Attachment #7847 for bug #41864

View | Details | Raw Unified | Return to bug 41864 | Differences between
Collapse All | Expand All




import univention.debug2 as ud
from ldap.controls import LDAPControl
from ldap.controls import SimplePagedResultsControl, LDAPControl
from ldap.filter import filter_format
from samba.dcerpc import security
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import misc

				ud.debug(ud.LDAP, ud.ALL, "sync_from_ucs: addlist: %s" % addlist)
				try:
					self.lo_s4.lo.add_ext_s(compatible_modstring(object['dn']), compatible_addlist(addlist), serverctrls=ctrls) #FIXME encoding
				except ldap.ALREADY_EXISTS as ex:
					sAMAccountName_attr_value = object['attributes'].get('sAMAccountName')[0]
					objectSid_attr_value = object['attributes'].get('objectSid')[0]
					objectSid = decode_sid(objectSid_attr_value)
					if not (sAMAccountName_attr_value and objectSid):
						raise	## unknown situation
					filter_s4 = filter_format('(&(sAMAccountName=%s)(objectSid=%s)(isDeleted=TRUE))', (sAMAccountName_attr_value, objectSid))
					ud.debug(ud.LDAP, ud.WARN, "sync_from_ucs: Error during add, searching for conflicting deleted object in S4. Filter: %s" % filter_s4)
					result = self.lo_s4.lo.search_ext_s(self.lo_s4.base, ldap.SCOPE_SUBTREE, filter_s4, ['objectClass', 'objectCategory', 'isDeleted', 'isRecycled', 'lastKnownParent'], serverctrls=[self.ctrl_show_deleted, LDAPControl(LDB_CONTROL_DOMAIN_SCOPE_OID, criticality=0)])
					if not result or len(result)>1:	## the latter would indicate corruption
						ud.debug(ud.LDAP, ud.WARN,"sync_from_ucs: No conflicting object found.")
						raise	## unknown situation
					(deleted_object_dn, deleted_object) = result[0]
					ud.debug(ud.LDAP, ud.WARN, "sync_from_ucs: Reanimating deleted object in S4: %s" % deleted_object_dn)
					## Currently tombstone_reanimate.c and tests/python/tombstone_reanimation.py
					## which implement https://msdn.microsoft.com/en-us/library/cc223467.aspx (MS-ADTS 3.1.1.5.3.7)
					## are disabled in Samba. Workaround:
					idx = deleted_object_dn.find('\\0ADEL:')
					if idx == -1:
						raise
					reanimate_modlist = [(ldap.MOD_DELETE, 'isDeleted', ['TRUE'])]
					reanimate_modlist.append((ldap.MOD_DELETE, 'lastKnownParent', [deleted_object['lastKnownParent'][0]]))
					reanimate_modlist.append((ldap.MOD_DELETE, 'isRecycled', ['TRUE']))
					if not deleted_object.get('objectCategory'):
						top_most_structural_objectclass = deleted_object['objectClass'][-1]
						result = self.lo_s4.lo.search_ext_s("CN=Schema,CN=Configuration,%s" % self.lo_s4.base, ldap.SCOPE_SUBTREE, filter_format('lDAPDisplayName=%s', (top_most_structural_objectclass,)), ['defaultObjectCategory'])
						reanimate_modlist.append((ldap.MOD_ADD, 'objectCategory', [result[0][1]['defaultObjectCategory'][0]]))
					ud.debug(ud.LDAP, ud.ALL,"sync_from_ucs: modlist: %s" % reanimate_modlist)
					self.lo_s4.lo.modify_ext_s(compatible_modstring(deleted_object_dn), compatible_modlist(reanimate_modlist), serverctrls=[self.ctrl_show_deleted,])
					ud.debug(ud.LDAP, ud.ALL, "rename_s: from %s to %s parent %s" % (deleted_object_dn, deleted_object_dn[:idx], deleted_object['lastKnownParent'][0]))
					self.lo_s4.lo.rename_s(compatible_modstring(deleted_object_dn), deleted_object_dn[:idx], newsuperior=deleted_object['lastKnownParent'][0], delold=1)
					## and retry
					return self.sync_from_ucs(property_type, object, pre_mapped_ucs_dn, old_dn, old_ucs_object, new_ucs_object)
				except:
					ud.debug(ud.LDAP, ud.ERROR, "sync_from_ucs: traceback during add object: %s" % object['dn'])
					ud.debug(ud.LDAP, ud.ERROR, "sync_from_ucs: traceback due to addlist: %s" % addlist)

Return to bug 41864