networks.network
-import time
+from univention.admin.handlers.computers.base import computerBase
 
 translation=univention.admin.localization.translation('univention.admin.handlers.computers')
 _=translation.translate
@@ -386,9 +377,9 @@
 mapping.register('name', 'cn', None, univention.admin.mapping.ListToString)
 mapping.register('description', 'description', None, univention.admin.mapping.ListToString)
 mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString)
-mapping.register('inventoryNumber', 'univentionInventoryNumber')
 mapping.register('serverRole', 'univentionServerRole')
 mapping.register('mac', 'macAddress' )
+mapping.register('inventoryNumber', 'univentionInventoryNumber')
 mapping.register('reinstall', 'univentionServerReinstall', None, univention.admin.mapping.ListToString)
 mapping.register('instprofile', 'univentionServerInstallationProfile', None, univention.admin.mapping.ListToString)
 mapping.register('reinstalloption', 'univentionServerInstallationOption', None, univention.admin.mapping.ListToString)
@@ -403,303 +394,16 @@
 nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout)
 
 
-class object(univention.admin.handlers.simpleComputer, nagios.Support):
+class object(computerBase):
 	module=module
-
-	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
-		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
-		nagios.Support.__init__(self)
-
-	def open(self):
-		univention.admin.handlers.simpleComputer.open( self )
-		self.nagios_open()
-
-		self.modifypassword=0
-		if self.exists():
-			userPassword=self.oldattr.get('userPassword',[''])[0]
-			if userPassword:
-				self.info['password']=userPassword
-				self.modifypassword=0
-		if self.exists():
-
-			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
-				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
-				if primaryGroupNumber:
-					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
-					if primaryGroupResult:
-						self['primaryGroup']=primaryGroupResult[0]
-						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
-					else:
-						self['primaryGroup']=None
-						self.save()
-						raise univention.admin.uexceptions.primaryGroup
-				else:
-					self['primaryGroup']=None
-					self.save()
-					raise univention.admin.uexceptions.primaryGroup
-			if 'samba' in self.options:
-				sid = self.oldattr.get('sambaSID', [''])[0]
-				pos = sid.rfind('-')
-				self.info['sambaRID'] = sid[pos+1:]
-
-			self.save()
-		else:
-			self.modifypassword=0
-			if 'posix' in self.options:
-				res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultMemberserverGroup', position=self.position)
-				if res:
-					self['primaryGroup']=res
-
-	def _ldap_pre_create(self):
-		super(object, self)._ldap_pre_create()
-		if not self['password']:
-			self['password']=self.oldattr.get('password',[''])[0]
-			self.modifypassword=0
-
-	def _ldap_addlist(self):
-		ocs=['top', 'person', 'univentionHost', 'univentionMemberServer']
-		al=[]
-		if 'kerberos' in self.options:
-			domain=univention.admin.uldap.domain(self.lo, self.position)
-			realm=domain.getKerberosRealm()
-
-			if realm:
-				al.append(('krb5MaxLife', '86400'))
-				al.append(('krb5MaxRenew', '604800'))
-				al.append(('krb5KDCFlags', '126'))
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			else:
-				# can't do kerberos
-				self._remove_option( 'kerberos' )
-		if 'posix' in self.options:
-			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
-			self.alloc.append(('uidNumber',self.uidNum))
-			gidNum = self.get_gid_for_primary_group()
-			al.append(('uidNumber', [self.uidNum]))
-			al.append(('gidNumber', [gidNum]))
-
-		if self.modifypassword or self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-			self.modifypassword=0
-		if 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.uidNum
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			al.append(('sambaSID', [self.machineSid]))
-			al.append(('sambaAcctFlags', [acctFlags.decode()]))
-			al.append(('displayName', self.info['name']))
-
-		al.insert(0, ('objectClass', ocs))
-		al.append(('univentionServerRole', '', 'member'))
-		return al
-
-	def _ldap_post_create(self):
-		if 'posix' in self.options:
-			if hasattr(self, 'uid') and self.uid:
-				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
-			univention.admin.handlers.simpleComputer.primary_group( self )
-			univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_create( self )
-		self.nagios_ldap_post_create()
-
-	def _ldap_pre_remove(self):
-		self.open()
-		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
-			self.uidNum=self.oldattr['uidNumber'][0]
-
-	def _ldap_post_remove(self):
-		if 'posix' in self.options:
-			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
-		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
-		if groupObjects:
-			for i in range(0, len(groupObjects)):
-				groupObjects[i].open()
-				if self.dn in groupObjects[i]['users']:
-					groupObjects[i]['users'].remove(self.dn)
-					groupObjects[i].modify(ignore_license=1)
-
-		self.nagios_ldap_post_remove()
-		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
-		# Need to clean up oldinfo. If remove was invoked, because the
-		# creation of the object has failed, the next try will result in
-		# a 'object class violation' (Bug #19343)
-		self.oldinfo = {}
-
-	def krb5_principal(self):
-		domain=univention.admin.uldap.domain(self.lo, self.position)
-		realm=domain.getKerberosRealm()
-		if self.info.has_key('domain') and self.info['domain']:
-			kerberos_domain=self.info['domain']
-		else:
-			kerberos_domain=domain.getKerberosRealm()
-		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
-
-	def _ldap_post_modify(self):
-		univention.admin.handlers.simpleComputer.primary_group( self )
-		univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
-		self.nagios_ldap_post_modify()
-
-	def _ldap_pre_modify(self):
-		if self.hasChanged('password'):
-			if not self['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			elif not self.info['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			else:
-				self.modifypassword=1
-		self.nagios_ldap_pre_modify()
-		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
-
-
-	def _ldap_modlist(self):
-		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
-
-		self.nagios_ldap_modlist(ml)
-
-		if self.hasChanged('name'):
-			if 'posix' in self.options:
-				if hasattr(self, 'uidNum'):
-					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
-				requested_uid="%s$" % self['name']
-				try:
-					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
-				except Exception:
-					self.cancel()
-					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
-					return []
-
-				self.alloc.append(('uid',self.uid))
-
-				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
-
-			if 'samba' in self.options:
-				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
-
-			if 'kerberos' in self.options:
-				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
-
-		if self.modifypassword and self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-
-		# add samba option
-		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			ml.append(('sambaSID', '', [self.machineSid]))
-			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
-			ml.append(('displayName', '', self.info['name']))
-			sambaPwdLastSetValue = str(long(time.time()))
-			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
-			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
-				if self.oldattr.get(key, []):
-					ml.insert(0, (key, self.oldattr.get(key, []), ''))
-
-		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
-			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
-
-		return ml
-
-	def cleanup(self):
-		self.open()
-		self.nagios_cleanup()
-		univention.admin.handlers.simpleComputer.cleanup( self )
-
-	def cancel(self):
-		for i,j in self.alloc:
-			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
-			univention.admin.allocators.release(self.lo, self.position, i, j)
-
-	def link(self):
-		result = []
-		if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]:
-			result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ],
-						'ipaddr': self['ip'][ 0 ],
-						}]
-		if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0:
-			zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0]
-			if not result:
-				result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }]
-			result[0]['fqdn'] = '%s.%s' % (self['name'], zone)
-		if result:
-			result[0]['name'] = _('Open Univention Management Console on this computer')
-			return result
-		return None
-
-def rewrite(filter, mapping):
-	if filter.variable == 'ip':
-		filter.variable='aRecord'
-	else:
-		univention.admin.mapping.mapRewrite(filter, mapping)
-
-def lookup_filter(filter_s=None, lo=None):
-	filter_s = univention.admin.filter.replace_fqdn_filter( filter_s )
-	if str(filter_s).find('(dnsAlias=') != -1:
-		filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)
-		if filter_s:
-			return lookup_filter(filter_s, lo)
-		else:
-			return None
-	lookup_filter_obj = \
-		univention.admin.filter.conjunction('&', [
-			univention.admin.filter.expression('objectClass', 'univentionHost'),
-			univention.admin.filter.expression('objectClass', 'univentionMemberServer'),
-		])
-
-	# ATTENTION: has its own rewrite function.
-	lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping)
-	return lookup_filter_obj
-
-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
-
-	filter=lookup_filter(filter_s, lo)
-	if filter is None:
-		return []
-	res=[]
-	for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
-		res.append( object( co, lo, None, dn, attributes = attrs ) )
-	return res
-
-def identify(dn, attr, canonical=0):
-	return 'univentionHost' in attr.get('objectClass', []) and 'univentionMemberServer' in attr.get('objectClass', [])
+	mapping = mapping
+	CONFIG_NAME = 'univentionDefaultMemberserverGroup'
+	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionMemberServer']
+	SAMBA_ACCOUNT_FLAG = 'W'
+	SERVER_TYPE = 'univentionMemberServer'
+	SERVER_ROLE = 'member'
+
+rewrite = object.rewrite
+lookup_filter = object.lookup_filter
+lookup = object.lookup
+identify = object.identify
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py
index f891fc0..1c4908c 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py
@@ -30,21 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-from ldap.filter import filter_format
-
 from univention.admin.layout import Tab, Group
 import univention.admin.filter
 import univention.admin.handlers
-import univention.admin.password
-import univention.admin.allocators
 import univention.admin.localization
-import univention.admin.uldap
 import univention.admin.nagios as nagios
-import univention.admin.handlers.dns.forward_zone
-import univention.admin.handlers.dns.reverse_zone
-import univention.admin.handlers.groups.group
-import univention.admin.handlers.networks.network
-import time
+from univention.admin.handlers.computers.base import computerBase
 
 translation=univention.admin.localization.translation('univention.admin.handlers.computers')
 _=translation.translate
@@ -341,263 +332,20 @@
 nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout)
 
 
-class object(univention.admin.handlers.simpleComputer, nagios.Support):
+class object(computerBase):
 	module=module
+	mapping = mapping
+	CONFIG_NAME = 'univentionDefaultClientGroup'
+	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionUbuntuClient']
+	SAMBA_ACCOUNT_FLAG = 'W'
+	SERVER_TYPE = 'univentionUbuntuClient'
 
-	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
-		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
-		nagios.Support.__init__(self)
-
-	def open(self):
-		univention.admin.handlers.simpleComputer.open( self )
-		self.nagios_open()
-
-		self.modifypassword=0
-		if self.exists():
-			userPassword=self.oldattr.get('userPassword',[''])[0]
-			if userPassword:
-				self.info['password']=userPassword
-				self.modifypassword=0
-		if self.exists():
-
-			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
-				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
-				if primaryGroupNumber:
-					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
-					if primaryGroupResult:
-						self['primaryGroup']=primaryGroupResult[0]
-						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
-					else:
-						self['primaryGroup']=None
-						self.save()
-						raise univention.admin.uexceptions.primaryGroup
-				else:
-					self['primaryGroup']=None
-					self.save()
-					raise univention.admin.uexceptions.primaryGroup
-			if 'samba' in self.options:
-				sid = self.oldattr.get('sambaSID', [''])[0]
-				pos = sid.rfind('-')
-				self.info['sambaRID'] = sid[pos+1:]
-
-			self.save()
-		else:
-			self.modifypassword=0
-			if 'posix' in self.options:
-				res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position)
-				if res:
-					self['primaryGroup']=res
-
-	def _ldap_pre_create(self):
-		super(object, self)._ldap_pre_create()
-		if not self['password']:
-			self['password']=self.oldattr.get('password',[''])[0]
-			self.modifypassword=0
-
-	def _ldap_addlist(self):
+	def check_required_options(self):
 		if not set(self.options) & set(['posix', 'kerberos']):
 			raise univention.admin.uexceptions.invalidOptions(_(' At least posix or kerberos is required.'))
-		
-		ocs=['top', 'person', 'univentionHost', 'univentionUbuntuClient']
-		al=[]
-		if 'kerberos' in self.options:
-			domain=univention.admin.uldap.domain(self.lo, self.position)
-			realm=domain.getKerberosRealm()
-
-			if realm:
-				al.append(('krb5MaxLife', '86400'))
-				al.append(('krb5MaxRenew', '604800'))
-				al.append(('krb5KDCFlags', '126'))
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			else:
-				# can't do kerberos
-				self._remove_option( 'kerberos' )
-		if 'posix' in self.options:
-			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
-			self.alloc.append(('uidNumber',self.uidNum))
-			gidNum = self.get_gid_for_primary_group()
-			al.append(('uidNumber', [self.uidNum]))
-			al.append(('gidNumber', [gidNum]))
-
-		if self.modifypassword or self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-			self.modifypassword=0
-		if 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.uidNum
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			al.append(('sambaSID', [self.machineSid]))
-			al.append(('sambaAcctFlags', [acctFlags.decode()]))
-			al.append(('displayName', self.info['name']))
-
-		al.insert(0, ('objectClass', ocs))
-
-		return al
-
-	def _ldap_post_create(self):
-		if 'posix' in self.options:
-			if hasattr(self, 'uid') and self.uid:
-				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
-			univention.admin.handlers.simpleComputer.primary_group( self )
-			univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_create( self )
-		self.nagios_ldap_post_create()
-
-	def _ldap_pre_remove(self):
-		self.open()
-		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
-			self.uidNum=self.oldattr['uidNumber'][0]
-
-	def _ldap_post_remove(self):
-		if 'posix' in self.options:
-			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
-		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
-		if groupObjects:
-			for i in range(0, len(groupObjects)):
-				groupObjects[i].open()
-				if self.dn in groupObjects[i]['users']:
-					groupObjects[i]['users'].remove(self.dn)
-					groupObjects[i].modify(ignore_license=1)
-
-		self.nagios_ldap_post_remove()
-		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
-		# Need to clean up oldinfo. If remove was invoked, because the
-		# creation of the object has failed, the next try will result in
-		# a 'object class violation' (Bug #19343)
-		self.oldinfo = {}
-
-	def krb5_principal(self):
-		domain=univention.admin.uldap.domain(self.lo, self.position)
-		realm=domain.getKerberosRealm()
-		if self.info.has_key('domain') and self.info['domain']:
-			kerberos_domain=self.info['domain']
-		else:
-			kerberos_domain=domain.getKerberosRealm()
-		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
-
-	def _ldap_post_modify(self):
-		univention.admin.handlers.simpleComputer.primary_group( self )
-		univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
-		self.nagios_ldap_post_modify()
+del object.link
 
-	def _ldap_pre_modify(self):
-		if self.hasChanged('password'):
-			if not self['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			elif not self.info['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			else:
-				self.modifypassword=1
-		self.nagios_ldap_pre_modify()
-		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
-
-
-	def _ldap_modlist(self):
-		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
-
-		self.nagios_ldap_modlist(ml)
-
-		if self.hasChanged('name'):
-			if 'posix' in self.options:
-				if hasattr(self, 'uidNum'):
-					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
-				requested_uid="%s$" % self['name']
-				try:
-					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
-				except Exception:
-					self.cancel()
-					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
-					return []
-
-				self.alloc.append(('uid',self.uid))
-
-				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
-
-			if 'samba' in self.options:
-				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
-
-			if 'kerberos' in self.options:
-				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
-
-		if self.modifypassword and self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-
-		# add samba option
-		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			ml.append(('sambaSID', '', [self.machineSid]))
-			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
-			ml.append(('displayName', '', self.info['name']))
-			sambaPwdLastSetValue = str(long(time.time()))
-			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
-			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
-				if self.oldattr.get(key, []):
-					ml.insert(0, (key, self.oldattr.get(key, []), ''))
-
-		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
-			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
-
-		return ml
-
-	def cleanup(self):
-		self.open()
-		self.nagios_cleanup()
-		univention.admin.handlers.simpleComputer.cleanup( self )
-
-	def cancel(self):
-		for i,j in self.alloc:
-			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
-			univention.admin.allocators.release(self.lo, self.position, i, j)
-
-
-def rewrite(filter, mapping):
-	if filter.variable == 'ip':
-		filter.variable='aRecord'
-	else:
-		univention.admin.mapping.mapRewrite(filter, mapping)
+rewrite = object.rewrite
 
 def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
 
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py
index 014cf72..9c11908 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py
@@ -30,21 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-from ldap.filter import filter_format
-
 from univention.admin.layout import Tab, Group
 import univention.admin.filter
 import univention.admin.handlers
-import univention.admin.password
-import univention.admin.allocators
 import univention.admin.localization
-import univention.admin.uldap
 import univention.admin.nagios as nagios
-import univention.admin.handlers.dns.forward_zone
-import univention.admin.handlers.dns.reverse_zone
-import univention.admin.handlers.groups.group
-import univention.admin.handlers.networks.network
-import time
+from univention.admin.handlers.computers.base import computerBase
 
 translation=univention.admin.localization.translation('univention.admin.handlers.computers')
 _=translation.translate
@@ -346,278 +337,37 @@
 mapping=univention.admin.mapping.mapping()
 mapping.register('name', 'cn', None, univention.admin.mapping.ListToString)
 mapping.register('description', 'description', None, univention.admin.mapping.ListToString)
-mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString)
-mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString)
 mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString)
 mapping.register('inventoryNumber', 'univentionInventoryNumber')
 mapping.register('mac', 'macAddress' )
 mapping.register('network', 'univentionNetworkLink', None, univention.admin.mapping.ListToString)
 mapping.register('unixhome', 'homeDirectory', None, univention.admin.mapping.ListToString)
 mapping.register('shell', 'loginShell', None, univention.admin.mapping.ListToString)
+mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString)
+mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString)
 
 # add Nagios extension
 nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout)
 
 
-class object(univention.admin.handlers.simpleComputer, nagios.Support):
+class object(computerBase):
 	module=module
-
-	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
-		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
-		nagios.Support.__init__(self)
-
-	def open(self):
-		univention.admin.handlers.simpleComputer.open( self )
-		self.nagios_open()
-
-		self.modifypassword=0
-		if self.exists():
-			userPassword=self.oldattr.get('userPassword',[''])[0]
-			if userPassword:
-				self.info['password']=userPassword
-				self.modifypassword=0
-
-		if self.exists():
-
-			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
-				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
-				if primaryGroupNumber:
-					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
-					if primaryGroupResult:
-						self['primaryGroup']=primaryGroupResult[0]
-						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
-					else:
-						self['primaryGroup']=None
-						self.save()
-						raise univention.admin.uexceptions.primaryGroup
-				else:
-					self['primaryGroup']=None
-					self.save()
-					raise univention.admin.uexceptions.primaryGroup
-			if 'samba' in self.options:
-				sid = self.oldattr.get('sambaSID', [''])[0]
-				pos = sid.rfind('-')
-				self.info['sambaRID'] = sid[pos+1:]
-
-			self.save()
-		else:
-			self.modifypassword=0
-			if 'posix' in self.options:
-				res=univention.admin.config.getDefaultValue(self.lo, 'computerGroup', position=self.position)
-				if res:
-					self['primaryGroup']=res
-
-
-	def _ldap_pre_create(self):
-		super(object, self)._ldap_pre_create()
-		if not self['password']:
-			self['password']=self.oldattr.get('password',[''])[0]
-			self.modifypassword=0
-
-	def _ldap_addlist(self):
-		ocs=['top', 'person', 'univentionHost', 'univentionWindows']
-		al=[]
-		if 'kerberos' in self.options:
-			domain=univention.admin.uldap.domain(self.lo, self.position)
-			realm=domain.getKerberosRealm()
-
-			if realm:
-				al.append(('krb5MaxLife', '86400'))
-				al.append(('krb5MaxRenew', '604800'))
-				al.append(('krb5KDCFlags', '126'))
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			else:
-				# can't do kerberos
-				self._remove_option( 'kerberos' )
-		if 'posix' in self.options:
-			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
-			self.alloc.append(('uidNumber',self.uidNum))
-			gidNum = self.get_gid_for_primary_group()
-			al.append(('uidNumber', [self.uidNum]))
-			al.append(('gidNumber', [gidNum]))
-
-		if self.modifypassword or self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-			self.modifypassword=0
-		if 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.uidNum
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			al.append(('sambaSID', [self.machineSid]))
-			al.append(('sambaAcctFlags', [acctFlags.decode()]))
-			al.append(('displayName', self.info['name']))
-
-		al.insert(0, ('objectClass', ocs))
-		al.append(('univentionServerRole', '', 'windows_client'))
-		return al
-
-	def _ldap_post_create(self):
-		if 'posix' in self.options:
-			if hasattr(self, 'uid') and self.uid:
-				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
-			univention.admin.handlers.simpleComputer.primary_group( self )
-			univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_create( self )
-		self.nagios_ldap_post_create()
-
-	def _ldap_pre_remove(self):
-		self.open()
-		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
-			self.uidNum=self.oldattr['uidNumber'][0]
-
-	def _ldap_post_remove(self):
-		if 'posix' in self.options:
-			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
-		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
-		if groupObjects:
-			for i in range(0, len(groupObjects)):
-				groupObjects[i].open()
-				if self.dn in groupObjects[i]['users']:
-					groupObjects[i]['users'].remove(self.dn)
-					groupObjects[i].modify(ignore_license=1)
-
-		self.nagios_ldap_post_remove()
-		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
-		# Need to clean up oldinfo. If remove was invoked, because the
-		# creation of the object has failed, the next try will result in
-		# a 'object class violation' (Bug #19343)
-		self.oldinfo = {}
-
-	def krb5_principal(self):
-		domain=univention.admin.uldap.domain(self.lo, self.position)
-		realm=domain.getKerberosRealm()
-		if self.info.has_key('domain') and self.info['domain']:
-			kerberos_domain=self.info['domain']
-		else:
-			kerberos_domain=domain.getKerberosRealm()
-		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
-
-	def _ldap_post_modify(self):
-		univention.admin.handlers.simpleComputer.primary_group( self )
-		univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
-		self.nagios_ldap_post_modify()
-
-	def _ldap_pre_modify(self):
-		if self.hasChanged('password'):
-			if not self['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			elif not self.info['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			else:
-				self.modifypassword=1
-		self.nagios_ldap_pre_modify()
-		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
-
+	mapping = mapping
+	CONFIG_NAME = 'computerGroup'
+	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionWindows']
+	SAMBA_ACCOUNT_FLAG = 'W'
+	SERVER_TYPE = 'univentionWindows'
+	SERVER_ROLE = 'windows_client'
 
 	def _ldap_modlist(self):
-		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
-
-		self.nagios_ldap_modlist(ml)
-
+		ml = super(object, self)._ldap_modlist()
 		if self.hasChanged('ntCompatibility') and self['ntCompatibility'] == '1':
 			self['password'] = self['name'].replace('$','').lower()
 			self.modifypassword = 1
-
-		if self.hasChanged('name'):
-			if 'posix' in self.options:
-				if hasattr(self, 'uidNum'):
-					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
-				requested_uid="%s$" % self['name']
-				try:
-					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
-				except Exception:
-					self.cancel()
-					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
-					return []
-
-				self.alloc.append(('uid',self.uid))
-
-				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
-
-			if 'samba' in self.options:
-				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
-
-			if 'kerberos' in self.options:
-				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
-
-		if self.modifypassword and self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-
-		# add samba option
-		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'W':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			ml.append(('sambaSID', '', [self.machineSid]))
-			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
-			ml.append(('displayName', '', self.info['name']))
-			sambaPwdLastSetValue = str(long(time.time()))
-			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
-			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
-				if self.oldattr.get(key, []):
-					ml.insert(0, (key, self.oldattr.get(key, []), ''))
-
-		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
-			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
-
 		return ml
+del object.link
 
-	def cleanup(self):
-		self.open()
-		self.nagios_cleanup()
-		univention.admin.handlers.simpleComputer.cleanup( self )
-
-	def cancel(self):
-		for i,j in self.alloc:
-			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
-			univention.admin.allocators.release(self.lo, self.position, i, j)
-
-def rewrite(filter, mapping):
-	if filter.variable == 'ip':
-		filter.variable='aRecord'
-	else:
-		univention.admin.mapping.mapRewrite(filter, mapping)
+rewrite = object.rewrite
 
 def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
 
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py
index fb8999d..3c8cdab 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py
@@ -30,21 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-from ldap.filter import filter_format
-
 from univention.admin.layout import Tab, Group
 import univention.admin.filter
 import univention.admin.handlers
-import univention.admin.password
-import univention.admin.allocators
 import univention.admin.localization
-import univention.admin.uldap
 import univention.admin.nagios as nagios
-import univention.admin.handlers.dns.forward_zone
-import univention.admin.handlers.dns.reverse_zone
-import univention.admin.handlers.groups.group
-import univention.admin.handlers.networks.network
-import time
+from univention.admin.handlers.computers.base import computerBase
 
 translation=univention.admin.localization.translation('univention.admin.handlers.computers')
 _=translation.translate
@@ -368,257 +359,17 @@
 nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout)
 
 
-class object(univention.admin.handlers.simpleComputer, nagios.Support):
+class object(computerBase):
 	module=module
+	mapping = mapping
+	CONFIG_NAME = 'univentionDefaultDomainControllerGroup'
+	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionWindows']
+	SAMBA_ACCOUNT_FLAG = 'S'
+	SERVER_TYPE = 'univentionWindows'
+	SERVER_ROLE = 'windows_domaincontroller'
 
-	def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ):
-		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
-		nagios.Support.__init__(self)
-
-	def open(self):
-		univention.admin.handlers.simpleComputer.open( self )
-		self.nagios_open()
-
-		self.modifypassword=0
-		if self.exists():
-			userPassword=self.oldattr.get('userPassword',[''])[0]
-			if userPassword:
-				self.info['password']=userPassword
-				self.modifypassword=0
-
-		if self.exists():
-
-			if 'posix' in self.options and not self.info.get( 'primaryGroup' ):
-				primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0]
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))
-				if primaryGroupNumber:
-					primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))
-					if primaryGroupResult:
-						self['primaryGroup']=primaryGroupResult[0]
-						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))
-					else:
-						self['primaryGroup']=None
-						self.save()
-						raise univention.admin.uexceptions.primaryGroup
-				else:
-					self['primaryGroup']=None
-					self.save()
-					raise univention.admin.uexceptions.primaryGroup
-			if 'samba' in self.options:
-				sid = self.oldattr.get('sambaSID', [''])[0]
-				pos = sid.rfind('-')
-				self.info['sambaRID'] = sid[pos+1:]
-
-			self.save()
-
-		else:
-			self.modifypassword=0
-			if 'posix' in self.options:
-				res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerGroup', position=self.position)
-				if res:
-					self['primaryGroup']=res
-
-	def _ldap_pre_create(self):
-		super(object, self)._ldap_pre_create()
-		if not self['password']:
-			self['password']=self.oldattr.get('password',[''])[0]
-			self.modifypassword=0
-
-	def _ldap_addlist(self):
-		ocs=['top', 'person', 'univentionHost', 'univentionWindows']
-		al=[]
-		if 'kerberos' in self.options:
-
-			ocs.extend(['krb5Principal', 'krb5KDCEntry'])
-			al.append(('krb5MaxLife', '86400'))
-			al.append(('krb5MaxRenew', '604800'))
-			al.append(('krb5KDCFlags', '126'))
-			krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-			al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-
-		if 'posix' in self.options:
-			self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber')
-			self.alloc.append(('uidNumber',self.uidNum))
-			gidNum = self.get_gid_for_primary_group()
-			al.append(('uidNumber', [self.uidNum]))
-			al.append(('gidNumber', [gidNum]))
-
-		if self.modifypassword or self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-			self.modifypassword=0
-		if 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'S':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.uidNum
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			al.append(('sambaSID', [self.machineSid]))
-			al.append(('sambaAcctFlags', [acctFlags.decode()]))
-			al.append(('displayName', self.info['name']))
-
-		al.insert(0, ('objectClass', ocs))
-		al.append(('univentionServerRole', '', 'windows_domaincontroller'))
-		return al
-
-	def _ldap_post_create(self):
-		if 'posix' in self.options:
-			if hasattr(self, 'uid') and self.uid:
-				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)
-			univention.admin.handlers.simpleComputer.primary_group( self )
-			univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_create( self )
-		self.nagios_ldap_post_create()
-
-	def _ldap_pre_remove(self):
-		self.open()
-		if 'posix' in self.options and self.oldattr.get( 'uidNumber' ):
-			self.uidNum=self.oldattr['uidNumber'][0]
-
-	def _ldap_post_remove(self):
-		if 'posix' in self.options:
-			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)
-		groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn]))
-		if groupObjects:
-			for i in range(0, len(groupObjects)):
-				groupObjects[i].open()
-				if self.dn in groupObjects[i]['users']:
-					groupObjects[i]['users'].remove(self.dn)
-					groupObjects[i].modify(ignore_license=1)
-
-		self.nagios_ldap_post_remove()
-		univention.admin.handlers.simpleComputer._ldap_post_remove( self )
-		# Need to clean up oldinfo. If remove was invoked, because the
-		# creation of the object has failed, the next try will result in
-		# a 'object class violation' (Bug #19343)
-		self.oldinfo = {}
-
-	def krb5_principal(self):
-		domain=univention.admin.uldap.domain(self.lo, self.position)
-		realm=domain.getKerberosRealm()
-		if self.info.has_key('domain') and self.info['domain']:
-			kerberos_domain=self.info['domain']
-		else:
-			kerberos_domain=domain.getKerberosRealm()
-		return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm
-
-	def _ldap_post_modify(self):
-		univention.admin.handlers.simpleComputer.primary_group( self )
-		univention.admin.handlers.simpleComputer.update_groups( self )
-		univention.admin.handlers.simpleComputer._ldap_post_modify( self )
-		self.nagios_ldap_post_modify()
-
-	def _ldap_pre_modify(self):
-		if self.hasChanged('password'):
-			if not self['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			elif not self.info['password']:
-				self['password']=self.oldattr.get('password',[''])[0]
-				self.modifypassword=0
-			else:
-				self.modifypassword=1
-		self.nagios_ldap_pre_modify()
-		univention.admin.handlers.simpleComputer._ldap_pre_modify( self )
-
-
-	def _ldap_modlist(self):
-		ml=univention.admin.handlers.simpleComputer._ldap_modlist( self )
-
-		self.nagios_ldap_modlist(ml)
-
-		if self.hasChanged('name'):
-			if 'posix' in self.options:
-				if hasattr(self, 'uidNum'):
-					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)
-				requested_uid="%s$" % self['name']
-				try:
-					self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)
-				except Exception:
-					self.cancel()
-					raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid
-					return []
-
-				self.alloc.append(('uid',self.uid))
-
-				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))
-
-			if 'samba' in self.options:
-				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))
-
-			if 'kerberos' in self.options:
-				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
-
-		if self.modifypassword and self['password']:
-			if 'kerberos' in self.options:
-				krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])
-				krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1)
-				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))
-				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))
-			if 'posix' in self.options:
-				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))
-				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))
-			if 'samba' in self.options:
-				password_nt, password_lm = univention.admin.password.ntlm(self['password'])
-				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))
-				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))
-				sambaPwdLastSetValue = str(long(time.time()))
-				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-
-		# add samba option
-		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:
-			acctFlags=univention.admin.samba.acctFlags(flags={'S':1})
-			if self.s4connector_present:
-				# In this case Samba 4 must create the SID, the s4 connector will sync the
-				# new sambaSID back from Samba 4.
-				self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0]
-			else:
-				self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-				self.alloc.append(('sid',self.machineSid))
-			ml.append(('sambaSID', '', [self.machineSid]))
-			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))
-			ml.append(('displayName', '', self.info['name']))
-			sambaPwdLastSetValue = str(long(time.time()))
-			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))
-		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
-			for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
-				if self.oldattr.get(key, []):
-					ml.insert(0, (key, self.oldattr.get(key, []), ''))
-
-		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):
-			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))
-			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))
-
-		return ml
-
-	def cleanup(self):
-		self.open()
-		self.nagios_cleanup()
-		univention.admin.handlers.simpleComputer.cleanup( self )
-
-	def cancel(self):
-		for i,j in self.alloc:
-			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) )
-			univention.admin.allocators.release(self.lo, self.position, i, j)
-
-def rewrite(filter, mapping):
-	if filter.variable == 'ip':
-		filter.variable='aRecord'
-	else:
-		univention.admin.mapping.mapRewrite(filter, mapping)
+rewrite = object.rewrite
+identify = object.identify
 
 def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0):
 
@@ -643,6 +394,3 @@ def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0,
 		for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
 			res.append( object( co, lo, None, dn, attributes = attrs ) )
 	return res
-
-def identify(dn, attr, canonical=0):
-	return 'univentionHost' in attr.get('objectClass', []) and 'univentionWindows' in attr.get('objectClass', []) and 'windows_domaincontroller' in attr.get('univentionServerRole', [])