|
38 |
import univention.s4connector |
38 |
import univention.s4connector |
39 |
import univention.debug2 as ud |
39 |
import univention.debug2 as ud |
40 |
from ldap.controls import LDAPControl |
40 |
from ldap.controls import LDAPControl |
41 |
from ldap.controls import SimplePagedResultsControl |
41 |
from ldap.controls import SimplePagedResultsControl, LDAPControl |
42 |
from samba.dcerpc import security |
42 |
from samba.dcerpc import security |
43 |
from samba.ndr import ndr_pack, ndr_unpack |
43 |
from samba.ndr import ndr_pack, ndr_unpack |
44 |
from samba.dcerpc import misc |
44 |
from samba.dcerpc import misc |
|
45 |
|
45 |
|
46 |
DECODE_IGNORELIST=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord'] |
46 |
DECODE_IGNORELIST=['objectSid', 'objectGUID', 'repsFrom', 'replUpToDateVector', 'ipsecData', 'logonHours', 'userCertificate', 'dNSProperty', 'dnsRecord'] |
47 |
|
47 |
|
|
|
48 |
LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417" |
49 |
LDB_CONTROL_DOMAIN_SCOPE_OID = "1.2.840.113556.1.4.1339" |
50 |
LDB_CONTROL_RELAX_OID = "1.3.6.1.4.1.4203.666.5.12" |
51 |
LDB_CONTROL_PROVISION_OID = '1.3.6.1.4.1.7165.4.3.16' |
52 |
|
48 |
# page results |
53 |
# page results |
49 |
PAGE_SIZE = 1000 |
54 |
PAGE_SIZE = 1000 |
50 |
|
55 |
|
|
110 |
|
115 |
|
111 |
ud.debug(ud.LDAP, ud.INFO, 'add_primary_group_to_addlist: Set primary group to %s (rid) for %s' % (primary_group_rid, object.get('dn'))) |
116 |
ud.debug(ud.LDAP, ud.INFO, 'add_primary_group_to_addlist: Set primary group to %s (rid) for %s' % (primary_group_rid, object.get('dn'))) |
112 |
addlist.append(('primaryGroupID', [primary_group_rid])) |
117 |
addlist.append(('primaryGroupID', [primary_group_rid])) |
113 |
LDB_CONTROL_RELAX_OID = '1.3.6.1.4.1.4203.666.5.12' |
|
|
114 |
serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0)) |
118 |
serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0)) |
115 |
|
119 |
|
116 |
def __is_groupType_local(groupType): |
120 |
def __is_groupType_local(groupType): |
|
126 |
|
130 |
|
127 |
ud.debug(ud.LDAP, ud.INFO, "groupType: %s" % groupType) |
131 |
ud.debug(ud.LDAP, ud.INFO, "groupType: %s" % groupType) |
128 |
if __is_groupType_local(groupType): |
132 |
if __is_groupType_local(groupType): |
129 |
LDB_CONTROL_RELAX_OID = '1.3.6.1.4.1.4203.666.5.12' |
|
|
130 |
serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0)) |
133 |
serverctrls.append(LDAPControl(LDB_CONTROL_RELAX_OID,criticality=0)) |
131 |
|
134 |
|
132 |
sambaSID = object.get('attributes', {}).get('sambaSID', [])[0] |
135 |
sambaSID = object.get('attributes', {}).get('sambaSID', [])[0] |
|
384 |
def old_user_dn_mapping(s4connector, given_object): |
387 |
def old_user_dn_mapping(s4connector, given_object): |
385 |
object = copy.deepcopy(given_object) |
388 |
object = copy.deepcopy(given_object) |
386 |
|
389 |
|
387 |
# LDAP_SERVER_SHOW_DELETED_OID -> 1.2.840.113556.1.4.417 |
390 |
ctrls = [LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1)] |
388 |
ctrls = [LDAPControl('1.2.840.113556.1.4.417',criticality=1)] |
|
|
389 |
samaccountname = '' |
391 |
samaccountname = '' |
390 |
|
392 |
|
391 |
if object.has_key('sAMAccountName'): |
393 |
if object.has_key('sAMAccountName'): |
|
753 |
ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4 GUID'") |
755 |
ud.debug(ud.LDAP, ud.INFO,"__init__: init add config section 'S4 GUID'") |
754 |
self.config.add_section('S4 GUID') |
756 |
self.config.add_section('S4 GUID') |
755 |
try: |
757 |
try: |
756 |
# LDAP_SERVER_SHOW_DELETED_OID -> 1.2.840.113556.1.4.417 |
758 |
self.ctrl_show_deleted = LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1) |
757 |
self.ctrl_show_deleted = LDAPControl('1.2.840.113556.1.4.417',criticality=1) |
|
|
758 |
res = self.lo_s4.lo.search_ext_s('',ldap.SCOPE_BASE, 'objectclass=*',[], |
759 |
res = self.lo_s4.lo.search_ext_s('',ldap.SCOPE_BASE, 'objectclass=*',[], |
759 |
serverctrls=[ self.ctrl_show_deleted ], |
760 |
serverctrls=[ self.ctrl_show_deleted ], |
760 |
timeout=-1, sizelimit=0) |
761 |
timeout=-1, sizelimit=0) |
|
773 |
|
774 |
|
774 |
# objectSid modification for an Samba4 object is only possible with the "provision" control: |
775 |
# objectSid modification for an Samba4 object is only possible with the "provision" control: |
775 |
if self.configRegistry.is_true('connector/s4/mapping/sid_to_s4', False): |
776 |
if self.configRegistry.is_true('connector/s4/mapping/sid_to_s4', False): |
776 |
LDB_CONTROL_PROVISION_OID = '1.3.6.1.4.1.7165.4.3.16' |
|
|
777 |
self.serverctrls_for_add_and_modify.append(LDAPControl(LDB_CONTROL_PROVISION_OID,criticality=0) ) |
777 |
self.serverctrls_for_add_and_modify.append(LDAPControl(LDB_CONTROL_PROVISION_OID,criticality=0) ) |
778 |
|
778 |
|
779 |
# Save a list of objects just created, this is needed to |
779 |
# Save a list of objects just created, this is needed to |
|
865 |
|
865 |
|
866 |
self.lo_s4.lo.set_option(ldap.OPT_REFERRALS,0) |
866 |
self.lo_s4.lo.set_option(ldap.OPT_REFERRALS,0) |
867 |
|
867 |
|
|
|
868 |
if not self.configRegistry.get('connector/s4/mapping/dns/position') == 'legacy': |
869 |
self.s4_ldap_partitions = (self.s4_ldap_base, "DC=DomainDNSZones,%s" % self.s4_ldap_base) |
870 |
else: |
871 |
self.s4_ldap_partitions = (self.s4_ldap_base,) |
872 |
|
873 |
|
868 |
# encode string to unicode |
874 |
# encode string to unicode |
869 |
def encode(self, string): |
875 |
def encode(self, string): |
870 |
try: |
876 |
try: |
|
1003 |
|
1009 |
|
1004 |
return max(usnchanged,usncreated) |
1010 |
return max(usnchanged,usncreated) |
1005 |
|
1011 |
|
|
|
1012 |
def __search_s4_partitions(self, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False): |
1013 |
''' |
1014 |
search s4 across all partitions listed in self.s4_ldap_partitions |
1015 |
''' |
1016 |
_d=ud.function('ldap.__search_s4_partitions') |
1017 |
res = [] |
1018 |
for base in self.s4_ldap_partitions: |
1019 |
res += self.__search_s4(base, scope, filter, attrlist, show_deleted) |
1020 |
|
1021 |
return res |
1022 |
|
1006 |
def __search_s4(self, base=None, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False): |
1023 |
def __search_s4(self, base=None, scope=ldap.SCOPE_SUBTREE, filter='', attrlist= [], show_deleted=False): |
1007 |
''' |
1024 |
''' |
1008 |
search s4 |
1025 |
search s4 |
|
1012 |
if not base: |
1029 |
if not base: |
1013 |
base=self.lo_s4.base |
1030 |
base=self.lo_s4.base |
1014 |
|
1031 |
|
1015 |
ctrls=[] |
1032 |
ctrls=[ |
1016 |
ctrls.append(SimplePagedResultsControl(True, PAGE_SIZE, '')) |
1033 |
LDAPControl(LDB_CONTROL_DOMAIN_SCOPE_OID, criticality=0), ## Don't show referrals |
|
|
1034 |
SimplePagedResultsControl(True, PAGE_SIZE, '')), |
1035 |
] |
1017 |
|
1036 |
|
1018 |
if show_deleted: |
1037 |
if show_deleted: |
1019 |
# LDAP_SERVER_SHOW_DELETED_OID -> 1.2.840.113556.1.4.417 |
1038 |
ctrls.append(LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1)) |
1020 |
ctrls.append(LDAPControl('1.2.840.113556.1.4.417',criticality=1)) |
|
|
1021 |
|
1039 |
|
1022 |
ud.debug(ud.LDAP, ud.INFO, "Search S4 with filter: %s" % filter) |
1040 |
ud.debug(ud.LDAP, ud.INFO, "Search S4 with filter: %s" % filter) |
1023 |
msgid = self.lo_s4.lo.search_ext(base, scope, filter, attrlist, serverctrls=ctrls, timeout=-1, sizelimit=0) |
1041 |
msgid = self.lo_s4.lo.search_ext(base, scope, filter, attrlist, serverctrls=ctrls, timeout=-1, sizelimit=0) |
|
1046 |
else: |
1064 |
else: |
1047 |
ud.debug(ud.LDAP, ud.WARN, "S4 ignores PAGE_RESULTS") |
1065 |
ud.debug(ud.LDAP, ud.WARN, "S4 ignores PAGE_RESULTS") |
1048 |
break |
1066 |
break |
1049 |
|
|
|
1050 |
|
1067 |
|
1051 |
return encode_s4_resultlist(res) |
1068 |
return encode_s4_resultlist(res) |
1052 |
|
1069 |
|
|
1078 |
if filter !='': |
1095 |
if filter !='': |
1079 |
usnFilter = '(&(%s)(%s))' % ( filter, usnFilter ) |
1096 |
usnFilter = '(&(%s)(%s))' % ( filter, usnFilter ) |
1080 |
|
1097 |
|
1081 |
return self.__search_s4( filter=usnFilter, show_deleted=show_deleted) |
1098 |
res = self.__search_s4_partitions(filter=usnFilter, show_deleted=show_deleted) |
|
|
1099 |
return sorted(res, key=lambda element: element[1][attribute][0]) |
1082 |
|
1100 |
|
1083 |
|
1101 |
|
1084 |
# search fpr objects with uSNCreated and uSNChanged in the known range |
1102 |
# search fpr objects with uSNCreated and uSNChanged in the known range |
|
1132 |
filter = '(&(%s)(|(uSNChanged=%s)(uSNCreated=%s)))' % (filter,changeUSN,changeUSN) |
1150 |
filter = '(&(%s)(|(uSNChanged=%s)(uSNCreated=%s)))' % (filter,changeUSN,changeUSN) |
1133 |
else: |
1151 |
else: |
1134 |
filter = '(|(uSNChanged=%s)(uSNCreated=%s))' % (changeUSN,changeUSN) |
1152 |
filter = '(|(uSNChanged=%s)(uSNCreated=%s))' % (changeUSN,changeUSN) |
1135 |
return self.__search_s4(filter=filter, show_deleted=show_deleted) |
|
|
1136 |
|
1153 |
|
|
|
1154 |
return self.__search_s4_partitions(filter=usnFilter, show_deleted=show_deleted) |
1137 |
|
1155 |
|
|
|
1156 |
|
1138 |
def __dn_from_deleted_object(self, object, GUID): |
1157 |
def __dn_from_deleted_object(self, object, GUID): |
1139 |
''' |
1158 |
''' |
1140 |
gets dn for deleted object (original dn before the object was moved into the deleted objects container) |
1159 |
gets dn for deleted object (original dn before the object was moved into the deleted objects container) |