|
348 |
_d=univention.debug.function('uldap.searchDn filter=%s base=%s scope=%s unique=%d required=%d' % (filter, base, scope, unique, required)) |
348 |
_d=univention.debug.function('uldap.searchDn filter=%s base=%s scope=%s unique=%d required=%d' % (filter, base, scope, unique, required)) |
349 |
return map(lambda(x): x[0], self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls)) |
349 |
return map(lambda(x): x[0], self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls)) |
350 |
|
350 |
|
351 |
def getPolicies(self, dn, policies = None, attrs = None, result = None, fixedattrs = None ): |
351 |
def _get_policies(self, dn): |
|
|
352 |
return self.get(dn, ['univentionPolicyReference']) |
353 |
|
354 |
def getPolicies(self, dn, policies=None, attrs=None): |
352 |
if attrs is None: |
355 |
if attrs is None: |
353 |
attrs = {} |
356 |
attrs = {} |
354 |
if result is None: |
|
|
355 |
result = {} |
356 |
if fixedattrs is None: |
357 |
fixedattrs = {} |
358 |
if policies is None: |
357 |
if policies is None: |
359 |
policies = [] |
358 |
policies = [] |
360 |
_d=univention.debug.function('uldap.getPolicies dn=%s policies=%s attrs=%s result=%s fixedattrs=%s' % (dn, policies, attrs, result, fixedattrs)) |
359 |
_d = univention.debug.function('uldap.getPolicies dn=%s policies=%s attrs=%s' % ( |
|
|
360 |
dn, policies, attrs)) |
361 |
if not dn and not policies: # if policies is set apply a fictionally referenced list of policies |
361 |
if not dn and not policies: # if policies is set apply a fictionally referenced list of policies |
362 |
return {} |
362 |
return {} |
363 |
|
363 |
|
|
371 |
elif not policies and not attrs: |
371 |
elif not policies and not attrs: |
372 |
policies=oattrs.get('univentionPolicyReference', []) |
372 |
policies=oattrs.get('univentionPolicyReference', []) |
373 |
|
373 |
|
374 |
object_classes = [x.lower() for x in oattrs.get('objectClass', [])] |
374 |
object_classes = {x.lower() for x in oattrs.get('objectClass', [])} |
375 |
|
375 |
|
|
|
376 |
result = {} |
376 |
if dn: |
377 |
if dn: |
377 |
parent_dn=self.parentDn(dn) |
378 |
obj_dn = dn |
378 |
if parent_dn: |
379 |
while True: |
379 |
result=self.getPolicies(parent_dn, result=result, fixedattrs=fixedattrs) |
380 |
for policy_dn in policies: |
380 |
|
381 |
self._merge_policy(policy_dn, obj_dn, object_classes, result) |
381 |
for pdn in policies: |
382 |
dn = self.parentDn(dn) |
382 |
pattrs=self.get(pdn) |
383 |
if not dn: |
383 |
ptype=None |
384 |
break |
384 |
if pattrs: |
385 |
parent = self.get(dn, ['univentionPolicyReference']) |
385 |
for oc in pattrs['objectClass']: |
386 |
if not parent: |
386 |
if oc in ( 'top', 'univentionPolicy', 'univentionObject' ): |
|
|
387 |
continue |
388 |
ptype=oc |
389 |
break |
387 |
break |
|
|
388 |
policies = parent.get('univentionPolicyReference', []) |
390 |
|
389 |
|
391 |
if not ptype: |
390 |
univention.debug.debug( |
392 |
continue |
391 |
univention.debug.LDAP, univention.debug.INFO, |
|
|
392 |
"getPolicies: result: %s" % result) |
393 |
return result |
393 |
|
394 |
|
394 |
if pattrs.get('ldapFilter'): |
395 |
def _merge_policy(self, policy_dn, obj_dn, object_classes, result): |
395 |
try: |
396 |
pattrs = self.get(policy_dn) |
396 |
self.search(pattrs['ldapFilter'][0], base=dn, scope='base', unique=True, required=True) |
397 |
if not pattrs: |
397 |
except ldap.NO_SUCH_OBJECT: |
398 |
return |
398 |
continue |
|
|
399 |
|
399 |
|
400 |
if not all(oc.lower() in object_classes for oc in pattrs.get('requiredObjectClasses', [])): |
400 |
try: |
401 |
continue |
401 |
classes = set(pattrs['objectClass']) - {'top', 'univentionPolicy', 'univentionObject'} |
402 |
if any(oc.lower() in object_classes for oc in pattrs.get('prohibitedObjectClasses', [])): |
402 |
ptype = classes.pop() |
403 |
continue |
403 |
except KeyError: |
|
|
404 |
return |
404 |
|
405 |
|
405 |
result.setdefault(ptype, {}) |
406 |
if pattrs.get('ldapFilter'): |
406 |
fixedattrs.setdefault(ptype, {}) |
407 |
try: |
407 |
|
408 |
self.search(pattrs['ldapFilter'][0], base=obj_dn, scope='base', unique=True, required=True) |
408 |
for key, value in pattrs.items(): |
409 |
except ldap.NO_SUCH_OBJECT: |
409 |
if key in ('requiredObjectClasses', 'prohibitedObjectClasses', 'fixedAttributes', 'emptyAttributes', 'objectClass', 'cn', 'univentionObjectType', 'ldapFilter'): |
410 |
return |
410 |
continue |
411 |
|
411 |
if key not in fixedattrs[ptype]: |
412 |
if not all(oc.lower() in object_classes for oc in pattrs.get('requiredObjectClasses', [])): |
412 |
univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "getPolicies: %s sets: %s=%s" % (pdn, key, value)) |
413 |
return |
413 |
result[ptype][key]={} |
414 |
if any(oc.lower() in object_classes for oc in pattrs.get('prohibitedObjectClasses', [])): |
414 |
result[ptype][key]['policy']=pdn |
415 |
return |
415 |
result[ptype][key]['value']=value |
416 |
|
416 |
if key in pattrs.get('emptyAttributes', []): |
417 |
fixed = set(pattrs.get('fixedAttributes', ())) |
417 |
result[ptype][key]['value']=[] |
418 |
empty = set(pattrs.get('emptyAttributes', ())) |
418 |
if key in pattrs.get('fixedAttributes', []): |
419 |
values = result.setdefault(ptype, {}) |
419 |
result[ptype][key]['fixed']=1 |
420 |
for key in list(empty) + pattrs.keys() + list(fixed): |
420 |
else: |
421 |
if key in {'requiredObjectClasses', 'prohibitedObjectClasses', 'fixedAttributes', 'emptyAttributes', 'objectClass', 'cn', 'univentionObjectType', 'ldapFilter'}: |
421 |
result[ptype][key]['fixed']=0 |
422 |
continue |
422 |
for key in pattrs.get('fixedAttributes', []): |
423 |
|
423 |
if key not in fixedattrs[ptype]: |
424 |
if key not in values or key in fixed: |
424 |
fixedattrs[ptype][key]=pdn |
425 |
value = [] if key in empty else pattrs.get(key, []) |
425 |
if key not in result[ptype]: |
426 |
univention.debug.debug( |
426 |
result[ptype][key]={} |
427 |
univention.debug.LDAP, univention.debug.INFO, |
427 |
result[ptype][key]['policy']=pdn |
428 |
"getPolicies: %s sets: %s=%s" % (policy_dn, key, value)) |
428 |
result[ptype][key]['value']=[] |
429 |
values[key] = { |
429 |
result[ptype][key]['fixed']=1 |
430 |
'policy': policy_dn, |
430 |
for key in pattrs.get('emptyAttributes', []): |
431 |
'value': value, |
431 |
if key not in result[ptype]: |
432 |
'fixed': 1 if key in fixed else 0, |
432 |
result[ptype][key]={} |
433 |
} |
433 |
result[ptype][key]['policy']=pdn |
|
|
434 |
result[ptype][key]['value']=[] |
435 |
elif not ('fixed' in result[ptype][key] and result[ptype][key]['fixed']): |
436 |
result[ptype][key]['value']=[] |
437 |
|
438 |
univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "getPolicies: result: %s" % result) |
439 |
return result |
440 |
|
434 |
|
441 |
def add(self, dn, al): |
435 |
def add(self, dn, al): |
442 |
"""Add LDAP entry with dn and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values).""" |
436 |
"""Add LDAP entry with dn and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values).""" |