|
323 |
except UnicodeDecodeError: |
323 |
except UnicodeDecodeError: |
324 |
pass # values are not the same codec |
324 |
pass # values are not the same codec |
325 |
|
325 |
|
326 |
filter_parts_s4 = [format_escaped('(objectclass={0!e})', ocs4), format_escaped('(samaccountname={0!e})', value)] |
326 |
filter_parts_s4 = [format_escaped(u'(objectclass={0!e})', ocs4), format_escaped(u'(samaccountname={0!e})', value)] |
327 |
if dn_attr and dn_attr_val: |
327 |
if dn_attr and dn_attr_val: |
328 |
# also look for dn attr (needed to detect modrdn) |
328 |
# also look for dn attr (needed to detect modrdn) |
329 |
filter_parts_s4.append(format_escaped('({0}={1!e})', dn_attr, dn_attr_val)) |
329 |
filter_parts_s4.append(format_escaped(u'({0}={1!e})', dn_attr, dn_attr_val)) |
330 |
filter_s4 = compatible_modstring(u'(&{})'.format(''.join(filter_parts_s4))) |
330 |
filter_s4 = compatible_modstring(u'(&{})'.format(''.join(filter_parts_s4))) |
331 |
ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: search in s4 for %s" % filter_s4) |
331 |
ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: search in s4 for %s" % filter_s4) |
332 |
result = s4connector.lo_s4.lo.search_ext_s(s4connector.lo_s4.base, ldap.SCOPE_SUBTREE, filter_s4, ['sAMAccountName']) |
332 |
result = s4connector.lo_s4.lo.search_ext_s(s4connector.lo_s4.base, ldap.SCOPE_SUBTREE, filter_s4, ['sAMAccountName']) |
333 |
|
333 |
|
334 |
if result and len(result) > 0 and result[0] and len(result[0]) > 0 and result[0][0]: # no referral, so we've got a valid result |
334 |
if result and len(result) > 0 and result[0] and len(result[0]) > 0 and result[0][0]: # no referral, so we've got a valid result |
335 |
s4dn = unicode(encode_attrib(result[0][0])) |
335 |
s4dn = unicode(encode_attrib(result[0][0]), 'utf8') |
336 |
if dn_key == 'olddn' or (dn_key == 'dn' and 'olddn' not in object): |
336 |
if dn_key == 'olddn' or (dn_key == 'dn' and 'olddn' not in object): |
337 |
newdn = s4dn |
337 |
newdn = s4dn |
338 |
else: |
338 |
else: |
339 |
s4_rdn = ldap.dn.str2dn(s4dn)[0] |
339 |
s4_rdn = ldap.dn.str2dn(s4dn)[0] |
340 |
new_s4_dn = unicode(ldap.dn.dn2str([s4_rdn] + exploded_dn[1:])) |
340 |
new_s4_dn = unicode(ldap.dn.dn2str([s4_rdn] + exploded_dn[1:]), 'utf8') |
341 |
newdn = new_s4_dn.lower().replace(s4connector.lo_s4.base.lower(), s4connector.lo.base.lower()) |
341 |
newdn = new_s4_dn.lower().replace(s4connector.lo_s4.base.lower(), s4connector.lo.base.lower()) |
342 |
|
342 |
|
343 |
else: |
343 |
else: |
344 |
newdn_rdn = [('cn', fst_rdn_value, ldap.AVA_STRING)] |
344 |
newdn_rdn = [('cn', fst_rdn_value, ldap.AVA_STRING)] |
345 |
newdn = unicode(ldap.dn.dn2str([newdn_rdn] + exploded_dn[1:])) # new object, don't need to change |
345 |
newdn = unicode(ldap.dn.dn2str([newdn_rdn] + exploded_dn[1:]), 'utf8') # new object, don't need to change |
346 |
ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: newdn: %s" % newdn) |
346 |
ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: newdn: %s" % newdn) |
347 |
else: |
347 |
else: |
348 |
# get the object to read the sAMAccountName in S4 and use it as name |
348 |
# get the object to read the sAMAccountName in S4 and use it as name |
|
381 |
ucsdn_filter = format_escaped(u'(&(objectclass={0!e})({1}={2!e}))', ocucs, ucsattrib, samaccountname) |
381 |
ucsdn_filter = format_escaped(u'(&(objectclass={0!e})({1}={2!e}))', ocucs, ucsattrib, samaccountname) |
382 |
ucsdn_result = s4connector.search_ucs(filter=ucsdn_filter, base=s4connector.lo.base, scope='sub', attr=['objectClass']) |
382 |
ucsdn_result = s4connector.search_ucs(filter=ucsdn_filter, base=s4connector.lo.base, scope='sub', attr=['objectClass']) |
383 |
if ucsdn_result and len(ucsdn_result) > 0 and ucsdn_result[0] and len(ucsdn_result[0]) > 0: |
383 |
if ucsdn_result and len(ucsdn_result) > 0 and ucsdn_result[0] and len(ucsdn_result[0]) > 0: |
384 |
ucsdn = unicode(ucsdn_result[0][0]) |
384 |
ucsdn = unicode(ucsdn_result[0][0], 'utf8') |
385 |
|
385 |
|
386 |
if ucsdn and (dn_key == 'olddn' or (dn_key == 'dn' and 'olddn' not in object)): |
386 |
if ucsdn and (dn_key == 'olddn' or (dn_key == 'dn' and 'olddn' not in object)): |
387 |
newdn = ucsdn |
387 |
newdn = ucsdn |
|
392 |
else: |
392 |
else: |
393 |
newdn_rdn = [(ucsattrib, samaccountname, ldap.AVA_STRING)] |
393 |
newdn_rdn = [(ucsattrib, samaccountname, ldap.AVA_STRING)] |
394 |
|
394 |
|
395 |
newdn = unicode(ldap.dn.dn2str([newdn_rdn] + exploded_dn[1:])) # guess the old dn |
395 |
newdn = unicode(ldap.dn.dn2str([newdn_rdn] + exploded_dn[1:]), 'utf8') # guess the old dn |
396 |
try: |
396 |
try: |
397 |
ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: newdn for key %s:" % dn_key) |
397 |
ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: newdn for key %s:" % dn_key) |
398 |
ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: olddn: %s" % dn) |
398 |
ud.debug(ud.LDAP, ud.INFO, "samaccount_dn_mapping: olddn: %s" % dn) |
|
807 |
""" |
807 |
""" |
808 |
def convert_field(self, value, conversion): |
808 |
def convert_field(self, value, conversion): |
809 |
if conversion == 'e': |
809 |
if conversion == 'e': |
810 |
return escape_filter_chars(str(value)) |
810 |
if isinstance(value, unicode): |
|
|
811 |
return escape_filter_chars(value.encode('utf-8')).decode('utf-8') |
812 |
elif isinstance(value, str): |
813 |
return escape_filter_chars(value) |
814 |
else: |
815 |
return escape_filter_chars(str(value)) |
811 |
return super(LDAPEscapeFormatter, self).convert_field(value, conversion) |
816 |
return super(LDAPEscapeFormatter, self).convert_field(value, conversion) |
812 |
|
817 |
|
813 |
|
818 |
|
|
1342 |
|
1347 |
|
1343 |
rdn_exploded = ldap.dn.str2dn(rdn) |
1348 |
rdn_exploded = ldap.dn.str2dn(rdn) |
1344 |
parent_exploded = ldap.dn.str2dn(object['attributes']['lastKnownParent'][0]) |
1349 |
parent_exploded = ldap.dn.str2dn(object['attributes']['lastKnownParent'][0]) |
1345 |
return unicode(ldap.dn.dn2str(rdn_exploded + parent_exploded)) |
1350 |
return unicode(ldap.dn.dn2str(rdn_exploded + parent_exploded), 'utf8') |
1346 |
else: |
1351 |
else: |
1347 |
ud.debug(ud.LDAP, ud.WARN, 'lastKnownParent attribute for deleted object rdn="%s" was not set, so we must ignore the object' % rdn) |
1352 |
ud.debug(ud.LDAP, ud.WARN, 'lastKnownParent attribute for deleted object rdn="%s" was not set, so we must ignore the object' % rdn) |
1348 |
return None |
1353 |
return None |
|
1588 |
|
1593 |
|
1589 |
# Exclude primary group |
1594 |
# Exclude primary group |
1590 |
ucs_object_gid = object_ucs['attributes'].get('gidNumber', [])[0] |
1595 |
ucs_object_gid = object_ucs['attributes'].get('gidNumber', [])[0] |
1591 |
ucs_group_filter = format_escaped('(&(objectClass=univentionGroup)(uniqueMember={0!e})(!(gidNumber={1!e})))', object_ucs['dn'], ucs_object_gid) |
1596 |
ucs_group_filter = format_escaped(u'(&(objectClass=univentionGroup)(uniqueMember={0!e})(!(gidNumber={1!e})))', object_ucs['dn'], ucs_object_gid) |
1592 |
ucs_groups_ldap = self.search_ucs(filter=ucs_group_filter) |
1597 |
ucs_groups_ldap = self.search_ucs(filter=ucs_group_filter) |
1593 |
|
1598 |
|
1594 |
if ucs_groups_ldap == []: |
1599 |
if ucs_groups_ldap == []: |