univention.connector.ad package

exception univention.connector.ad.netbiosDomainnameNotFound[source]

Bases: Exception

exception univention.connector.ad.kerberosAuthenticationFailed[source]

Bases: Exception

univention.connector.ad.set_univentionObjectFlag_to_synced(connector, key, ucs_object)[source]
univention.connector.ad.group_members_sync_from_ucs(connector, key, object)[source]
univention.connector.ad.object_memberships_sync_from_ucs(connector, key, object)[source]
univention.connector.ad.group_members_sync_to_ucs(connector, key, object)[source]
univention.connector.ad.object_memberships_sync_to_ucs(connector, key, object)[source]
univention.connector.ad.primary_group_sync_from_ucs(connector, key, object)[source]
univention.connector.ad.primary_group_sync_to_ucs(connector, key, object)[source]
univention.connector.ad.disable_user_from_ucs(connector, key, object)[source]
univention.connector.ad.set_userPrincipalName_from_ucr(connector, key, object)[source]
univention.connector.ad.disable_user_to_ucs(connector, key, object)[source]
univention.connector.ad.fix_dn(dn)[source]
univention.connector.ad.str2dn(dn)[source]
univention.connector.ad.unix2ad_time(ltime)[source]
univention.connector.ad.ad2unix_time(ltime)[source]
univention.connector.ad.samba2ad_time(ltime)[source]
univention.connector.ad.ad2samba_time(ltime)[source]
univention.connector.ad.samaccountname_dn_mapping(connector, given_object, dn_mapping_stored, ucsobject, propertyname, propertyattrib, ocucs, ucsattrib, ocad, dn_attr=None)[source]

map dn of given object (which must have an samaccountname in AD) ocucs and ocad are objectclasses in UCS and AD

univention.connector.ad.user_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given user using the samaccountname/uid connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.group_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given group using the samaccountname/cn connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.windowscomputer_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject)[source]

map dn of given windows computer using the samaccountname/uid connector is an instance of univention.connector.ad, given_object an object-dict, dn_mapping_stored a list of dn-types which are already mapped because they were stored in the config-file

univention.connector.ad.decode_sid(value)[source]
class univention.connector.ad.LDAPEscapeFormatter[source]

Bases: string.Formatter

A custom string formatter that supports a special e conversion, to employ the function ldap.filter.escape_filter_chars() on the given value.

>>> LDAPEscapeFormatter().format("{0}", "*")
'*'
>>> LDAPEscapeFormatter().format("{0!e}", "*")
'\2a'

Unfortunately this does not support the key/index-less variant (see http://bugs.python.org/issue13598).

>>> LDAPEscapeFormatter().format("{!e}", "*")
Traceback (most recent call last):
KeyError: ''
convert_field(value, conversion)[source]
univention.connector.ad.format_escaped(format_string, *args, **kwargs)[source]

Convenience-wrapper around LDAPEscapeFormatter.

Use !e do denote format-field that should be escaped using ldap.filter.escape_filter_chars()

>>> format_escaped("{0!e}", "*")
'\2a'
class univention.connector.ad.ad(CONFIGBASENAME, property, configRegistry, ad_ldap_host, ad_ldap_port, ad_ldap_base, ad_ldap_binddn, ad_ldap_bindpw, ad_ldap_certificate, listener_dir, max_retry_rejected, logfilename=None, debug_level=None)[source]

Bases: univention.connector.ucs

RANGE_RETRIEVAL_PATTERN = re.compile('^([^;]+);range=(\\d+)-(\\d+|\\*)$')
classmethod main(ucr=None, configbasename='connector', **kwargs)[source]
init_group_cache()[source]
init_ldap_connections()[source]
open_drs_connection()[source]
open_samr()[source]
get_kerberos_ticket()[source]
ad_search_ext_s(*args, **kwargs)[source]
open_ad()[source]
get_lastUSN()[source]
list_rejected()[source]
save_rejected(object)[source]

save object as rejected

remove_rejected(object)[source]

remove object from rejected

addToCreationList(dn)[source]
removeFromCreationList(dn)[source]
isInCreationList(dn)[source]
parse_range_retrieval_attrs(ad_attrs, attr)[source]
value_range_retrieval(ad_dn, ad_attrs, attr)[source]
get_ad_members(ad_dn, ad_attrs)[source]
get_object(dn, attrlist=None)[source]

Get an object from AD-LDAP

set_primary_group_to_ucs_user(object_key, object_ucs)[source]

check if correct primary group is set to a fresh UCS-User

primary_group_sync_from_ucs(key, object)[source]

sync primary group of an ucs-object to ad

primary_group_sync_to_ucs(key, object)[source]

sync primary group of an ad-object to ucs

object_memberships_sync_from_ucs(key, object)[source]

sync group membership in AD if object was changend in UCS

group_members_sync_from_ucs(key, object)[source]

sync groupmembers in AD if changend in UCS

object_memberships_sync_to_ucs(key, object)[source]

sync group membership in UCS if object was changend in AD

one_group_member_sync_to_ucs(ucs_group_object, object)[source]

sync groupmembers in UCS if changend one member in AD

one_group_member_sync_from_ucs(ad_group_object, object)[source]

sync groupmembers in AD if changend one member in AD

group_members_sync_to_ucs(key, object)[source]

sync groupmembers in UCS if changend in AD

set_userPrincipalName_from_ucr(key, object)[source]
disable_user_from_ucs(key, object)[source]
disable_user_to_ucs(key, object)[source]
initialize()[source]
resync_rejected()[source]

tries to resync rejected dn

poll(show_deleted=True)[source]

poll for changes in AD

sync_from_ucs(property_type, object, pre_mapped_ucs_dn, old_dn=None, object_old=None)[source]
delete_in_ad(object, property_type)[source]

Submodules

univention.connector.ad.main module

univention.connector.ad.main.bind_stdout(options, statuslogfile)[source]
univention.connector.ad.main.daemon(lock_file, options)[source]
univention.connector.ad.main.connect(options)[source]
univention.connector.ad.main.lock(filename)[source]
univention.connector.ad.main.main()[source]

univention.connector.ad.mapping module

univention.connector.ad.mapping.ignore_filter_from_tmpl(template, ucr_key, default='')[source]

Construct an ignore_filter from a ucr_key (connector/ad/mapping/*/ignorelist, a comma delimited list of values), as specified by template while correctly escaping the filter-expression.

template must be formatted as required by format_escaped.

>>> ignore_filter_from_tmpl('(cn={0!e})',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
univention.connector.ad.mapping.ignore_filter_from_attr(attribute, ucr_key, default='')[source]

Convenience-wrapper around ignore_filter_from_tmpl().

This expects a single attribute instead of a template argument.

>>> ignore_filter_from_attr('cn',
... 'connector/ad/mapping/nonexistend/ignorelist',
... 'one,two,three')
'(|(cn=one)(cn=two)(cn=three))'
univention.connector.ad.mapping.load_localmapping(filename='/etc/univention/connector/ad/localmapping.py')[source]

univention.connector.ad.password module

univention.connector.ad.password.nt_password_to_arcfour_hmac_md5(nt_password)[source]
univention.connector.ad.password.transformKey(InputKey)[source]
univention.connector.ad.password.mySamEncryptNTLMHash(hash, key)[source]
univention.connector.ad.password.deriveKey(baseKey)[source]
univention.connector.ad.password.removeDESLayer(cryptedHash, rid)[source]
univention.connector.ad.password.decrypt(key, data, rid)[source]
univention.connector.ad.password.calculate_krb5keys(supplementalCredentialsblob)[source]
univention.connector.ad.password.set_password_in_ad(connector, samaccountname, pwd, reconnect=False)[source]
univention.connector.ad.password.decrypt_supplementalCredentials(connector, spl_crypt)[source]
univention.connector.ad.password.get_password_from_ad(connector, user_dn, reconnect=False)[source]
univention.connector.ad.password.password_sync_ucs(connector, key, object)[source]
univention.connector.ad.password.password_sync_kinit(connector, key, ucs_object)[source]
univention.connector.ad.password.password_sync(connector, key, ucs_object)[source]

univention.connector.ad.proxyAddresses module

univention.connector.ad.proxyAddresses.valid_mailaddress(val)[source]
univention.connector.ad.proxyAddresses.equal(values1, values2)[source]

This is called in these two ways: 1. in sync_from_ucs: values1 are mapped ucs and values2 are con 2. in __set_values: values1 are ucs and values2 are mapped con

univention.connector.ad.proxyAddresses.to_proxyAddresses(s4connector, key, object)[source]
univention.connector.ad.proxyAddresses.to_mailPrimaryAddress(s4connector, key, object)[source]
univention.connector.ad.proxyAddresses.to_mailAlternativeAddress(s4connector, key, object)[source]

univention.connector.ad.query_config module

univention.connector.ad.query_config.fixup(s)[source]