lo.start_tls_s()

		lo.start_tls_s()

	except ldap.UNAVAILABLE:

	except ldap.UNAVAILABLE:

		return False

		return False

		return False

		return False

	return True

	return True

	try:

	try:

		lo = univention.uldap.getMachineConnection(ldap_master=False)

		lo = univention.uldap.getMachineConnection(ldap_master=False)

		print "Abort: Can't contact LDAP server."

		print "Abort: Can't contact LDAP server."

		sys.exit(1)

		sys.exit(1)

	port = int(ucr.get('ldap/master/port', '7389'))

	port = int(ucr.get('ldap/master/port', '7389'))

	try:

	try:

		return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn='cn=backup,' + ucr['ldap/base'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)

		return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn='cn=backup,' + ucr['ldap/base'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)

		if not ucr['ldap/backup']:

		if not ucr['ldap/backup']:

			raise

			raise

		backup = ucr['ldap/backup'].split(' ')[0]

		backup = ucr['ldap/backup'].split(' ')[0]

		port = int(ucr.get('ldap/server/port', '7389'))

		port = int(ucr.get('ldap/server/port', '7389'))

		try:

		try:

			return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)

			return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)

			# ldap/server/name is down, try next server

			# ldap/server/name is down, try next server

			if not ucr.get('ldap/server/addition'):

			if not ucr.get('ldap/server/addition'):

				raise

				raise

			for server in servers.split():

			for server in servers.split():

				try:

				try:

					return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)

					return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)

					pass

					pass

			raise exc

			raise exc

	The low-level class to access a LDAP server.

	The low-level class to access a LDAP server.

	"""

	"""

		"""start_tls = 0 (no); 1 (try); 2 (must)"""

		"""start_tls = 0 (no); 1 (try); 2 (must)"""

		self.host = host

		self.host = host

		self.base = base

		self.base = base

		self.start_tls = start_tls

		self.start_tls = start_tls

		self.ca_certfile = ca_certfile

		self.ca_certfile = ca_certfile

		self.reconnect = reconnect

		self.reconnect = reconnect

		self.port = int(port) if port else None

		self.port = int(port) if port else None

		else:

		else:

			univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'establishing new connection')

			univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, 'establishing new connection')

			self.lo = ldap.initialize(self.uri, trace_stack_limit=None)

			self.lo = ldap.initialize(self.uri, trace_stack_limit=None)

		if ca_certfile:

		if ca_certfile:

			self.lo.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_certfile)

			self.lo.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_certfile)

def _get_ldap_connection():

def _get_ldap_connection():

	try:

	try:

		connection = univention.uldap.getMachineConnection(ldap_master=False)

		connection = univention.uldap.getMachineConnection(ldap_master=False)

		connection = univention.uldap.getMachineConnection()

		connection = univention.uldap.getMachineConnection()

	return connection

	return connection

import re

import re

from ldap.dn import escape_dn_chars

from ldap.dn import escape_dn_chars

from base64 import b64encode

from base64 import b64encode

from copy import copy

from copy import copy

from urlparse import urlsplit

from urlparse import urlsplit

def handler(ucr, changes):

def handler(ucr, changes):

	try:

	try:

		_handler(ucr, changes)

		_handler(ucr, changes)

	except Exception:

	except Exception:

		portal_logger.exception('Exception in UCR module create_portal_entries')

		portal_logger.exception('Exception in UCR module create_portal_entries')

			raise ConnectionFailedInvalidMachineCredentials()

			raise ConnectionFailedInvalidMachineCredentials()

		except ldap.CONNECT_ERROR as exc:

		except ldap.CONNECT_ERROR as exc:

			raise ConnectionFailedConnectError(exc)

			raise ConnectionFailedConnectError(exc)

			raise ConnectionFailedServerDown()

			raise ConnectionFailedServerDown()

	def _get_admin_connection(self):

	def _get_admin_connection(self):

			raise ConnectionFailedInvalidAdminCredentials()

			raise ConnectionFailedInvalidAdminCredentials()

		except ldap.CONNECT_ERROR as exc:

		except ldap.CONNECT_ERROR as exc:

			raise ConnectionFailedConnectError(exc)

			raise ConnectionFailedConnectError(exc)

			raise ConnectionFailedServerDown()

			raise ConnectionFailedServerDown()

	def _get_ldap_connection(self, args, allow_machine_connection=False, allow_admin_connection=True):

	def _get_ldap_connection(self, args, allow_machine_connection=False, allow_admin_connection=True):

					return get_connection(userdn, password)

					return get_connection(userdn, password)

				except ldap.CONNECT_ERROR as exc:

				except ldap.CONNECT_ERROR as exc:

					raise ConnectionFailedConnectError(exc)

					raise ConnectionFailedConnectError(exc)

					raise ConnectionFailedServerDown()

					raise ConnectionFailedServerDown()

				except ldap.INVALID_CREDENTIALS:

				except ldap.INVALID_CREDENTIALS:

					time.sleep(0.1)

					time.sleep(0.1)

		   to reconnect */

		   to reconnect */

		while ((rv = change_update_dn(&trans)) != LDAP_SUCCESS) {

		while ((rv = change_update_dn(&trans)) != LDAP_SUCCESS) {

			univention_debug(UV_DEBUG_LISTENER, UV_DEBUG_ERROR, "change_update_dn failed: %d", rv);

			univention_debug(UV_DEBUG_LISTENER, UV_DEBUG_ERROR, "change_update_dn failed: %d", rv);

				if ((rv = connect_to_ldap(trans.lp)) == 0)

				if ((rv = connect_to_ldap(trans.lp)) == 0)

					continue;

					continue;

			goto out;

			goto out;

			ldap_retries = get_ldap_retries();                                        \

			ldap_retries = get_ldap_retries();                                        \

		do {                                                                              \

		do {                                                                              \

			_rv = (cmd);                                                              \

			_rv = (cmd);                                                              \

				break;                                                            \

				break;                                                            \

			while (_retry < ldap_retries && univention_ldap_open(lp) != LDAP_SUCCESS) \

			while (_retry < ldap_retries && univention_ldap_open(lp) != LDAP_SUCCESS) \

				sleep(1 << (_retry++ % 6));                                       \

				sleep(1 << (_retry++ % 6));                                       \

			lo.search_ext_s('', ldap.SCOPE_BASE, text)

			lo.search_ext_s('', ldap.SCOPE_BASE, text)

		except ldap.FILTER_ERROR:

		except ldap.FILTER_ERROR:

			raise univention.admin.uexceptions.valueError(_('Not a valid LDAP search filter'))

			raise univention.admin.uexceptions.valueError(_('Not a valid LDAP search filter'))

			pass

			pass

		finally:

		finally:

			lo.unbind()

			lo.unbind()

		lo = ldap.ldapobject.ReconnectLDAPObject(uri, trace_stack_limit=None)

		lo = ldap.ldapobject.ReconnectLDAPObject(uri, trace_stack_limit=None)

		result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts'])

		result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts'])

		return result[0][1]['namingContexts'][0]

		return result[0][1]['namingContexts'][0]

		time.sleep(60)

		time.sleep(60)

	lo = ldap.ldapobject.ReconnectLDAPObject(uri, trace_stack_limit=None)

	lo = ldap.ldapobject.ReconnectLDAPObject(uri, trace_stack_limit=None)

	result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts'])

	result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts'])

	def start_tls(self):

	def start_tls(self):

		return self.lo.start_tls

		return self.lo.start_tls

		"""

		"""

		:param str host: The hostname of the LDAP server.

		:param str host: The hostname of the LDAP server.

		:param int port: The TCP port number of the LDAP server.

		:param int port: The TCP port number of the LDAP server.

		:param str binddn: The distinguished name of the account.

		:param str binddn: The distinguished name of the account.

		:param str bindpw: The user password for simple authentication.

		:param str bindpw: The user password for simple authentication.

		:param int start_tls: Negotiate TLS with server. If `2` is given, the command will require the operation to be successful.

		:param int start_tls: Negotiate TLS with server. If `2` is given, the command will require the operation to be successful.

		"""

		"""

		if lo:

		if lo:

			self.lo = lo

			self.lo = lo

			if not port:

			if not port:

				port = int(configRegistry.get('ldap/server/port', 7389))

				port = int(configRegistry.get('ldap/server/port', 7389))

			try:

			try:

			except ldap.INVALID_CREDENTIALS:

			except ldap.INVALID_CREDENTIALS:

				raise univention.admin.uexceptions.authFail(_("Authentication failed"))

				raise univention.admin.uexceptions.authFail(_("Authentication failed"))

			except ldap.UNWILLING_TO_PERFORM:

			except ldap.UNWILLING_TO_PERFORM:

	out = []

	out = []

	try:

	try:

		out = _doit(arglist)

		out = _doit(arglist)

		return out + ["E: The LDAP Server is currently not available.", "OPERATION FAILED"]

		return out + ["E: The LDAP Server is currently not available.", "OPERATION FAILED"]

	except univention.admin.uexceptions.base, e:

	except univention.admin.uexceptions.base, e:

		univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, traceback.format_exc())

		univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, traceback.format_exc())

	# action!

	# action!

	try:

	try:

		run(args[0], verbose=options.verbose)

		run(args[0], verbose=options.verbose)

		print >>sys.stderr, 'ERROR: could not contact LDAP server: %s' % e

		print >>sys.stderr, 'ERROR: could not contact LDAP server: %s' % e

		sys.exit(1)

		sys.exit(1)

			exc = exc.original_exception

			exc = exc.original_exception

		if isinstance(exc, udm_errors.ldapError) and isinstance(getattr(exc, 'original_exception', None), ldap.INVALID_CREDENTIALS):

		if isinstance(exc, udm_errors.ldapError) and isinstance(getattr(exc, 'original_exception', None), ldap.INVALID_CREDENTIALS):

			exc = exc.original_exception

			exc = exc.original_exception

			raise LDAP_ServerDown()

			raise LDAP_ServerDown()

		if isinstance(exc, ldap.CONNECT_ERROR):

		if isinstance(exc, ldap.CONNECT_ERROR):

			raise LDAP_ConnectionFailed(exc)

			raise LDAP_ConnectionFailed(exc)

	else:

	else:

		try:  # should be string

		try:  # should be string

			return dict.lower()

			return dict.lower()

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			pass

			pass

			return True

			return True

		else:

		else:

			return False

			return False

		raise

		raise

	except:  # FIXME: which exception is to be caught?

	except:  # FIXME: which exception is to be caught?

		return False

		return False

			ud.debug(ud.LDAP, ud.INFO, 'Lost connection to the LDAP server. Trying to reconnect ...')

			ud.debug(ud.LDAP, ud.INFO, 'Lost connection to the LDAP server. Trying to reconnect ...')

			try:

			try:

				self.open_ucs()

				self.open_ucs()

				ud.debug(ud.LDAP, ud.INFO, 'LDAP-Server seems to be down')

				ud.debug(ud.LDAP, ud.INFO, 'LDAP-Server seems to be down')

				raise search_exception

				raise search_exception

		if '%s/debug/function' % self.CONFIGBASENAME in self.baseConfig:

		if '%s/debug/function' % self.CONFIGBASENAME in self.baseConfig:

			try:

			try:

				function_level = int(self.baseConfig['%s/debug/function' % self.CONFIGBASENAME])

				function_level = int(self.baseConfig['%s/debug/function' % self.CONFIGBASENAME])

				raise

				raise

			except:  # FIXME: which exception is to be caught?

			except:  # FIXME: which exception is to be caught?

				function_level = 0

				function_level = 0

				try:

				try:

					ret.append((self._decode_dn_from_config_option(d1), self._decode_dn_from_config_option(self._get_config_option(config_space, d1))))

					ret.append((self._decode_dn_from_config_option(d1), self._decode_dn_from_config_option(self._get_config_option(config_space, d1))))

					return_update = True

					return_update = True

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					count = count + 1

					count = count + 1

							change_type = "add"

							change_type = "add"

							old_dn = ''  # there may be an old_dn if object was moved from ignored container

							old_dn = ''  # there may be an old_dn if object was moved from ignored container

							ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: objected was added")

							ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: objected was added")

					raise

					raise

				except:

				except:

					# the ignore_object method might throw an exception if the subschema will be synced

					# the ignore_object method might throw an exception if the subschema will be synced

							return False

							return False

						else:

						else:

							return True

							return True

						raise

						raise

					except:  # FIXME: which exception is to be caught?

					except:  # FIXME: which exception is to be caught?

						self._save_rejected_ucs(filename, dn)

						self._save_rejected_ucs(filename, dn)

			ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn)

			ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn)

			ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object found: %s" % searchdn)

			ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object found: %s" % searchdn)

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object search failed: %s" % searchdn)

			ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object search failed: %s" % searchdn)

							pass

							pass

						self._remove_rejected_ucs(filename)

						self._remove_rejected_ucs(filename)

						change_counter += 1

						change_counter += 1

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					self._save_rejected_ucs(filename, dn)

					self._save_rejected_ucs(filename, dn)

						for i in [0, 1]:  # do it twice if the LDAP connection was closed

						for i in [0, 1]:  # do it twice if the LDAP connection was closed

							try:

							try:

								sync_successfull = self.__sync_file_from_ucs(filename, traceback_level=traceback_level)

								sync_successfull = self.__sync_file_from_ucs(filename, traceback_level=traceback_level)

								# once again, ldap idletimeout ...

								# once again, ldap idletimeout ...

								if i == 0:

								if i == 0:

									self.open_ucs()

									self.open_ucs()

				return True

				return True

			else:

			else:

				ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object from %s to %s" % (object['olddn'], object['dn']))

				ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object from %s to %s" % (object['olddn'], object['dn']))

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object in UCS")

			ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object in UCS")

						if not self.sync_to_ucs(key, subobject, object_mapping['dn']):

						if not self.sync_to_ucs(key, subobject, object_mapping['dn']):

							try:

							try:

								ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0])

								ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0])

								raise

								raise

							except:  # FIXME: which exception is to be caught?

							except:  # FIXME: which exception is to be caught?

								ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed")

								ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed")

		except univention.admin.uexceptions.valueMayNotChange, msg:

		except univention.admin.uexceptions.valueMayNotChange, msg:

			ud.debug(ud.LDAP, ud.ERROR, "Value may not change: %s (%s)" % (msg, object['dn']))

			ud.debug(ud.LDAP, ud.ERROR, "Value may not change: %s (%s)" % (msg, object['dn']))

			return False

			return False

			# LDAP idletimeout? try once again

			# LDAP idletimeout? try once again

			if retry:

			if retry:

				self.open_ucs()

				self.open_ucs()

							return True

							return True

						else:

						else:

							return False

							return False

						raise

						raise

					except:

					except:

						ud.debug(ud.LDAP, ud.WARN, "attribute_filter: Failed to convert attributes for bitwise filter")

						ud.debug(ud.LDAP, ud.WARN, "attribute_filter: Failed to convert attributes for bitwise filter")

			else:

			else:

				try:

				try:

					ad_object[key] = encode_attriblist(ad_object[key])

					ad_object[key] = encode_attriblist(ad_object[key])

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					ud.debug(ud.LDAP, ud.WARN, "encode_ad_object: encode attrib %s failed, ignored!" % key)

					ud.debug(ud.LDAP, ud.WARN, "encode_ad_object: encode attrib %s failed, ignored!" % key)

			except:  # FIXME: which exception is to be caught?

			except:  # FIXME: which exception is to be caught?

				ud.debug(ud.LDAP, ud.INFO, "get_object: got object: <print failed>")

				ud.debug(ud.LDAP, ud.INFO, "get_object: got object: <print failed>")

			return encode_ad_object(ad_object)

			return encode_ad_object(ad_object)

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			pass

			pass

			else:

			else:

				# Every object has got a uSNCreated

				# Every object has got a uSNCreated

				returnObjects = search_ad_changes_by_attribute('uSNCreated', lastUSN + 1)

				returnObjects = search_ad_changes_by_attribute('uSNCreated', lastUSN + 1)

			raise

			raise

		except ldap.SIZELIMIT_EXCEEDED:

		except ldap.SIZELIMIT_EXCEEDED:

			# The LDAP control page results was not sucessful. Without this control

			# The LDAP control page results was not sucessful. Without this control

						ad_members_from_ucs.append(ad_dn.lower())

						ad_members_from_ucs.append(ad_dn.lower())

						self.group_mapping_cache_ucs[member_dn.lower()] = ad_dn

						self.group_mapping_cache_ucs[member_dn.lower()] = ad_dn

						self.__group_cache_ucs_append_member(object_ucs['dn'], member_dn)

						self.__group_cache_ucs_append_member(object_ucs['dn'], member_dn)

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: failed to get dn from ad, assume object doesn't exist")

					ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: failed to get dn from ad, assume object doesn't exist")

					elif self._ignore_object(key, {'dn': member_dn, 'attributes': ad_object}):

					elif self._ignore_object(key, {'dn': member_dn, 'attributes': ad_object}):

						ad_members_from_ucs.append(member_dn.lower())

						ad_members_from_ucs.append(member_dn.lower())

						ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: Object ignored in AD [%s], key = [%s]" % (ucs_dn, key))

						ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: Object ignored in AD [%s], key = [%s]" % (ucs_dn, key))

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					self._debug_traceback(ud.INFO, "group_members_sync_from_ucs: failed to get dn from ad which is groupmember")

					self._debug_traceback(ud.INFO, "group_members_sync_from_ucs: failed to get dn from ad which is groupmember")

			try:

			try:

				self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), [(ldap.MOD_REPLACE, 'member', modlist_members)])

				self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), [(ldap.MOD_REPLACE, 'member', modlist_members)])

				raise

				raise

			except:  # FIXME: which exception is to be caught?

			except:  # FIXME: which exception is to be caught?

				ud.debug(ud.LDAP, ud.WARN, "group_members_sync_from_ucs: failed to sync members: (%s,%s)" % (object['dn'], [(ldap.MOD_REPLACE, 'member', modlist_members)]))

				ud.debug(ud.LDAP, ud.WARN, "group_members_sync_from_ucs: failed to sync members: (%s,%s)" % (object['dn'], [(ldap.MOD_REPLACE, 'member', modlist_members)]))

							self.__group_cache_con_append_member(ad_object['dn'], member_dn)

							self.__group_cache_con_append_member(ad_object['dn'], member_dn)

						else:

						else:

							ud.debug(ud.LDAP, ud.INFO, "Failed to find %s via self.lo.get" % ucs_dn)

							ud.debug(ud.LDAP, ud.INFO, "Failed to find %s via self.lo.get" % ucs_dn)

						raise

						raise

					except:  # FIXME: which exception is to be caught?

					except:  # FIXME: which exception is to be caught?

						ud.debug(ud.LDAP, ud.INFO, "group_members_sync_to_ucs: failed to get dn from ucs, assume object doesn't exist")

						ud.debug(ud.LDAP, ud.INFO, "group_members_sync_to_ucs: failed to get dn from ucs, assume object doesn't exist")

								ucs_members_from_ad[k].append(member_dn.lower())

								ucs_members_from_ad[k].append(member_dn.lower())

							break

							break

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					self._debug_traceback(ud.INFO, "group_members_sync_to_ucs: failed to get dn from ucs which is groupmember")

					self._debug_traceback(ud.INFO, "group_members_sync_to_ucs: failed to get dn from ucs which is groupmember")

								sync_successfull = self.sync_to_ucs(property_key, mapped_object, dn)

								sync_successfull = self.sync_to_ucs(property_key, mapped_object, dn)

							else:

							else:

								sync_successfull = True

								sync_successfull = True

							raise

							raise

						except:  # FIXME: which exception is to be caught?

						except:  # FIXME: which exception is to be caught?

							self._debug_traceback(ud.ERROR, "sync of rejected object failed \n\t%s" % (object['dn']))

							self._debug_traceback(ud.ERROR, "sync of rejected object failed \n\t%s" % (object['dn']))

							self._remove_rejected(id)

							self._remove_rejected(id)

							self.__update_lastUSN(object)

							self.__update_lastUSN(object)

							self._set_DN_for_GUID(elements[0][1]['objectGUID'][0], elements[0][0])

							self._set_DN_for_GUID(elements[0][1]['objectGUID'][0], elements[0][0])

					raise

					raise

				except Exception:

				except Exception:

					self._debug_traceback(ud.ERROR, "unexpected Error during ad.resync_rejected")

					self._debug_traceback(ud.ERROR, "unexpected Error during ad.resync_rejected")

		changes = []

		changes = []

		try:

		try:

			changes = self.__search_ad_changes(show_deleted=show_deleted)

			changes = self.__search_ad_changes(show_deleted=show_deleted)

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			self._debug_traceback(ud.WARN, "Exception during search_ad_changes")

			self._debug_traceback(ud.WARN, "Exception during search_ad_changes")

							sync_successfull = self.sync_to_ucs(property_key, mapped_object, object['dn'])

							sync_successfull = self.sync_to_ucs(property_key, mapped_object, object['dn'])

						else:

						else:

							sync_successfull = True

							sync_successfull = True

						raise

						raise

					except univention.admin.uexceptions.ldapError, msg:

					except univention.admin.uexceptions.ldapError, msg:

						ud.debug(ud.LDAP, ud.INFO, "Exception during poll with message (1) %s" % msg)

						ud.debug(ud.LDAP, ud.INFO, "Exception during poll with message (1) %s" % msg)

						try:

						try:

							GUID = old_element[1]['objectGUID'][0]

							GUID = old_element[1]['objectGUID'][0]

							self._set_DN_for_GUID(GUID, old_element[0])

							self._set_DN_for_GUID(GUID, old_element[0])

							raise

							raise

						except:  # FIXME: which exception is to be caught?

						except:  # FIXME: which exception is to be caught?

							self._debug_traceback(ud.WARN, "Exception during set_DN_for_GUID")

							self._debug_traceback(ud.WARN, "Exception during set_DN_for_GUID")

			# the old object was moved in UCS, but does this object exist in AD?

			# the old object was moved in UCS, but does this object exist in AD?

			try:

			try:

				old_object = self.lo_ad.get(compatible_modstring(old_dn))

				old_object = self.lo_ad.get(compatible_modstring(old_dn))

				raise

				raise

			except:

			except:

				old_object = None

				old_object = None

					if not self.sync_from_ucs(key, subobject, object_mapping['dn']):

					if not self.sync_from_ucs(key, subobject, object_mapping['dn']):

						try:

						try:

							ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0])

							ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0])

							raise

							raise

						except:  # FIXME: which exception is to be caught?

						except:  # FIXME: which exception is to be caught?

							ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed")

							ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed")

				baseConfig['%s/ad/listener/dir' % CONFIGBASENAME]

				baseConfig['%s/ad/listener/dir' % CONFIGBASENAME]

			)

			)

			ad_init = True

			ad_init = True

			print "Warning: Can't initialize LDAP-Connections, wait..."

			print "Warning: Can't initialize LDAP-Connections, wait..."

			sys.stdout.flush()

			sys.stdout.flush()

			time.sleep(poll_sleep)

			time.sleep(poll_sleep)

		try:

		try:

			ad.initialize_ucs()

			ad.initialize_ucs()

			ucs_init = True

			ucs_init = True

			print "Can't contact LDAP server during ucs-poll, sync not possible."

			print "Can't contact LDAP server during ucs-poll, sync not possible."

			sys.stdout.flush()

			sys.stdout.flush()

			time.sleep(poll_sleep)

			time.sleep(poll_sleep)

		try:

		try:

			ad.initialize()

			ad.initialize()

			ad_init = True

			ad_init = True

			print "Can't contact LDAP server during ucs-poll, sync not possible."

			print "Can't contact LDAP server during ucs-poll, sync not possible."

			sys.stdout.flush()

			sys.stdout.flush()

			time.sleep(poll_sleep)

			time.sleep(poll_sleep)

					continue

					continue

				else:

				else:

					break

					break

				print "Can't contact LDAP server during ucs-poll, sync not possible."

				print "Can't contact LDAP server during ucs-poll, sync not possible."

				connected = False

				connected = False

				sys.stdout.flush()

				sys.stdout.flush()

					continue

					continue

				else:

				else:

					break

					break

				print "Can't contact LDAP server during ad-poll, sync not possible."

				print "Can't contact LDAP server during ad-poll, sync not possible."

				connected = False

				connected = False

				sys.stdout.flush()

				sys.stdout.flush()

				retry_rejected = 0

				retry_rejected = 0

			else:

			else:

				retry_rejected += 1

				retry_rejected += 1

			print "Can't contact LDAP server during resync rejected, sync not possible."

			print "Can't contact LDAP server during resync rejected, sync not possible."

			connected = False

			connected = False

			sys.stdout.flush()

			sys.stdout.flush()

					self.ucr['%s/ad/ldap/certificate' % CONFIGBASENAME]

					self.ucr['%s/ad/ldap/certificate' % CONFIGBASENAME]

				)

				)

				ad_init = True

				ad_init = True

				print "Warning: Can't initialize LDAP-Connections, wait..."

				print "Warning: Can't initialize LDAP-Connections, wait..."

				sys.stdout.flush()

				sys.stdout.flush()

				time.sleep(poll_sleep)

				time.sleep(poll_sleep)

					self.ucr['%s/ad/ldap/certificate' % CONFIGBASENAME]

					self.ucr['%s/ad/ldap/certificate' % CONFIGBASENAME]

				)

				)

				ad_init = True

				ad_init = True

				print "Warning: Can't initialize LDAP-Connections, wait..."

				print "Warning: Can't initialize LDAP-Connections, wait..."

				sys.stdout.flush()

				sys.stdout.flush()

				time.sleep(poll_sleep)

				time.sleep(poll_sleep)

import optparse

import optparse

import sys

import sys

import univention.uldap

import univention.uldap

def main():

def main():

	try:

	try:

		# try ldap/server/name, then each of ldap/server/addition

		# try ldap/server/name, then each of ldap/server/addition

		ldapConnection = univention.uldap.getMachineConnection(ldap_master=False, reconnect=False)

		ldapConnection = univention.uldap.getMachineConnection(ldap_master=False, reconnect=False)

		# then master dc

		# then master dc

		ldapConnection = univention.uldap.getMachineConnection()

		ldapConnection = univention.uldap.getMachineConnection()

	exitCode = 0

	exitCode = 0

import sys

import sys

import univention.pyMsChapV2 as pyMsChapV2

import univention.pyMsChapV2 as pyMsChapV2

import univention.uldap

import univention.uldap

def main():

def main():

	try:

	try:

		# try ldap/server/name, then each of ldap/server/addition

		# try ldap/server/name, then each of ldap/server/addition

		ldapConnection = univention.uldap.getMachineConnection(ldap_master=False, reconnect=False)

		ldapConnection = univention.uldap.getMachineConnection(ldap_master=False, reconnect=False)

		# then master dc

		# then master dc

		ldapConnection = univention.uldap.getMachineConnection()

		ldapConnection = univention.uldap.getMachineConnection()

	PasswordHash = getNTPasswordHash(ldapConnection, options.Username, stationId)

	PasswordHash = getNTPasswordHash(ldapConnection, options.Username, stationId)

	else:

	else:

		try:  # should be string

		try:  # should be string

			return dict.lower()

			return dict.lower()

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			pass

			pass

			return True

			return True

		else:

		else:

			return False

			return False

		raise

		raise

	except:  # FIXME: which exception is to be caught?

	except:  # FIXME: which exception is to be caught?

		return False

		return False

				self.open_ucs()

				self.open_ucs()

				result = self.lo.search(filter=filter, base=base, scope=scope, attr=attr, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit)

				result = self.lo.search(filter=filter, base=base, scope=scope, attr=attr, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit)

				return result

				return result

				raise search_exception

				raise search_exception

	def init_debug(self):

	def init_debug(self):

		if '%s/debug/function' % self.CONFIGBASENAME in self.baseConfig:

		if '%s/debug/function' % self.CONFIGBASENAME in self.baseConfig:

			try:

			try:

				function_level = int(self.baseConfig['%s/debug/function' % self.CONFIGBASENAME])

				function_level = int(self.baseConfig['%s/debug/function' % self.CONFIGBASENAME])

				raise

				raise

			except:  # FIXME: which exception is to be caught?

			except:  # FIXME: which exception is to be caught?

				function_level = 0

				function_level = 0

				try:

				try:

					ret.append((self._decode_dn_from_config_option(d1), self._decode_dn_from_config_option(self._get_config_option(config_space, d1))))

					ret.append((self._decode_dn_from_config_option(d1), self._decode_dn_from_config_option(self._get_config_option(config_space, d1))))

					return_update = True

					return_update = True

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					count = count + 1

					count = count + 1

							change_type = "add"

							change_type = "add"

							old_dn = ''  # there may be an old_dn if object was moved from ignored container

							old_dn = ''  # there may be an old_dn if object was moved from ignored container

							ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: object was added: %s" % dn)

							ud.debug(ud.LDAP, ud.INFO, "__sync_file_from_ucs: object was added: %s" % dn)

					raise

					raise

				except:

				except:

					# the ignore_object method might throw an exception if the subschema will be synced

					# the ignore_object method might throw an exception if the subschema will be synced

							return False

							return False

						else:

						else:

							return True

							return True

						raise

						raise

					except ldap.NO_SUCH_OBJECT:

					except ldap.NO_SUCH_OBJECT:

						self._save_rejected_ucs(filename, dn)

						self._save_rejected_ucs(filename, dn)

				return None

				return None

			except ldap.INVALID_SYNTAX:

			except ldap.INVALID_SYNTAX:

				return None

				return None

				self.open_ucs()

				self.open_ucs()

				continue

				continue

				return None

				return None

			except ldap.INVALID_SYNTAX:

			except ldap.INVALID_SYNTAX:

				return None

				return None

				self.open_ucs()

				self.open_ucs()

				continue

				continue

			ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn)

			ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn)

			ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object found: %s" % searchdn)

			ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object found: %s" % searchdn)

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object search failed: %s" % searchdn)

			ud.debug(ud.LDAP, ud.INFO, "get_ucs_object: object search failed: %s" % searchdn)

							pass

							pass

						self._remove_rejected_ucs(filename)

						self._remove_rejected_ucs(filename)

						change_counter += 1

						change_counter += 1

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					self._save_rejected_ucs(filename, dn)

					self._save_rejected_ucs(filename, dn)

					for i in [0, 1]:  # do it twice if the LDAP connection was closed

					for i in [0, 1]:  # do it twice if the LDAP connection was closed

						try:

						try:

							sync_successfull = self.__sync_file_from_ucs(filename, traceback_level=traceback_level)

							sync_successfull = self.__sync_file_from_ucs(filename, traceback_level=traceback_level)

							# once again, ldap idletimeout ...

							# once again, ldap idletimeout ...

							if i == 0:

							if i == 0:

								self.open_ucs()

								self.open_ucs()

				return True

				return True

			else:

			else:

				ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object from %s to %s" % (object['olddn'], object['dn']))

				ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object from %s to %s" % (object['olddn'], object['dn']))

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object in UCS")

			ud.debug(ud.LDAP, ud.INFO, "move_in_ucs: move object in UCS")

						if not self.sync_to_ucs(key, subobject_ucs, back_mapped_subobject['dn'], object):

						if not self.sync_to_ucs(key, subobject_ucs, back_mapped_subobject['dn'], object):

							try:

							try:

								ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0])

								ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0])

								raise

								raise

							except:  # FIXME: which exception is to be caught?

							except:  # FIXME: which exception is to be caught?

								ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed")

								ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed")

		try:

		try:

			ud.debug(ud.LDAP, ud.PROCESS, 'sync to ucs:   [%14s] [%10s] %s' % (property_type, object['modtype'], object['dn']))

			ud.debug(ud.LDAP, ud.PROCESS, 'sync to ucs:   [%14s] [%10s] %s' % (property_type, object['modtype'], object['dn']))

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			ud.debug(ud.LDAP, ud.PROCESS, 'sync to ucs...')

			ud.debug(ud.LDAP, ud.PROCESS, 'sync to ucs...')

						ud.debug(ud.LDAP, ud.INFO, "Call post_ucs_modify_functions: %s" % f)

						ud.debug(ud.LDAP, ud.INFO, "Call post_ucs_modify_functions: %s" % f)

						f(self, property_type, object)

						f(self, property_type, object)

						ud.debug(ud.LDAP, ud.INFO, "Call post_ucs_modify_functions: %s (done)" % f)

						ud.debug(ud.LDAP, ud.INFO, "Call post_ucs_modify_functions: %s (done)" % f)

				raise

				raise

			except:  # FIXME: which exception is to be caught?

			except:  # FIXME: which exception is to be caught?

				self._debug_traceback(ud.ERROR, "failed in post_con_modify_functions")

				self._debug_traceback(ud.ERROR, "failed in post_con_modify_functions")

		except univention.admin.uexceptions.valueMayNotChange, msg:

		except univention.admin.uexceptions.valueMayNotChange, msg:

			ud.debug(ud.LDAP, ud.ERROR, "Value may not change: %s (%s)" % (msg, object['dn']))

			ud.debug(ud.LDAP, ud.ERROR, "Value may not change: %s (%s)" % (msg, object['dn']))

			return False

			return False

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			self._debug_traceback(ud.ERROR, "Unknown Exception during sync_to_ucs")

			self._debug_traceback(ud.ERROR, "Unknown Exception during sync_to_ucs")

							return True

							return True

						else:

						else:

							return False

							return False

						raise

						raise

					except:

					except:

						ud.debug(ud.LDAP, ud.WARN, "attribute_filter: Failed to convert attributes for bitwise filter")

						ud.debug(ud.LDAP, ud.WARN, "attribute_filter: Failed to convert attributes for bitwise filter")

			else:

			else:

				try:

				try:

					s4_object[key] = encode_attriblist(s4_object[key])

					s4_object[key] = encode_attriblist(s4_object[key])

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					ud.debug(ud.LDAP, ud.WARN, "encode_s4_object: encode attrib %s failed, ignored!" % key)

					ud.debug(ud.LDAP, ud.WARN, "encode_s4_object: encode attrib %s failed, ignored!" % key)

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					ud.debug(ud.LDAP, ud.INFO, "get_object: got object: <print failed>")

					ud.debug(ud.LDAP, ud.INFO, "get_object: got object: <print failed>")

				return dn

				return dn

				if i == 0:

				if i == 0:

					self.open_s4()

					self.open_s4()

					continue

					continue

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					ud.debug(ud.LDAP, ud.INFO, "get_object: got object: <print failed>")

					ud.debug(ud.LDAP, ud.INFO, "get_object: got object: <print failed>")

				return encode_s4_object(s4_object)

				return encode_s4_object(s4_object)

				if i == 0:

				if i == 0:

					self.open_s4()

					self.open_s4()

					continue

					continue

			else:

			else:

				# Every object has got a uSNCreated

				# Every object has got a uSNCreated

				returnObjects = search_s4_changes_by_attribute('uSNCreated', lastUSN + 1)

				returnObjects = search_s4_changes_by_attribute('uSNCreated', lastUSN + 1)

			raise

			raise

		except ldap.SIZELIMIT_EXCEEDED:

		except ldap.SIZELIMIT_EXCEEDED:

			# The LDAP control page results was not sucessful. Without this control

			# The LDAP control page results was not sucessful. Without this control

						s4_members_from_ucs.add(s4_dn.lower())

						s4_members_from_ucs.add(s4_dn.lower())

						self.group_member_mapping_cache_ucs[member_dn.lower()] = s4_dn

						self.group_member_mapping_cache_ucs[member_dn.lower()] = s4_dn

						self.__group_cache_ucs_append_member(object_ucs_dn, member_dn)

						self.__group_cache_ucs_append_member(object_ucs_dn, member_dn)

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: failed to get S4 dn for UCS group member %s, assume object doesn't exist" % member_dn)

					ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: failed to get S4 dn for UCS group member %s, assume object doesn't exist" % member_dn)

						## Keep the member in Samba/AD if it's also present in OpenLDAP but ignored in synchronization?

						## Keep the member in Samba/AD if it's also present in OpenLDAP but ignored in synchronization?

						s4_members_from_ucs.add(member_dn.lower())

						s4_members_from_ucs.add(member_dn.lower())

						ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: Object ignored in S4 [%s], key = [%s]" % (ucs_dn, mo_key))

						ud.debug(ud.LDAP, ud.INFO, "group_members_sync_from_ucs: Object ignored in S4 [%s], key = [%s]" % (ucs_dn, mo_key))

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					self._debug_traceback(ud.INFO, "group_members_sync_from_ucs: failed to get UCS dn for S4 group member %s" % member_dn)

					self._debug_traceback(ud.INFO, "group_members_sync_from_ucs: failed to get UCS dn for S4 group member %s" % member_dn)

			ud.debug(ud.LDAP, ud.ALL, "group_members_sync_from_ucs: modlist: %s" % modlist_members)

			ud.debug(ud.LDAP, ud.ALL, "group_members_sync_from_ucs: modlist: %s" % modlist_members)

			try:

			try:

				self.lo_s4.lo.modify_s(compatible_modstring(object['dn']), [(ldap.MOD_REPLACE, 'member', modlist_members)])

				self.lo_s4.lo.modify_s(compatible_modstring(object['dn']), [(ldap.MOD_REPLACE, 'member', modlist_members)])

				raise

				raise

			except:  # FIXME: which exception is to be caught?

			except:  # FIXME: which exception is to be caught?

				ud.debug(ud.LDAP, ud.WARN, "group_members_sync_from_ucs: failed to sync members: (%s,%s)" % (object['dn'], [(ldap.MOD_REPLACE, 'member', modlist_members)]))

				ud.debug(ud.LDAP, ud.WARN, "group_members_sync_from_ucs: failed to sync members: (%s,%s)" % (object['dn'], [(ldap.MOD_REPLACE, 'member', modlist_members)]))

							self.__group_cache_con_append_member(s4_object_dn, member_dn)

							self.__group_cache_con_append_member(s4_object_dn, member_dn)

						else:

						else:

							ud.debug(ud.LDAP, ud.INFO, "Failed to find %s via self.lo.get" % ucs_dn)

							ud.debug(ud.LDAP, ud.INFO, "Failed to find %s via self.lo.get" % ucs_dn)

						raise

						raise

					except:  # FIXME: which exception is to be caught?

					except:  # FIXME: which exception is to be caught?

						ud.debug(ud.LDAP, ud.INFO, "group_members_sync_to_ucs: failed to get UCS dn for S4 group member %s, assume object doesn't exist" % member_dn)

						ud.debug(ud.LDAP, ud.INFO, "group_members_sync_to_ucs: failed to get UCS dn for S4 group member %s, assume object doesn't exist" % member_dn)

								ucs_members_from_s4[k].append(member_dn_lower)

								ucs_members_from_s4[k].append(member_dn_lower)

							break

							break

					raise

					raise

				except:  # FIXME: which exception is to be caught?

				except:  # FIXME: which exception is to be caught?

					self._debug_traceback(ud.INFO, "group_members_sync_to_ucs: failed to get S4 dn for UCS group member %s" % member_dn)

					self._debug_traceback(ud.INFO, "group_members_sync_to_ucs: failed to get S4 dn for UCS group member %s" % member_dn)

								sync_successfull = self.sync_to_ucs(property_key, mapped_object, dn, object)

								sync_successfull = self.sync_to_ucs(property_key, mapped_object, dn, object)

							else:

							else:

								sync_successfull = True

								sync_successfull = True

							raise

							raise

						except:  # FIXME: which exception is to be caught?

						except:  # FIXME: which exception is to be caught?

							self._debug_traceback(ud.ERROR, "sync of rejected object failed \n\t%s" % (object['dn']))

							self._debug_traceback(ud.ERROR, "sync of rejected object failed \n\t%s" % (object['dn']))

							self._remove_rejected(id)

							self._remove_rejected(id)

							self.__update_lastUSN(object)

							self.__update_lastUSN(object)

							self._set_DN_for_GUID(elements[0][1]['objectGUID'][0], elements[0][0])

							self._set_DN_for_GUID(elements[0][1]['objectGUID'][0], elements[0][0])

					raise

					raise

				except Exception, msg:

				except Exception, msg:

					self._debug_traceback(ud.ERROR, "unexpected Error during s4.resync_rejected")

					self._debug_traceback(ud.ERROR, "unexpected Error during s4.resync_rejected")

		changes = []

		changes = []

		try:

		try:

			changes = self.__search_s4_changes(show_deleted=show_deleted)

			changes = self.__search_s4_changes(show_deleted=show_deleted)

			raise

			raise

		except:  # FIXME: which exception is to be caught?

		except:  # FIXME: which exception is to be caught?

			self._debug_traceback(ud.WARN, "Exception during search_s4_changes")

			self._debug_traceback(ud.WARN, "Exception during search_s4_changes")

		# Check if the connection to UCS ldap exists. Otherwise re-create the session.

		# Check if the connection to UCS ldap exists. Otherwise re-create the session.

		try:

		try:

			self.search_ucs(scope=ldap.SCOPE_BASE)

			self.search_ucs(scope=ldap.SCOPE_BASE)

			ud.debug(ud.LDAP, ud.INFO, "UCS LDAP connection was closed, re-open the connection.")

			ud.debug(ud.LDAP, ud.INFO, "UCS LDAP connection was closed, re-open the connection.")

			self.open_ucs()

			self.open_ucs()

							sync_successfull = self.sync_to_ucs(property_key, mapped_object, object['dn'], object)

							sync_successfull = self.sync_to_ucs(property_key, mapped_object, object['dn'], object)

						else:

						else:

							sync_successfull = True

							sync_successfull = True

						ud.debug(ud.LDAP, ud.ERROR, "Got server downn during sync, re-open ucs and s4 the connection")

						ud.debug(ud.LDAP, ud.ERROR, "Got server downn during sync, re-open ucs and s4 the connection")

						time.sleep(1)

						time.sleep(1)

						self.open_ucs()

						self.open_ucs()

						try:

						try:

							GUID = old_element[1]['objectGUID'][0]

							GUID = old_element[1]['objectGUID'][0]

							self._set_DN_for_GUID(GUID, old_element[0])

							self._set_DN_for_GUID(GUID, old_element[0])

							raise

							raise

						except:  # FIXME: which exception is to be caught?

						except:  # FIXME: which exception is to be caught?

							self._debug_traceback(ud.WARN, "Exception during set_DN_for_GUID")

							self._debug_traceback(ud.WARN, "Exception during set_DN_for_GUID")

			# the old object was moved in UCS, but does this object exist in S4?

			# the old object was moved in UCS, but does this object exist in S4?

			try:

			try:

				old_object = self.lo_s4.lo.search_ext_s(compatible_modstring(old_dn), ldap.SCOPE_BASE, 'objectClass=*', timeout=-1, sizelimit=0)

				old_object = self.lo_s4.lo.search_ext_s(compatible_modstring(old_dn), ldap.SCOPE_BASE, 'objectClass=*', timeout=-1, sizelimit=0)

				raise

				raise

			except:

			except:

				old_object = None

				old_object = None

					if not self.sync_from_ucs(key, subobject_s4, back_mapped_subobject['dn']):

					if not self.sync_from_ucs(key, subobject_s4, back_mapped_subobject['dn']):

						try:

						try:

							ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0])

							ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed: %s" % result[0])

							raise

							raise

						except:  # FIXME: which exception is to be caught?

						except:  # FIXME: which exception is to be caught?

							ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed")

							ud.debug(ud.LDAP, ud.WARN, "delete of subobject failed")

				baseConfig['%s/s4/listener/dir' % CONFIGBASENAME]

				baseConfig['%s/s4/listener/dir' % CONFIGBASENAME]

			)

			)

			s4_init = True

			s4_init = True

			print "Warning: Can't initialize LDAP-Connections, wait..."

			print "Warning: Can't initialize LDAP-Connections, wait..."

			sys.stdout.flush()

			sys.stdout.flush()

			time.sleep(poll_sleep)

			time.sleep(poll_sleep)

		try:

		try:

			s4.initialize_ucs()

			s4.initialize_ucs()

			ucs_init = True

			ucs_init = True

			print "Can't contact LDAP server during ucs-poll, sync not possible."

			print "Can't contact LDAP server during ucs-poll, sync not possible."

			sys.stdout.flush()

			sys.stdout.flush()

			time.sleep(poll_sleep)

			time.sleep(poll_sleep)

		try:

		try:

			s4.initialize()

			s4.initialize()

			s4_init = True

			s4_init = True

			print "Can't contact LDAP server during ucs-poll, sync not possible."

			print "Can't contact LDAP server during ucs-poll, sync not possible."

			sys.stdout.flush()

			sys.stdout.flush()

			time.sleep(poll_sleep)

			time.sleep(poll_sleep)

					continue

					continue

				else:

				else:

					break

					break

				print "Can't contact LDAP server during ucs-poll, sync not possible."

				print "Can't contact LDAP server during ucs-poll, sync not possible."

				connected = False

				connected = False

				sys.stdout.flush()

				sys.stdout.flush()

					continue

					continue

				else:

				else:

					break

					break

				print "Can't contact LDAP server during s4-poll, sync not possible."

				print "Can't contact LDAP server during s4-poll, sync not possible."

				connected = False

				connected = False

				sys.stdout.flush()

				sys.stdout.flush()

				retry_rejected = 0

				retry_rejected = 0

			else:

			else:

				retry_rejected += 1

				retry_rejected += 1

			print "Can't contact LDAP server during resync rejected, sync not possible."

			print "Can't contact LDAP server during resync rejected, sync not possible."

			connected = False

			connected = False

			sys.stdout.flush()

			sys.stdout.flush()

			configRegistry['%s/s4/ldap/certificate' % CONFIGBASENAME],

			configRegistry['%s/s4/ldap/certificate' % CONFIGBASENAME],

			configRegistry['%s/s4/listener/dir' % CONFIGBASENAME]

			configRegistry['%s/s4/listener/dir' % CONFIGBASENAME]

		)

		)

		print "ERROR: Can't initialize LDAP-Connections."

		print "ERROR: Can't initialize LDAP-Connections."

		raise

		raise

		try:

		try:

			self.lo_s4 = univention.uldap.access(host=ldap_host_s4, port=ldap_port_s4, base=self.ldap_base_s4, binddn=ldap_binddn_s4, bindpw=ldap_bindpw_s4, start_tls=tls_mode, ca_certfile=ldap_certificate_s4, decode_ignorelist=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord', 'member', 'unicodePwd'], uri=ldap_uri_s4)

			self.lo_s4 = univention.uldap.access(host=ldap_host_s4, port=ldap_port_s4, base=self.ldap_base_s4, binddn=ldap_binddn_s4, bindpw=ldap_bindpw_s4, start_tls=tls_mode, ca_certfile=ldap_certificate_s4, decode_ignorelist=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord', 'member', 'unicodePwd'], uri=ldap_uri_s4)

			self.lo_s4.lo.set_option(ldap.OPT_REFERRALS, 0)

			self.lo_s4.lo.set_option(ldap.OPT_REFERRALS, 0)

	def open_ucs(self, binddn, bindpwd):

	def open_ucs(self, binddn, bindpwd):

		if not binddn:

		if not binddn:

		try:

		try:

			self.lo = univention.admin.uldap.access(host=self.ucr['ldap/master'], base=self.ucr['ldap/base'], binddn=binddn, bindpw=bindpwd, start_tls=2)

			self.lo = univention.admin.uldap.access(host=self.ucr['ldap/master'], base=self.ucr['ldap/base'], binddn=binddn, bindpw=bindpwd, start_tls=2)

	def _object_mapping(self, key, object, connection):

	def _object_mapping(self, key, object, connection):

		return key

		return key

			ud.debug(ud.LDAP, ud.PROCESS, "The Samba4 user (krbtgt) was not found.")

			ud.debug(ud.LDAP, ud.PROCESS, "The Samba4 user (krbtgt) was not found.")

			print "The Samba4 user (krbtgt) was not found."

			print "The Samba4 user (krbtgt) was not found."

			return

			return

		if not res_s4:

		if not res_s4:

			ud.debug(ud.LDAP, ud.PROCESS, " The Samba4 user (krbtgt) was not found." % username)

			ud.debug(ud.LDAP, ud.PROCESS, " The Samba4 user (krbtgt) was not found." % username)

			print "\nThe Samba4 user (krbtgt) was not found." % username

			print "\nThe Samba4 user (krbtgt) was not found." % username

	try:

	try:

		s4 = S4(options.ucrbase, options.binddn, options.bindpwd)

		s4 = S4(options.ucrbase, options.binddn, options.bindpwd)

		s4.sync_password()

		s4.sync_password()

		sys.exit(1)

		sys.exit(1)

		try:

		try:

			self.lo_s4 = univention.uldap.access(host=ldap_host_s4, port=ldap_port_s4, base=self.ldap_base_s4, binddn=ldap_binddn_s4, bindpw=ldap_bindpw_s4, start_tls=tls_mode, ca_certfile=ldap_certificate_s4, decode_ignorelist=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord', 'member', 'unicodePwd'], uri=ldap_uri_s4)

			self.lo_s4 = univention.uldap.access(host=ldap_host_s4, port=ldap_port_s4, base=self.ldap_base_s4, binddn=ldap_binddn_s4, bindpw=ldap_bindpw_s4, start_tls=tls_mode, ca_certfile=ldap_certificate_s4, decode_ignorelist=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord', 'member', 'unicodePwd'], uri=ldap_uri_s4)

			self.lo_s4.lo.set_option(ldap.OPT_REFERRALS, 0)

			self.lo_s4.lo.set_option(ldap.OPT_REFERRALS, 0)

	def open_ucs(self, binddn, bindpwd):

	def open_ucs(self, binddn, bindpwd):

		if not binddn:

		if not binddn:

		try:

		try:

			self.lo = univention.admin.uldap.access(host=self.ucr['ldap/master'], base=self.ucr['ldap/base'], binddn=binddn, bindpw=bindpwd, start_tls=2)

			self.lo = univention.admin.uldap.access(host=self.ucr['ldap/master'], base=self.ucr['ldap/base'], binddn=binddn, bindpw=bindpwd, start_tls=2)

	def _object_mapping(self, key, object, connection):

	def _object_mapping(self, key, object, connection):

		return key

		return key

			ud.debug(ud.LDAP, ud.PROCESS, "password_ucs_to_s4: The Samba4 user (%s) was not found." % username)

			ud.debug(ud.LDAP, ud.PROCESS, "password_ucs_to_s4: The Samba4 user (%s) was not found." % username)

			print "password_ucs_to_s4: The Samba4 user (%s) was not found." % username

			print "password_ucs_to_s4: The Samba4 user (%s) was not found." % username

			return

			return

		if not res:

		if not res:

			ud.debug(ud.LDAP, ud.PROCESS, "password_ucs_to_s4: The Samba4 user (%s) was not found." % username)

			ud.debug(ud.LDAP, ud.PROCESS, "password_ucs_to_s4: The Samba4 user (%s) was not found." % username)

			print "\npassword_ucs_to_s4: The Samba4 user (%s) was not found." % username

			print "\npassword_ucs_to_s4: The Samba4 user (%s) was not found." % username

	try:

	try:

		s4 = S4(options.ucrbase, options.binddn, options.bindpwd)

		s4 = S4(options.ucrbase, options.binddn, options.bindpwd)

		s4.sync_password(args[0])

		s4.sync_password(args[0])

		sys.exit(1)

		sys.exit(1)

	try:

	try:

		lo = _get_connection()

		lo = _get_connection()

		_search(lo)

		_search(lo)

		pass

		pass

	else:

	else:

		fail('Search was successful')

		fail('Search was successful')

	_start_delyed(delay=11)

	_start_delyed(delay=11)

	try:

	try:

		_search(lo)

		_search(lo)

		pass

		pass

	else:

	else:

		fail('Search was successful')

		fail('Search was successful')

	while i < attempts:

	while i < attempts:

		try:

		try:

			return ldap.schema.subentry.urlfetch(ldap_uri)

			return ldap.schema.subentry.urlfetch(ldap_uri)

			if i >= (attempts - 1):

			if i >= (attempts - 1):

				raise

				raise

			time.sleep(1)

			time.sleep(1)

			s4_ldap_bindpw,

			s4_ldap_bindpw,

			configRegistry['%s/s4/ldap/certificate' % CONFIGBASENAME],

			configRegistry['%s/s4/ldap/certificate' % CONFIGBASENAME],

			configRegistry['%s/s4/listener/dir' % CONFIGBASENAME])

			configRegistry['%s/s4/listener/dir' % CONFIGBASENAME])

		print "ERROR: Can't initialize LDAP-Connections."

		print "ERROR: Can't initialize LDAP-Connections."

		raise

		raise

            if admin_uldap:

            if admin_uldap:

                lo = access(lo=lo)

                lo = access(lo=lo)

            return lo

            return lo

            pass

            pass

def verify_ldap_object(baseDn, expected_attr=None, strict=True, should_exist=True):

def verify_ldap_object(baseDn, expected_attr=None, strict=True, should_exist=True):

	import pickle

	import pickle

import univention.config_registry as ucr

import univention.config_registry as ucr

import univention.uldap

import univention.uldap

import univention.admin.uldap

import univention.admin.uldap

import univention.admin.modules

import univention.admin.modules

import univention.admin.handlers.uvmm.info as uvmm_info

import univention.admin.handlers.uvmm.info as uvmm_info

	try:

	try:

		lo, position = univention.admin.uldap.getMachineConnection(ldap_master=False)

		lo, position = univention.admin.uldap.getMachineConnection(ldap_master=False)

		base = "%s,%s" % (LDAP_INFO_RDN, position.getDn())

		base = "%s,%s" % (LDAP_INFO_RDN, position.getDn())

		raise LdapConnectionError(_('Could not open LDAP-Machine connection'))

		raise LdapConnectionError(_('Could not open LDAP-Machine connection'))

	co = None

	co = None

	dn = "%s=%s,%s" % (uvmm_info.mapping.mapName('uuid'), uuid, base)

	dn = "%s=%s,%s" % (uvmm_info.mapping.mapName('uuid'), uuid, base)

	try:

	try:

		lo, position = univention.admin.uldap.getMachineConnection(ldap_master=True)

		lo, position = univention.admin.uldap.getMachineConnection(ldap_master=True)

		base = "%s,%s" % (LDAP_INFO_RDN, position.getDn())

		base = "%s,%s" % (LDAP_INFO_RDN, position.getDn())

		raise LdapConnectionError(_('Could not open LDAP-Admin connection'))

		raise LdapConnectionError(_('Could not open LDAP-Admin connection'))

	co = None

	co = None

	dn = "%s=%s,%s" % (uvmm_info.mapping.mapName('uuid'), uuid, base)

	dn = "%s=%s,%s" % (uvmm_info.mapping.mapName('uuid'), uuid, base)