|
37 |
import time |
37 |
import time |
38 |
import locale |
38 |
import locale |
39 |
import shutil |
39 |
import shutil |
40 |
import string |
|
|
41 |
import logging |
40 |
import logging |
42 |
import traceback |
41 |
import traceback |
43 |
import subprocess |
42 |
import subprocess |
|
62 |
import sqlite3 |
61 |
import sqlite3 |
63 |
import ipaddr |
62 |
import ipaddr |
64 |
from ldap.filter import filter_format |
63 |
from ldap.filter import filter_format |
65 |
from ldap.dn import escape_dn_chars |
64 |
from ldap.dn import escape_dn_chars, str2dn, dn2str |
66 |
|
65 |
|
67 |
import univention.admin.uldap |
66 |
import univention.admin.uldap |
68 |
import univention.admin.uexceptions as uexceptions |
67 |
import univention.admin.uexceptions as uexceptions |
|
78 |
from univention.config_registry.interfaces import Interfaces |
77 |
from univention.config_registry.interfaces import Interfaces |
79 |
from univention.management.console.log import MODULE |
78 |
from univention.management.console.log import MODULE |
80 |
from univention.management.console import Translation |
79 |
from univention.management.console import Translation |
|
|
80 |
from univention.uldap import parentDn |
81 |
|
81 |
|
82 |
|
82 |
|
83 |
ucr = univention.config_registry.ConfigRegistry() |
83 |
ucr = univention.config_registry.ConfigRegistry() |
|
706 |
|
706 |
|
707 |
def operatingSystem(self, netbios_name): |
707 |
def operatingSystem(self, netbios_name): |
708 |
msg = self.samdb.search(base=self.samdb.domain_dn(), scope=samba.ldb.SCOPE_SUBTREE, |
708 |
msg = self.samdb.search(base=self.samdb.domain_dn(), scope=samba.ldb.SCOPE_SUBTREE, |
709 |
expression="(sAMAccountName=%s$)" % netbios_name, |
709 |
expression=filter_format("(sAMAccountName=%s$)", [netbios_name]), |
710 |
attrs=["operatingSystem", "operatingSystemVersion", "operatingSystemServicePack"]) |
710 |
attrs=["operatingSystem", "operatingSystemVersion", "operatingSystemServicePack"]) |
711 |
if msg: |
711 |
if msg: |
712 |
obj = msg[0] |
712 |
obj = msg[0] |
Lines 1041-1047
def post_join_tasks_and_start_samba_without_drsuapi(self):
|
Link Here
|
---|
|
1041 |
|
1041 |
|
1042 |
self.old_domainsid = None |
1042 |
self.old_domainsid = None |
1043 |
self.lo = _connect_ucs(self.ucr) |
1043 |
self.lo = _connect_ucs(self.ucr) |
1044 |
ldap_result = self.lo.search(filter="(&(objectClass=sambaDomain)(sambaDomainName=%s))" % self.ucr["windows/domain"], attr=["sambaSID"]) |
1044 |
ldap_result = self.lo.search(filter=filter_format("(&(objectClass=sambaDomain)(sambaDomainName=%s))", [self.ucr["windows/domain"]]), attr=["sambaSID"]) |
1045 |
if len(ldap_result) == 1: |
1045 |
if len(ldap_result) == 1: |
1046 |
sambadomain_object_dn = ldap_result[0][0] |
1046 |
sambadomain_object_dn = ldap_result[0][0] |
1047 |
|
1047 |
|
Lines 1064-1070
def post_join_tasks_and_start_samba_without_drsuapi(self):
|
Link Here
|
---|
|
1064 |
# FIXME: probably sys.exit()? |
1064 |
# FIXME: probably sys.exit()? |
1065 |
|
1065 |
|
1066 |
if self.ucr["windows/domain"] != self.ad_netbios_domain or not sambadomain_object_dn: |
1066 |
if self.ucr["windows/domain"] != self.ad_netbios_domain or not sambadomain_object_dn: |
1067 |
ldap_result = self.lo.search(filter="(&(objectClass=sambaDomain)(sambaDomainName=%s))" % self.ad_netbios_domain, attr=["sambaSID"]) |
1067 |
ldap_result = self.lo.search(filter=filter_format("(&(objectClass=sambaDomain)(sambaDomainName=%s))", [self.ad_netbios_domain]), attr=["sambaSID"]) |
1068 |
if len(ldap_result) == 1: |
1068 |
if len(ldap_result) == 1: |
1069 |
sambadomain_object_dn = ldap_result[0][0] |
1069 |
sambadomain_object_dn = ldap_result[0][0] |
1070 |
elif len(ldap_result) > 0: |
1070 |
elif len(ldap_result) > 0: |
Lines 1089-1098
def post_join_tasks_and_start_samba_without_drsuapi(self):
|
Link Here
|
---|
|
1089 |
except uexceptions.ldapError as exc: |
1089 |
except uexceptions.ldapError as exc: |
1090 |
log.debug("Renaming of '%s' failed: %s." % (sambadomain_object_dn, exc,)) |
1090 |
log.debug("Renaming of '%s' failed: %s." % (sambadomain_object_dn, exc,)) |
1091 |
else: |
1091 |
else: |
1092 |
dnparts = ldap.explode_dn(sambadomain_object_dn) |
1092 |
x = str2dn(sambadomain_object_dn) |
1093 |
rdn = dnparts[0].split('=', 1) |
1093 |
x[0] = [(x[0][0][0], self.ad_netbios_domain, ldap.AVA_STRING)] |
1094 |
dnparts[0] = '='.join((rdn[0], self.ad_netbios_domain)) |
1094 |
sambadomain_object_dn = dn2str(x) |
1095 |
sambadomain_object_dn = ",".join(dnparts) |
|
|
1096 |
else: |
1095 |
else: |
1097 |
# FIXME: in this peculiar case we should create one. |
1096 |
# FIXME: in this peculiar case we should create one. |
1098 |
pass |
1097 |
pass |
Lines 1154-1160
def remove_conflicting_msgpo_objects(self):
|
Link Here
|
---|
|
1154 |
|
1153 |
|
1155 |
for obj in msgs: |
1154 |
for obj in msgs: |
1156 |
name = obj["cn"][0] |
1155 |
name = obj["cn"][0] |
1157 |
run_and_output_to_log(["/usr/sbin/univention-directory-manager", "container/msgpo", "delete", "--filter", "name=%s" % name], log.debug) |
1156 |
run_and_output_to_log(["/usr/sbin/univention-directory-manager", "container/msgpo", "delete", "--filter", filter_format("name=%s", [name])], log.debug) |
1158 |
gpo_path = '%s/Policies/%s' % (sam_sysvol_dom_dir, name,) |
1157 |
gpo_path = '%s/Policies/%s' % (sam_sysvol_dom_dir, name,) |
1159 |
if os.path.exists(gpo_path): |
1158 |
if os.path.exists(gpo_path): |
1160 |
log.info("Removing associated conflicting GPO directory %s." % (gpo_path,)) |
1159 |
log.info("Removing associated conflicting GPO directory %s." % (gpo_path,)) |
Lines 1163-1169
def remove_conflicting_msgpo_objects(self):
|
Link Here
|
---|
|
1163 |
if name.upper() == name: |
1162 |
if name.upper() == name: |
1164 |
continue |
1163 |
continue |
1165 |
|
1164 |
|
1166 |
run_and_output_to_log(["/usr/sbin/univention-directory-manager", "container/msgpo", "delete", "--filter", "name=%s" % name.upper()], log.debug) |
1165 |
run_and_output_to_log(["/usr/sbin/univention-directory-manager", "container/msgpo", "delete", "--filter", filter_format("name=%s", [name.upper()])], log.debug) |
1167 |
gpo_path = '%s/Policies/%s' % (sam_sysvol_dom_dir, name.upper(),) |
1166 |
gpo_path = '%s/Policies/%s' % (sam_sysvol_dom_dir, name.upper(),) |
1168 |
if os.path.exists(gpo_path): |
1167 |
if os.path.exists(gpo_path): |
1169 |
log.info("Removing associated conflicting GPO directory %s." % (gpo_path,)) |
1168 |
log.info("Removing associated conflicting GPO directory %s." % (gpo_path,)) |
Lines 1185-1198
def rewrite_sambaSIDs_in_OpenLDAP(self):
|
Link Here
|
---|
|
1185 |
container_list.sort(key=len) |
1184 |
container_list.sort(key=len) |
1186 |
|
1185 |
|
1187 |
for container_dn in container_list: |
1186 |
for container_dn in container_list: |
1188 |
rdn_list = ldap.explode_dn(container_dn) |
1187 |
(ou_type, ou_name) = ldap.dn.str2dn(container_dn)[0][0][:2] |
1189 |
(ou_type, ou_name) = rdn_list.pop(0).split('=', 1) |
1188 |
position = parentDn(container_dn).lower().replace(self.ucr['samba4/ldap/base'].lower(), self.ucr['ldap/base'].lower()) |
1190 |
position = string.replace(','.join(rdn_list).lower(), self.ucr['samba4/ldap/base'].lower(), self.ucr['ldap/base'].lower()) |
|
|
1191 |
|
1189 |
|
1192 |
udm_type = None |
1190 |
udm_type = None |
1193 |
if ou_type == "OU": |
1191 |
if ou_type.upper() == "OU": |
1194 |
udm_type = "container/ou" |
1192 |
udm_type = "container/ou" |
1195 |
elif ou_type == "CN": |
1193 |
elif ou_type.upper() == "CN": |
1196 |
udm_type = "container/cn" |
1194 |
udm_type = "container/cn" |
1197 |
else: |
1195 |
else: |
1198 |
log.warn("Warning: Unmapped container type %s" % container_dn) |
1196 |
log.warn("Warning: Unmapped container type %s" % container_dn) |
Lines 1212-1218
def rewrite_sambaSIDs_in_OpenLDAP(self):
|
Link Here
|
---|
|
1212 |
for (sid, canonical_name) in AD_well_known_sids.items(): |
1210 |
for (sid, canonical_name) in AD_well_known_sids.items(): |
1213 |
|
1211 |
|
1214 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1212 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1215 |
expression="(&(objectSid=%s)(sAMAccountName=*))" % (sid,), |
1213 |
expression=filter_format("(&(objectSid=%s)(sAMAccountName=*))", (sid,)), |
1216 |
attrs=["sAMAccountName", "objectClass"]) |
1214 |
attrs=["sAMAccountName", "objectClass"]) |
1217 |
if not msgs: |
1215 |
if not msgs: |
1218 |
log.debug("Name of Well known SID %s not found in Samba" % (sid,)) |
1216 |
log.debug("Name of Well known SID %s not found in Samba" % (sid,)) |
Lines 1233-1239
def rewrite_sambaSIDs_in_OpenLDAP(self):
|
Link Here
|
---|
|
1233 |
ucsldap_object_name = canonical_name # default |
1231 |
ucsldap_object_name = canonical_name # default |
1234 |
# lookup canonical_name in UCSLDAP, for cases like "Replicator/Replicators" and "Server Operators"/"System Operators" that changed in UCS 3.2, see Bug #32461#c2 |
1232 |
# lookup canonical_name in UCSLDAP, for cases like "Replicator/Replicators" and "Server Operators"/"System Operators" that changed in UCS 3.2, see Bug #32461#c2 |
1235 |
ucssid = sid.replace(self.ad_domainsid, self.old_domainsid, 1) |
1233 |
ucssid = sid.replace(self.ad_domainsid, self.old_domainsid, 1) |
1236 |
ldap_result = self.lo.search(filter="(sambaSID=%s)" % (ucssid,), attr=["sambaSID", "uid", "cn"]) |
1234 |
ldap_result = self.lo.search(filter=filter_format("(sambaSID=%s)", (ucssid,)), attr=["sambaSID", "uid", "cn"]) |
1237 |
if len(ldap_result) == 1: |
1235 |
if len(ldap_result) == 1: |
1238 |
if "group" in oc or "foreignSecurityPrincipal" in oc: |
1236 |
if "group" in oc or "foreignSecurityPrincipal" in oc: |
1239 |
ucsldap_object_name = ldap_result[0][1].get("cn", [None])[0] |
1237 |
ucsldap_object_name = ldap_result[0][1].get("cn", [None])[0] |
Lines 1266-1272
def rewrite_sambaSIDs_in_OpenLDAP(self):
|
Link Here
|
---|
|
1266 |
old_sambaSID_dict[old_sid] = ucs_name |
1264 |
old_sambaSID_dict[old_sid] = ucs_name |
1267 |
|
1265 |
|
1268 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1266 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1269 |
expression="(sAMAccountName=%s)" % ucs_name, |
1267 |
expression=filter_format("(sAMAccountName=%s)", (ucs_name,)), |
1270 |
attrs=["dn", "objectSid"]) |
1268 |
attrs=["dn", "objectSid"]) |
1271 |
if not msgs: |
1269 |
if not msgs: |
1272 |
continue |
1270 |
continue |
Lines 1289-1295
def rewrite_sambaSIDs_in_OpenLDAP(self):
|
Link Here
|
---|
|
1289 |
old_sambaSID_dict[old_sid] = ucs_name |
1287 |
old_sambaSID_dict[old_sid] = ucs_name |
1290 |
|
1288 |
|
1291 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1289 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1292 |
expression="(sAMAccountName=%s)" % ucs_name, |
1290 |
expression=filter_format("(sAMAccountName=%s)", (ucs_name,)), |
1293 |
attrs=["objectSid"]) |
1291 |
attrs=["objectSid"]) |
1294 |
if not msgs: |
1292 |
if not msgs: |
1295 |
continue |
1293 |
continue |
Lines 1340-1351
def rewrite_sambaSIDs_in_OpenLDAP(self):
|
Link Here
|
---|
|
1340 |
|
1338 |
|
1341 |
# re-create DNS SPN account |
1339 |
# re-create DNS SPN account |
1342 |
log.debug("Attempting removal of DNS SPN account in UCS-LDAP, will be recreated later with new password.") |
1340 |
log.debug("Attempting removal of DNS SPN account in UCS-LDAP, will be recreated later with new password.") |
1343 |
run_and_output_to_log(["univention-directory-manager", "users/user", "delete", "--dn", "uid=dns-%s,cn=users,%s" % (self.ucr["hostname"], self.ucr["ldap/base"])], log.debug) |
1341 |
run_and_output_to_log(["univention-directory-manager", "users/user", "delete", "--dn", "uid=dns-%s,cn=users,%s" % (escape_dn_chars(self.ucr["hostname"]), self.ucr["ldap/base"])], log.debug) |
1344 |
|
1342 |
|
1345 |
# remove zarafa and univention-squid-kerberos SPN accounts, recreated later in phaseIII by running the respective joinscripts again |
1343 |
# remove zarafa and univention-squid-kerberos SPN accounts, recreated later in phaseIII by running the respective joinscripts again |
1346 |
log.debug("Attempting removal of Zarafa and Squid SPN accounts in UCS-LDAP, will be recreated later with new password.") |
1344 |
log.debug("Attempting removal of Zarafa and Squid SPN accounts in UCS-LDAP, will be recreated later with new password.") |
1347 |
for service in ("zarafa", "http", "http-proxy"): |
1345 |
for service in ("zarafa", "http", "http-proxy"): |
1348 |
run_and_output_to_log(["univention-directory-manager", "users/user", "delete", "--dn", "uid=%s-%s,cn=users,%s" % (service, self.ucr["hostname"], self.ucr["ldap/base"])], log.debug) |
1346 |
run_and_output_to_log(["univention-directory-manager", "users/user", "delete", "--dn", "uid=%s-%s,cn=users,%s" % (escape_dn_chars(service), escape_dn_chars(self.ucr["hostname"]), self.ucr["ldap/base"])], log.debug) |
1349 |
|
1347 |
|
1350 |
# Remove logonHours restrictions from Administrator account, was set in one test environment.. |
1348 |
# Remove logonHours restrictions from Administrator account, was set in one test environment.. |
1351 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1349 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
Lines 1487-1498
def __init__(self, ucr):
|
Link Here
|
---|
|
1487 |
log.error("\n".join(msg)) |
1485 |
log.error("\n".join(msg)) |
1488 |
raise TakeoverError(_("The Active Directory domain join was not completed successfully yet.")) |
1486 |
raise TakeoverError(_("The Active Directory domain join was not completed successfully yet.")) |
1489 |
|
1487 |
|
1490 |
self.ad_server_fqdn, self.ad_server_name = self.ucr["hosts/static/%s" % self.ad_server_ip].split() |
1488 |
self.ad_server_fqdn, self.ad_server_name = self.ucr["hosts/static/%s" % self.ad_server_ip].split(None, 1) |
1491 |
|
1489 |
|
1492 |
# Check if the AD server is already in the local SAM db |
1490 |
# Check if the AD server is already in the local SAM db |
1493 |
samdb = SamDB(os.path.join(SAMBA_PRIVATE_DIR, "sam.ldb"), session_info=system_session(self.lp), lp=self.lp) |
1491 |
samdb = SamDB(os.path.join(SAMBA_PRIVATE_DIR, "sam.ldb"), session_info=system_session(self.lp), lp=self.lp) |
1494 |
msgs = samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1492 |
msgs = samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1495 |
expression="(sAMAccountName=%s$)" % self.ad_server_name, |
1493 |
expression=filter_format("(sAMAccountName=%s$)", [self.ad_server_name]), |
1496 |
attrs=["objectSid"]) |
1494 |
attrs=["objectSid"]) |
1497 |
if msgs: |
1495 |
if msgs: |
1498 |
log.info("OK, Found the AD DC %s account in the local Samba 4 SAM database." % self.ad_server_name) |
1496 |
log.info("OK, Found the AD DC %s account in the local Samba 4 SAM database." % self.ad_server_name) |
Lines 1542-1548
def post_join_fix_samDB(self):
|
Link Here
|
---|
|
1542 |
self.sitename = None |
1540 |
self.sitename = None |
1543 |
self.samdb = SamDB(os.path.join(SAMBA_PRIVATE_DIR, "sam.ldb"), session_info=system_session(self.lp), lp=self.lp) |
1541 |
self.samdb = SamDB(os.path.join(SAMBA_PRIVATE_DIR, "sam.ldb"), session_info=system_session(self.lp), lp=self.lp) |
1544 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1542 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1545 |
expression="(sAMAccountName=%s$)" % self.ucr["hostname"], |
1543 |
expression=filter_format("(sAMAccountName=%s$)", (self.ucr["hostname"],)), |
1546 |
attrs=["serverReferenceBL"]) |
1544 |
attrs=["serverReferenceBL"]) |
1547 |
if msgs: |
1545 |
if msgs: |
1548 |
obj = msgs[0] |
1546 |
obj = msgs[0] |
Lines 1602-1610
def create_DNS_alias_for_AD_hostname(self):
|
Link Here
|
---|
|
1602 |
run_and_output_to_log(["univention-config-registry", "unset", "hosts/static/%s" % self.ad_server_ip], log.debug) |
1600 |
run_and_output_to_log(["univention-config-registry", "unset", "hosts/static/%s" % self.ad_server_ip], log.debug) |
1603 |
|
1601 |
|
1604 |
# Replace DNS host record for AD Server name by DNS Alias |
1602 |
# Replace DNS host record for AD Server name by DNS Alias |
1605 |
run_and_output_to_log(["univention-directory-manager", "dns/host_record", "delete", "--superordinate", "zoneName=%s,cn=dns,%s" % (self.ucr["domainname"], self.ucr["ldap/base"]), "--dn", "relativeDomainName=%s,zoneName=%s,cn=dns,%s" % (self.ad_server_name, self.ucr["domainname"], self.ucr["ldap/base"])], log.debug) |
1603 |
run_and_output_to_log(["univention-directory-manager", "dns/host_record", "delete", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(self.ucr["domainname"]), self.ucr["ldap/base"]), "--dn", "relativeDomainName=%s,zoneName=%s,cn=dns,%s" % (escape_dn_chars(self.ad_server_name), escape_dn_chars(self.ucr["domainname"]), self.ucr["ldap/base"])], log.debug) |
1606 |
|
1604 |
|
1607 |
returncode = run_and_output_to_log(["univention-directory-manager", "dns/alias", "create", "--superordinate", "zoneName=%s,cn=dns,%s" % (self.ucr["domainname"], self.ucr["ldap/base"]), "--set", "name=%s" % self.ad_server_name, "--set", "cname=%s" % self.local_fqdn], log.debug) |
1605 |
returncode = run_and_output_to_log(["univention-directory-manager", "dns/alias", "create", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(self.ucr["domainname"]), self.ucr["ldap/base"]), "--set", "name=%s" % self.ad_server_name, "--set", "cname=%s" % self.local_fqdn], log.debug) |
1608 |
if returncode != 0: |
1606 |
if returncode != 0: |
1609 |
log.error("Creation of dns/alias %s for %s failed. See %s for details." % (self.ad_server_name, self.local_fqdn, LOGFILE_NAME,)) |
1607 |
log.error("Creation of dns/alias %s for %s failed. See %s for details." % (self.ad_server_name, self.local_fqdn, LOGFILE_NAME,)) |
1610 |
|
1608 |
|
Lines 1612-1618
def remove_AD_server_account_from_samdb(self):
|
Link Here
|
---|
|
1612 |
# Cleanup necessary to use NETBIOS Alias |
1610 |
# Cleanup necessary to use NETBIOS Alias |
1613 |
backlink_attribute_list = ["serverReferenceBL", "frsComputerReferenceBL", "msDFSR-ComputerReferenceBL"] |
1611 |
backlink_attribute_list = ["serverReferenceBL", "frsComputerReferenceBL", "msDFSR-ComputerReferenceBL"] |
1614 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1612 |
msgs = self.samdb.search(base=self.ucr["samba4/ldap/base"], scope=samba.ldb.SCOPE_SUBTREE, |
1615 |
expression="(sAMAccountName=%s$)" % self.ad_server_name, |
1613 |
expression=filter_format("(sAMAccountName=%s$)", [self.ad_server_name]), |
1616 |
attrs=backlink_attribute_list) |
1614 |
attrs=backlink_attribute_list) |
1617 |
if msgs: |
1615 |
if msgs: |
1618 |
obj = msgs[0] |
1616 |
obj = msgs[0] |
Lines 1644-1650
def remove_AD_server_account_from_samdb(self):
|
Link Here
|
---|
|
1644 |
def remove_AD_server_account_from_UDM(self): |
1642 |
def remove_AD_server_account_from_UDM(self): |
1645 |
# Finally, for consistency remove AD DC object from UDM |
1643 |
# Finally, for consistency remove AD DC object from UDM |
1646 |
log.debug("Removing AD DC account from local Univention Directory Manager") |
1644 |
log.debug("Removing AD DC account from local Univention Directory Manager") |
1647 |
returncode = run_and_output_to_log(["univention-directory-manager", "computers/windows_domaincontroller", "delete", "--dn", "cn=%s,cn=dc,cn=computers,%s" % (self.ad_server_name, self.ucr["ldap/base"])], log.debug) |
1645 |
returncode = run_and_output_to_log(["univention-directory-manager", "computers/windows_domaincontroller", "delete", "--dn", "cn=%s,cn=dc,cn=computers,%s" % (escape_dn_chars(self.ad_server_name), self.ucr["ldap/base"])], log.debug) |
1648 |
if returncode != 0: |
1646 |
if returncode != 0: |
1649 |
log.error("Removal of DC account %s via UDM failed. See %s for details." % (self.ad_server_name, LOGFILE_NAME,)) |
1647 |
log.error("Removal of DC account %s via UDM failed. See %s for details." % (self.ad_server_name, LOGFILE_NAME,)) |
1650 |
|
1648 |
|
Lines 1739-1754
def create_reverse_DNS_records(self):
|
Link Here
|
---|
|
1739 |
|
1737 |
|
1740 |
if ptr_zone and ptr_address: |
1738 |
if ptr_zone and ptr_address: |
1741 |
# check for an existing record. |
1739 |
# check for an existing record. |
1742 |
p = subprocess.Popen(["univention-directory-manager", "dns/ptr_record", "list", "--superordinate", "zoneName=%s,cn=dns,%s" % (ptr_zone, self.ucr["ldap/base"]), "--filter", "address=%s" % ptr_address], stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
1740 |
p = subprocess.Popen(["univention-directory-manager", "dns/ptr_record", "list", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(ptr_zone), self.ucr["ldap/base"]), "--filter", filter_format("address=%s", [ptr_address])], stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
1743 |
(stdout, stderr) = p.communicate() |
1741 |
(stdout, stderr) = p.communicate() |
1744 |
if len(stdout.rstrip().split('\n')) > 1: |
1742 |
if len(stdout.rstrip().split('\n')) > 1: |
1745 |
# modify existing record. |
1743 |
# modify existing record. |
1746 |
returncode = run_and_output_to_log(["univention-directory-manager", "dns/ptr_record", "modify", "--superordinate", "zoneName=%s,cn=dns,%s" % (ptr_zone, self.ucr["ldap/base"]), "--dn", "relativeDomainName=%s,zoneName=%s,cn=dns,%s" % (ptr_address, ptr_zone, self.ucr["ldap/base"]), "--set", "ptr_record=%s." % self.local_fqdn], log.debug) |
1744 |
returncode = run_and_output_to_log(["univention-directory-manager", "dns/ptr_record", "modify", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(ptr_zone), self.ucr["ldap/base"]), "--dn", "relativeDomainName=%s,zoneName=%s,cn=dns,%s" % (escape_dn_chars(ptr_address), escape_dn_chars(ptr_zone), self.ucr["ldap/base"]), "--set", "ptr_record=%s." % self.local_fqdn], log.debug) |
1747 |
if returncode != 0: |
1745 |
if returncode != 0: |
1748 |
log.warn("Warning: Update of reverse DNS record %s for %s failed. See %s for details." % (self.ad_server_ip, self.local_fqdn, LOGFILE_NAME,)) |
1746 |
log.warn("Warning: Update of reverse DNS record %s for %s failed. See %s for details." % (self.ad_server_ip, self.local_fqdn, LOGFILE_NAME,)) |
1749 |
else: |
1747 |
else: |
1750 |
# add new record. |
1748 |
# add new record. |
1751 |
returncode = run_and_output_to_log(["univention-directory-manager", "dns/ptr_record", "create", "--superordinate", "zoneName=%s,cn=dns,%s" % (ptr_zone, self.ucr["ldap/base"]), "--set", "address=%s" % ptr_address, "--set", "ptr_record=%s." % self.local_fqdn], log.debug) |
1749 |
returncode = run_and_output_to_log(["univention-directory-manager", "dns/ptr_record", "create", "--superordinate", "zoneName=%s,cn=dns,%s" % (escape_dn_chars(ptr_zone), self.ucr["ldap/base"]), "--set", "address=%s" % ptr_address, "--set", "ptr_record=%s." % self.local_fqdn], log.debug) |
1752 |
if returncode != 0: |
1750 |
if returncode != 0: |
1753 |
log.warn("Warning: Creation of reverse DNS record %s for %s failed. See %s for details." % (self.ad_server_ip, self.local_fqdn, LOGFILE_NAME,)) |
1751 |
log.warn("Warning: Creation of reverse DNS record %s for %s failed. See %s for details." % (self.ad_server_ip, self.local_fqdn, LOGFILE_NAME,)) |
1754 |
else: |
1752 |
else: |
Lines 2200-2220
def udm_rename_ucs_user(self, userdn, new_name):
|
Link Here
|
---|
|
2200 |
try: |
2198 |
try: |
2201 |
log.debug("Renaming '%s' to '%s' in UCS LDAP." % (user.dn, new_name)) |
2199 |
log.debug("Renaming '%s' to '%s' in UCS LDAP." % (user.dn, new_name)) |
2202 |
user['username'] = new_name |
2200 |
user['username'] = new_name |
2203 |
user.modify() |
2201 |
return user.modify() |
2204 |
except uexceptions.ldapError as exc: |
2202 |
except uexceptions.ldapError as exc: |
2205 |
log.debug("Renaming of user '%s' failed: %s." % (userdn, exc,)) |
2203 |
log.debug("Renaming of user '%s' failed: %s." % (userdn, exc,)) |
2206 |
return |
2204 |
return |
2207 |
|
2205 |
|
2208 |
dnparts = ldap.explode_dn(userdn) |
|
|
2209 |
rdn = dnparts[0].split('=', 1) |
2210 |
dnparts[0] = '='.join((rdn[0], new_name)) |
2211 |
new_userdn = ",".join(dnparts) |
2212 |
|
2213 |
return new_userdn |
2214 |
|
2215 |
def rename_ucs_user(self, ucsldap_object_name, ad_object_name): |
2206 |
def rename_ucs_user(self, ucsldap_object_name, ad_object_name): |
2216 |
userdns = self.lo.searchDn( |
2207 |
userdns = self.lo.searchDn( |
2217 |
filter="(&(objectClass=sambaSamAccount)(uid=%s))" % (ucsldap_object_name, ), |
2208 |
filter=filter_format("(&(objectClass=sambaSamAccount)(uid=%s))", (ucsldap_object_name, )), |
2218 |
base=self.lo.base) |
2209 |
base=self.lo.base) |
2219 |
|
2210 |
|
2220 |
if len(userdns) > 1: |
2211 |
if len(userdns) > 1: |
Lines 2259-2276
def udm_rename_ucs_group(self, groupdn, new_name):
|
Link Here
|
---|
|
2259 |
try: |
2250 |
try: |
2260 |
log.debug("Renaming '%s' to '%s' in UCS LDAP." % (group.dn, new_name)) |
2251 |
log.debug("Renaming '%s' to '%s' in UCS LDAP." % (group.dn, new_name)) |
2261 |
group['name'] = new_name |
2252 |
group['name'] = new_name |
2262 |
group.modify() |
2253 |
return group.modify() |
2263 |
except uexceptions.ldapError as exc: |
2254 |
except uexceptions.ldapError as exc: |
2264 |
log.debug("Renaming of group '%s' failed: %s." % (groupdn, exc,)) |
2255 |
log.debug("Renaming of group '%s' failed: %s." % (groupdn, exc,)) |
2265 |
return |
2256 |
return |
2266 |
|
2257 |
|
2267 |
dnparts = ldap.explode_dn(groupdn) |
|
|
2268 |
rdn = dnparts[0].split('=', 1) |
2269 |
dnparts[0] = '='.join((rdn[0], new_name)) |
2270 |
new_groupdn = ",".join(dnparts) |
2271 |
|
2272 |
return new_groupdn |
2273 |
|
2274 |
def udm_rename_ucs_defaultGroup(self, groupdn, new_groupdn): |
2258 |
def udm_rename_ucs_defaultGroup(self, groupdn, new_groupdn): |
2275 |
if not new_groupdn: |
2259 |
if not new_groupdn: |
2276 |
return |
2260 |
return |
Lines 2297-2303
def udm_rename_ucs_defaultGroup(self, groupdn, new_groupdn):
|
Link Here
|
---|
|
2297 |
|
2281 |
|
2298 |
def rename_ucs_group(self, ucsldap_object_name, ad_object_name): |
2282 |
def rename_ucs_group(self, ucsldap_object_name, ad_object_name): |
2299 |
groupdns = self.lo.searchDn( |
2283 |
groupdns = self.lo.searchDn( |
2300 |
filter="(&(objectClass=sambaGroupMapping)(cn=%s))" % (ucsldap_object_name, ), |
2284 |
filter=filter_format("(&(objectClass=sambaGroupMapping)(cn=%s))", (ucsldap_object_name, )), |
2301 |
base=self.lo.base) |
2285 |
base=self.lo.base) |
2302 |
|
2286 |
|
2303 |
if len(groupdns) > 1: |
2287 |
if len(groupdns) > 1: |
Lines 2334-2340
def _connect_ucs(ucr, binddn=None, bindpwd=None):
|
Link Here
|
---|
|
2334 |
|
2318 |
|
2335 |
|
2319 |
|
2336 |
def operatingSystem_attribute(ucr, samdb): |
2320 |
def operatingSystem_attribute(ucr, samdb): |
2337 |
msg = samdb.search(base=samdb.domain_dn(), scope=samba.ldb.SCOPE_SUBTREE, expression="(sAMAccountName=%s$)" % ucr["hostname"], attrs=["operatingSystem", "operatingSystemVersion"]) |
2321 |
msg = samdb.search(base=samdb.domain_dn(), scope=samba.ldb.SCOPE_SUBTREE, expression=filter_format("(sAMAccountName=%s$)", (ucr["hostname"],)), attrs=["operatingSystem", "operatingSystemVersion"]) |
2338 |
if msg: |
2322 |
if msg: |
2339 |
obj = msg[0] |
2323 |
obj = msg[0] |
2340 |
if "operatingSystem" not in obj: |
2324 |
if "operatingSystem" not in obj: |
Lines 2352-2358
def operatingSystem_attribute(ucr, samdb):
|
Link Here
|
---|
|
2352 |
def takeover_DC_Behavior_Version(ucr, remote_samdb, samdb, ad_server_name, sitename): |
2336 |
def takeover_DC_Behavior_Version(ucr, remote_samdb, samdb, ad_server_name, sitename): |
2353 |
# DC Behaviour Version |
2337 |
# DC Behaviour Version |
2354 |
msg = remote_samdb.search( |
2338 |
msg = remote_samdb.search( |
2355 |
base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ad_server_name, sitename, samdb.domain_dn()), |
2339 |
base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ad_server_name), escape_dn_chars(sitename), samdb.domain_dn()), |
2356 |
scope=samba.ldb.SCOPE_BASE, |
2340 |
scope=samba.ldb.SCOPE_BASE, |
2357 |
attrs=["msDS-HasMasterNCs", "msDS-HasInstantiatedNCs", "msDS-Behavior-Version"] |
2341 |
attrs=["msDS-HasMasterNCs", "msDS-HasInstantiatedNCs", "msDS-Behavior-Version"] |
2358 |
) |
2342 |
) |
Lines 2360-2366
def takeover_DC_Behavior_Version(ucr, remote_samdb, samdb, ad_server_name, siten
|
Link Here
|
---|
|
2360 |
obj = msg[0] |
2344 |
obj = msg[0] |
2361 |
if "msDS-Behavior-Version" in obj: |
2345 |
if "msDS-Behavior-Version" in obj: |
2362 |
delta = ldb.Message() |
2346 |
delta = ldb.Message() |
2363 |
delta.dn = ldb.Dn(samdb, dn="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ucr["hostname"], sitename, samdb.domain_dn())) |
2347 |
delta.dn = ldb.Dn(samdb, dn="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ucr["hostname"]), escape_dn_chars(sitename), samdb.domain_dn())) |
2364 |
delta["msDS-Behavior-Version"] = ldb.MessageElement(obj["msDS-Behavior-Version"], ldb.FLAG_MOD_REPLACE, "msDS-Behavior-Version") |
2348 |
delta["msDS-Behavior-Version"] = ldb.MessageElement(obj["msDS-Behavior-Version"], ldb.FLAG_MOD_REPLACE, "msDS-Behavior-Version") |
2365 |
samdb.modify(delta) |
2349 |
samdb.modify(delta) |
2366 |
|
2350 |
|
Lines 2368-2374
def takeover_DC_Behavior_Version(ucr, remote_samdb, samdb, ad_server_name, siten
|
Link Here
|
---|
|
2368 |
def takeover_hasInstantiatedNCs(ucr, samdb, ad_server_name, sitename): |
2352 |
def takeover_hasInstantiatedNCs(ucr, samdb, ad_server_name, sitename): |
2369 |
partitions = [] |
2353 |
partitions = [] |
2370 |
try: |
2354 |
try: |
2371 |
msg = samdb.search(base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ad_server_name, sitename, samdb.domain_dn()), |
2355 |
msg = samdb.search(base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ad_server_name), escape_dn_chars(sitename), samdb.domain_dn()), |
2372 |
scope=samba.ldb.SCOPE_BASE, |
2356 |
scope=samba.ldb.SCOPE_BASE, |
2373 |
attrs=["msDS-hasMasterNCs", "msDS-HasInstantiatedNCs"]) |
2357 |
attrs=["msDS-hasMasterNCs", "msDS-HasInstantiatedNCs"]) |
2374 |
except ldb.LdbError as ex: |
2358 |
except ldb.LdbError as ex: |
Lines 2378-2384
def takeover_hasInstantiatedNCs(ucr, samdb, ad_server_name, sitename):
|
Link Here
|
---|
|
2378 |
if msg: |
2362 |
if msg: |
2379 |
obj = msg[0] |
2363 |
obj = msg[0] |
2380 |
delta = ldb.Message() |
2364 |
delta = ldb.Message() |
2381 |
delta.dn = ldb.Dn(samdb, dn="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ucr["hostname"], sitename, samdb.domain_dn())) |
2365 |
delta.dn = ldb.Dn(samdb, dn="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ucr["hostname"]), escape_dn_chars(sitename), samdb.domain_dn())) |
2382 |
if "msDS-HasInstantiatedNCs" in obj: |
2366 |
if "msDS-HasInstantiatedNCs" in obj: |
2383 |
for partitionDN in obj["msDS-HasInstantiatedNCs"]: |
2367 |
for partitionDN in obj["msDS-HasInstantiatedNCs"]: |
2384 |
delta[partitionDN] = ldb.MessageElement(obj["msDS-HasInstantiatedNCs"], ldb.FLAG_MOD_REPLACE, "msDS-HasInstantiatedNCs") |
2368 |
delta[partitionDN] = ldb.MessageElement(obj["msDS-HasInstantiatedNCs"], ldb.FLAG_MOD_REPLACE, "msDS-HasInstantiatedNCs") |
Lines 2393-2399
def takeover_hasInstantiatedNCs(ucr, samdb, ad_server_name, sitename):
|
Link Here
|
---|
|
2393 |
|
2377 |
|
2394 |
|
2378 |
|
2395 |
def takeover_hasMasterNCs(ucr, samdb, sitename, partitions): |
2379 |
def takeover_hasMasterNCs(ucr, samdb, sitename, partitions): |
2396 |
msg = samdb.search(base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (ucr["hostname"], sitename, samdb.domain_dn()), scope=samba.ldb.SCOPE_BASE, attrs=["hasPartialReplicaNCs", "msDS-hasMasterNCs"]) |
2380 |
msg = samdb.search(base="CN=NTDS Settings,CN=%s,CN=Servers,CN=%s,CN=Sites,CN=Configuration,%s" % (escape_dn_chars(ucr["hostname"]), escape_dn_chars(sitename), samdb.domain_dn()), scope=samba.ldb.SCOPE_BASE, attrs=["hasPartialReplicaNCs", "msDS-hasMasterNCs"]) |
2397 |
if msg: |
2381 |
if msg: |
2398 |
obj = msg[0] |
2382 |
obj = msg[0] |
2399 |
for partition in partitions: |
2383 |
for partition in partitions: |
Lines 2426-2432
def let_samba4_manage_etc_krb5_keytab(ucr, secretsdb):
|
Link Here
|
---|
|
2426 |
msg = secretsdb.search( |
2410 |
msg = secretsdb.search( |
2427 |
base="cn=Primary Domains", |
2411 |
base="cn=Primary Domains", |
2428 |
scope=samba.ldb.SCOPE_SUBTREE, |
2412 |
scope=samba.ldb.SCOPE_SUBTREE, |
2429 |
expression="(flatName=%s)" % ucr["windows/domain"], |
2413 |
expression=filter_format("(flatName=%s)", (ucr["windows/domain"],)), |
2430 |
attrs=["krb5Keytab"] |
2414 |
attrs=["krb5Keytab"] |
2431 |
) |
2415 |
) |
2432 |
if msg: |
2416 |
if msg: |
Lines 2442-2448
def add_servicePrincipals(ucr, secretsdb, spn_list):
|
Link Here
|
---|
|
2442 |
msg = secretsdb.search( |
2426 |
msg = secretsdb.search( |
2443 |
base="cn=Primary Domains", |
2427 |
base="cn=Primary Domains", |
2444 |
scope=samba.ldb.SCOPE_SUBTREE, |
2428 |
scope=samba.ldb.SCOPE_SUBTREE, |
2445 |
expression="(flatName=%s)" % ucr["windows/domain"], |
2429 |
expression=filter_format("(flatName=%s)", (ucr["windows/domain"],)), |
2446 |
attrs=["servicePrincipalName"] |
2430 |
attrs=["servicePrincipalName"] |
2447 |
) |
2431 |
) |
2448 |
if msg: |
2432 |
if msg: |
Lines 2456-2468
def add_servicePrincipals(ucr, secretsdb, spn_list):
|
Link Here
|
---|
|
2456 |
|
2440 |
|
2457 |
|
2441 |
|
2458 |
def sync_position_s4_to_ucs(ucr, udm_type, ucs_object_dn, s4_object_dn): |
2442 |
def sync_position_s4_to_ucs(ucr, udm_type, ucs_object_dn, s4_object_dn): |
2459 |
rdn_list = ldap.explode_dn(s4_object_dn) |
2443 |
new_position = parentDn(s4_object_dn).lower().replace(ucr['connector/s4/ldap/base'].lower(), ucr['ldap/base'].lower()) |
2460 |
rdn_list.pop(0) |
2444 |
old_position = parentDn(ucs_object_dn) |
2461 |
new_position = string.replace(','.join(rdn_list).lower(), ucr['connector/s4/ldap/base'].lower(), ucr['ldap/base'].lower()) |
|
|
2462 |
|
2463 |
rdn_list = ldap.explode_dn(ucs_object_dn) |
2464 |
rdn_list.pop(0) |
2465 |
old_position = ','.join(rdn_list) |
2466 |
|
2445 |
|
2467 |
if new_position.lower() != old_position.lower(): |
2446 |
if new_position.lower() != old_position.lower(): |
2468 |
run_and_output_to_log(["/usr/sbin/univention-directory-manager", udm_type, "move", "--dn", ucs_object_dn, "--position", new_position], log.debug) |
2447 |
run_and_output_to_log(["/usr/sbin/univention-directory-manager", udm_type, "move", "--dn", ucs_object_dn, "--position", new_position], log.debug) |
2469 |
Bug #40055: sort imports by stdlib, third party, univention |
2448 |
Bug #40055: sort imports by stdlib, third party, univention |