Lines 532-557
def password_sync_ucs_to_s4(s4connector, key, object):
|
Link Here
|
---|
|
532 |
|
532 |
|
533 |
# ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: Password-Hash from UCS: %s" % ucsNThash) |
533 |
# ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: Password-Hash from UCS: %s" % ucsNThash) |
534 |
|
534 |
|
535 |
s4_object_attributes = s4connector.lo_s4.get(compatible_modstring(object['dn']), ['pwdLastSet', 'objectSid']) |
535 |
s4_object_attributes = s4connector.lo_s4.get(compatible_modstring(object['dn']), ['pwdLastSet', 'unicodePwd', 'userPrincipalName', 'supplementalCredentials', 'msDS-KeyVersionNumber', 'dBCSPwd']) |
536 |
pwdLastSet = None |
536 |
pwdLastSet = None |
537 |
if 'pwdLastSet' in s4_object_attributes: |
537 |
if 'pwdLastSet' in s4_object_attributes: |
538 |
pwdLastSet = long(s4_object_attributes['pwdLastSet'][0]) |
538 |
pwdLastSet = long(s4_object_attributes['pwdLastSet'][0]) |
539 |
objectSid = univention.s4connector.s4.decode_sid(s4_object_attributes['objectSid'][0]) |
539 |
objectSid = univention.s4connector.s4.decode_sid(s4_object_attributes['objectSid'][0]) |
540 |
ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: pwdLastSet from S4 : %s" % pwdLastSet) |
540 |
ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: pwdLastSet from S4 : %s" % pwdLastSet) |
541 |
# rid = None |
|
|
542 |
# if s4_object_attributes.has_key('objectSid'): |
543 |
# rid = str(univention.s4connector.s4.decode_sid(s4_object_attributes['objectSid'][0]).split('-')[-1]) |
544 |
|
541 |
|
545 |
pwd_set = False |
542 |
pwd_set = False |
546 |
filter_expr = format_escaped('(objectSid={0!e})', objectSid) |
543 |
|
547 |
res = s4connector.lo_s4.search(filter=filter_expr, attr=['unicodePwd', 'userPrincipalName', 'supplementalCredentials', 'msDS-KeyVersionNumber', 'dBCSPwd']) |
544 |
unicodePwd_attr = s4_object_attributes.get('unicodePwd', [None])[0] |
548 |
s4_search_attributes = res[0][1] |
545 |
dBCSPwd_attr = s4_object_attributes.get('dBCSPwd', [None])[0] |
549 |
|
546 |
userPrincipalName_attr = s4_object_attributes.get('userPrincipalName', [None])[0] |
550 |
unicodePwd_attr = s4_search_attributes.get('unicodePwd', [None])[0] |
547 |
supplementalCredentials = s4_object_attributes.get('supplementalCredentials', [None])[0] |
551 |
dBCSPwd_attr = s4_search_attributes.get('dBCSPwd', [None])[0] |
548 |
msDS_KeyVersionNumber = s4_object_attributes.get('msDS-KeyVersionNumber', [0])[0] |
552 |
userPrincipalName_attr = s4_search_attributes.get('userPrincipalName', [None])[0] |
|
|
553 |
supplementalCredentials = s4_search_attributes.get('supplementalCredentials', [None])[0] |
554 |
msDS_KeyVersionNumber = s4_search_attributes.get('msDS-KeyVersionNumber', [0])[0] |
555 |
# ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: Password-Hash from S4: %s" % unicodePwd_attr) |
549 |
# ud.debug(ud.LDAP, ud.INFO, "password_sync_ucs_to_s4: Password-Hash from S4: %s" % unicodePwd_attr) |
556 |
|
550 |
|
557 |
s4NThash = None |
551 |
s4NThash = None |
Lines 666-672
def password_sync_s4_to_ucs(s4connector, key, ucs_object, modifyUserPassword=Tru
|
Link Here
|
---|
|
666 |
return |
660 |
return |
667 |
|
661 |
|
668 |
object = s4connector._object_mapping(key, ucs_object, 'ucs') |
662 |
object = s4connector._object_mapping(key, ucs_object, 'ucs') |
669 |
s4_object_attributes = s4connector.lo_s4.get(compatible_modstring(object['dn']), ['objectSid', 'pwdLastSet']) |
663 |
s4_object_attributes = s4connector.lo_s4.get(compatible_modstring(object['dn']), ['pwdLastSet', 'unicodePwd', 'supplementalCredentials', 'msDS-KeyVersionNumber', 'dBCSPwd']) |
670 |
|
664 |
|
671 |
if s4connector.isInCreationList(object['dn']): |
665 |
if s4connector.isInCreationList(object['dn']): |
672 |
s4connector.removeFromCreationList(object['dn']) |
666 |
s4connector.removeFromCreationList(object['dn']) |
Lines 677-703
def password_sync_s4_to_ucs(s4connector, key, ucs_object, modifyUserPassword=Tru
|
Link Here
|
---|
|
677 |
if 'pwdLastSet' in s4_object_attributes: |
671 |
if 'pwdLastSet' in s4_object_attributes: |
678 |
pwdLastSet = long(s4_object_attributes['pwdLastSet'][0]) |
672 |
pwdLastSet = long(s4_object_attributes['pwdLastSet'][0]) |
679 |
ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: pwdLastSet from S4: %s (%s)" % (pwdLastSet, s4_object_attributes)) |
673 |
ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: pwdLastSet from S4: %s (%s)" % (pwdLastSet, s4_object_attributes)) |
680 |
objectSid = univention.s4connector.s4.decode_sid(s4_object_attributes['objectSid'][0]) |
|
|
681 |
|
682 |
# rid = None |
683 |
# if s4_object_attributes.has_key('objectSid'): |
684 |
# rid = str(univention.s4connector.s4.decode_sid(s4_object_attributes['objectSid'][0]).split('-')[-1]) |
685 |
|
686 |
filter_expr = format_escaped('(objectSid={0!e})', objectSid) |
687 |
res = s4connector.lo_s4.search(filter=filter_expr, attr=['unicodePwd', 'supplementalCredentials', 'msDS-KeyVersionNumber', 'dBCSPwd']) |
688 |
s4_search_attributes = res[0][1] |
689 |
|
674 |
|
690 |
unicodePwd_attr = s4_search_attributes.get('unicodePwd', [None])[0] |
675 |
unicodePwd_attr = s4_object_attributes.get('unicodePwd', [None])[0] |
691 |
if unicodePwd_attr: |
676 |
if unicodePwd_attr: |
692 |
ntPwd = binascii.b2a_hex(unicodePwd_attr).upper() |
677 |
ntPwd = binascii.b2a_hex(unicodePwd_attr).upper() |
693 |
|
678 |
|
694 |
lmPwd = '' |
679 |
lmPwd = '' |
695 |
dBCSPwd = s4_search_attributes.get('dBCSPwd', [None])[0] |
680 |
dBCSPwd = s4_object_attributes.get('dBCSPwd', [None])[0] |
696 |
if dBCSPwd: |
681 |
if dBCSPwd: |
697 |
lmPwd = binascii.b2a_hex(dBCSPwd).upper() |
682 |
lmPwd = binascii.b2a_hex(dBCSPwd).upper() |
698 |
|
683 |
|
699 |
supplementalCredentials = s4_search_attributes.get('supplementalCredentials', [None])[0] |
684 |
supplementalCredentials = s4_object_attributes.get('supplementalCredentials', [None])[0] |
700 |
msDS_KeyVersionNumber = s4_search_attributes.get('msDS-KeyVersionNumber', [0])[0] |
685 |
msDS_KeyVersionNumber = s4_object_attributes.get('msDS-KeyVersionNumber', [0])[0] |
701 |
|
686 |
|
702 |
ntPwd_ucs = '' |
687 |
ntPwd_ucs = '' |
703 |
lmPwd_ucs = '' |
688 |
lmPwd_ucs = '' |
704 |
- |
|
|
705 |
pwdLastSet changed, even if the hashes didn't |
689 |
pwdLastSet changed, even if the hashes didn't |
706 |
-- |
|
|
707 |
.../modules/univention/s4connector/__init__.py | 1 + |
690 |
.../modules/univention/s4connector/__init__.py | 1 + |
708 |
.../modules/univention/s4connector/s4/password.py | 17 ++++++++++++----- |
691 |
.../modules/univention/s4connector/s4/password.py | 17 ++++++++++++----- |
709 |
2 files changed, 13 insertions(+), 5 deletions(-) |
692 |
2 files changed, 13 insertions(+), 5 deletions(-) |