diff --git a/management/univention-directory-manager-modules/modules/univention/admin/allocators.py b/management/univention-directory-manager-modules/modules/univention/admin/allocators.py index 2cf5ad5..771b617 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/allocators.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/allocators.py @@ -30,6 +30,7 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . +import ldap.filter import univention.debug import univention.admin.locking import univention.admin.uexceptions @@ -161,22 +162,22 @@ def acquireUnique(lo, position, type, value, attr, scope='base'): if type=="aRecord": # uniqueness is only relevant among hosts (one or more dns entrys having the same aRecord as a host are allowed) univention.admin.locking.lock(lo, position, type, value, scope=scope) - if not lo.searchDn(base=searchBase, filter='(&(objectClass=univentionHost)(%s=%s))' % (attr, value)): + if not lo.searchDn(base=searchBase, filter=ldap.filter.filter_format('(&(objectClass=univentionHost)(%s=%s))', (attr, value))): return value elif type in ['groupName', 'uid'] and configRegistry.is_true('directory/manager/user_group/uniqueness', True): univention.admin.locking.lock(lo, position, type, value, scope=scope) - if not lo.searchDn(base=searchBase, filter='(|(&(cn=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))(uid=%s))' % (value, value)): + if not lo.searchDn(base=searchBase, filter=ldap.filter.filter_format('(|(&(cn=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))(uid=%s))', (value, value))): univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'ALLOCATE return %s'% value) return value elif type == "groupName": # search filter is more complex then in general case univention.admin.locking.lock(lo, position, type, value, scope=scope) - if not lo.searchDn(base=searchBase, filter='(&(%s=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))' % (attr, value)): + if not lo.searchDn(base=searchBase, filter=ldap.filter.filter_format('(&(%s=%s)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))', (attr, value))): univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'ALLOCATE return %s'% value) return value else: univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'LOCK univention.admin.locking.lock scope = %s' % scope) univention.admin.locking.lock(lo, position, type, value, scope=scope) - if not lo.searchDn(base=searchBase, filter='%s=%s' % (attr, value)): + if not lo.searchDn(base=searchBase, filter=ldap.filter.filter_format('%s=%s', (attr, value))): univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'ALLOCATE return %s'% value) return value @@ -191,7 +192,7 @@ def request(lo, position, type, value=None): def confirm(lo, position, type, value): if type in ( 'uidNumber', 'gidNumber' ): - startID = lo.modify('cn=%s,cn=temporary,cn=univention,%s' % (type,position.getBase()),[('univentionLastUsedValue','1', value)]) + lo.modify('cn=%s,cn=temporary,cn=univention,%s' % (type,position.getBase()),[('univentionLastUsedValue','1', value)]) univention.admin.locking.unlock(lo, position, type, value, _type2scope[type])