univention package

Subpackages

Submodules

univention.config_registry_info module

class univention.config_registry_info.Variable(registered=True)[source]

Bases: univention.info_tools.LocalizedDictionary

UCR variable description.

check()[source]

Check description for completeness.

Returns

List of missing settings.

class univention.config_registry_info.Category[source]

Bases: univention.info_tools.LocalizedDictionary

UCR category description.

check()[source]

Check description for completeness.

Returns

List of missing settings.

class univention.config_registry_info.ConfigRegistryInfo(install_mode=False, registered_only=True, load_customized=True)[source]

Bases: object

UCR variable and category descriptions.

Initialize variable and category descriptions.

Parameters
  • install_modeTrue deactivates the use of an UCR instance.

  • registered_onlyFalse creates synthetic entries for all undescribed but set variables.

  • load_customizedFalse deactivates loading customized descriptions.

BASE_DIR = '/etc/univention/registry.info'
CATEGORIES = 'categories'
VARIABLES = 'variables'
CUSTOMIZED = '_customized'
FILE_SUFFIX = '.cfg'
check_categories()[source]

Check all categories for completeness.

Returns

dictionary of incomplete category descriptions.

check_variables()[source]

Check variables.

Returns

dictionary of incomplete variable descriptions.

read_categories(filename)[source]

Load a single category description file.

Parameters

filename – File to load.

load_categories()[source]

Load all category description files.

check_patterns()[source]

Match descriptions agains currently defined UCR variables.

describe_search_term(term)[source]

Try to apply a description to a search term.

This is not complete, because it would require a complete “intersect two regular languages” algorithm.

Parameters

term – Search term.

Returns

Dictionary mapping variable pattern to Variable info blocks.

write_customized()[source]

Persist the customized variable descriptions.

read_customized()[source]

Read customized variable descriptions.

read_variables(filename=None, package=None, override=False)[source]

Read variable descriptions.

Parameters
  • filename – Explicit filename for loading.

  • package – Explicit package name.

  • overrideTrue to overwrite already loaded descriptions.

Raises

AttributeError – if neither filename nor package are given.

get_categories()[source]

Return a list of category names.

Returns

List if categories.

get_category(name)[source]

Returns a category object associated with the given name or None.

Parameters

name – Name of the category.

Returns

get_variables(category=None)[source]

Return dictionary of variable info blocks belonging to given category.

Parameters

category – Name of the category. None defaults to all variables.

Returns

Dictionary mapping variable-name to Variable instance.

get_variable(key)[source]

Return the description of a variable.

Parameters

key – Variable name.

Returns

description object or None.

add_variable(key, variable)[source]

Add a new variable information item or overrides an old entry.

Parameters
  • key – Variable name.

  • variableVariable instance.

univention.config_registry_info.set_language(lang)[source]

Set the default language.

univention.debhelper module

Debhelper compatible routines.

univention.debhelper.doIt(*argv)[source]

Execute argv and wait.

Parameters

args – List of command and arguments.

>>> doIt('true')
0
univention.debhelper.binary_packages()[source]

Get list of binary packages from debian/control file.

>>> binary_packages() 
[...]
univention.debhelper.parseRfc822(f)[source]

Parses string f as a RFC 822 conforming file and returns list of sections, each a dict mapping keys to lists of values. Splits file into multiple sections separated by blank line.

Parameters

f – The messate to parse.

Returns

A list of dictionaries.

Note

For real Debian files, use the debian.deb822 module from the python-debian package.

>>> res = parseRfc822('Type: file\nFile: /etc/fstab\n\nType: Script\nScript: /bin/false\n')
>>> res == [{'Type': ['file'], 'File': ['/etc/fstab']}, {'Type': ['Script'], 'Script': ['/bin/false']}]
True
>>> parseRfc822('')
[]
>>> parseRfc822('\n')
[]
>>> parseRfc822('\n\n')
[]
univention.debhelper.parser_dh_sequence(parser, argv=None)[source]

Add common argument for Debian helper sequence.

Parameters

parser – argument parser

Returns

parsed arguments

>>> parser = ArgumentParser()
>>> args = parser_dh_sequence(parser, ["-v"])
>>> args.verbose
True

univention.debug module

Univention debugging and logging library.

example:

>>> f = init('stdout', NO_FLUSH, FUNCTION) 
... ...  DEBUG_INIT
>>> set_level(LISTENER, ERROR)
univention.debug.debug(category, level, message, utf8=True)[source]

Log message ‘message’ of severity ‘level’ to facility ‘category’.

Parameters
  • category (int) – ID of the category, e.g. MAIN, LDAP, USERS, …

  • level (int) – Level of logging, e.g. ERROR, WARN, PROCESS, INFO, ALL

  • message (str) – The message to log.

  • utf8 (bool) – Assume the message is UTF-8 encoded.

>>> debug(LISTENER, ERROR, 'Fatal error: var=%s' % 42) 
... ...  LISTENER    ( ERROR   ) : Fatal error: var=42
class univention.debug.function(fname, utf8=True)[source]

Bases: object

Log function call begin and end.

Parameters
  • fname (str) – name of the function starting.

  • utf8 (bool) – Assume the message is UTF-8 encoded.

Deprecated since version 4.4: Use function decorator trace() instead.

>>> def my_func(agr1, agr2=None):
...    _d = function('my_func(...)')  # noqa: F841
...    return 'yes'
>>> my_func(42)
'yes'
univention.debug.trace(with_args=True, with_return=False, repr=<slot wrapper '__repr__' of 'object' objects>)[source]

Log function call, optional with arguments and result.

Parameters
  • with_args (bool) – Log function arguments.

  • with_return (bool) – Log function result.

  • repr – Function accepting a single object and returing a string representation for the given object. Defaults to object.__repr__(), alternative repr().

>>> @trace(with_args=True, with_return=True)
... def my_func(arg1, arg2=None):
...     return 'yes'
>>> my_func(42)
'yes'
>>> class MyClass(object):
...     @trace(with_args=True, with_return=True, repr=repr)
...     def my_meth(self, arg1, arg2=None):
...         return 'yes'
>>> MyClass().my_meth(42)
'yes'
>>> @trace()
... def my_bug():
...     1 / 0
>>> my_bug()
Traceback (most recent call last):
        ...
ZeroDivisionError: integer division or modulo by zero

univention.debug2 module

Python native Univention debugging library.

See univention.debug for an alternative being a wrapper for the C implementation.

univention.debug2.init(logfile, force_flush=0, enable_function=0, enable_syslog=0)[source]

Initialize debugging library for logging to ‘logfile’.

Parameters
  • logfile (str) – name of the logfile, or ‘stderr’, or ‘stdout’.

  • force_flush (bool) – force flushing of messages (True).

  • trace_function (bool) – enable (True) or disable (False) function tracing.

  • enable_syslog (bool) – enable (True) or disable (False) logging to SysLog.

Returns

output file or None.

univention.debug2.exit()[source]

Close debug logfile.

univention.debug2.reopen()[source]

Close and re-open the debug logfile.

univention.debug2.set_level(category, level)[source]

Set minimum required severity ‘level’ for facility ‘category’.

Parameters
  • category (int) – ID of the category, e.g. MAIN, LDAP, USERS, …

  • level (int) – Level of logging, e.g. ERROR, WARN, PROCESS, INFO, ALL

univention.debug2.get_level(category)[source]

Get minimum required severity for facility ‘category’.

Parameters

category (int) – ID of the category, e.g. MAIN, LDAP, USERS, …

Returns

Return debug level of category.

Return type

int

univention.debug2.set_function(activate)[source]

Enable or disable the logging of function begins and ends.

Parameters

activate (bool) – enable (True) or disable (False) function tracing.

Deprecated since version 4.4: Use function decorator trace() instead.

univention.debug2.debug(category, level, message, utf8=True)[source]

Log message ‘message’ of severity ‘level’ to facility ‘category’.

Parameters
  • category (int) – ID of the category, e.g. MAIN, LDAP, USERS, …

  • level (int) – Level of logging, e.g. ERROR, WARN, PROCESS, INFO, ALL

  • message (str) – The message to log.

  • utf8 (bool) – Assume the message is UTF-8 encoded.

class univention.debug2.function(fname, utf8=True)[source]

Bases: object

Log function call begin and end.

Parameters
  • fname (str) – name of the function starting.

  • utf8 (bool) – Assume the message is UTF-8 encoded.

Deprecated since version 4.4: Use function decorator trace() instead.

>>> def my_func(agr1, agr2=None):
...    _d = function('my_func(...)')  # noqa: F841
...    return 'yes'
>>> my_func(42)
'yes'
univention.debug2.trace(with_args=True, with_return=False, repr=<slot wrapper '__repr__' of 'object' objects>)[source]

Log function call, optional with arguments and result.

Parameters
  • with_args (bool) – Log function arguments.

  • with_return (bool) – Log function result.

  • repr – Function accepting a single object and returing a string representation for the given object. Defaults to object.__repr__(), alternative repr().

>>> @trace(with_args=True, with_return=True)
... def my_func(arg1, arg2=None):
...     return 'yes'
>>> my_func(42)
'yes'
>>> class MyClass(object):
...     @trace(with_args=True, with_return=True, repr=repr)
...     def my_meth(self, arg1, arg2=None):
...         return 'yes'
>>> MyClass().my_meth(42)
'yes'
>>> @trace()
... def my_bug():
...     1 / 0
>>> my_bug()
Traceback (most recent call last):
        ...
ZeroDivisionError: integer division or modulo by zero

univention.info_tools module

class univention.info_tools.LocalizedValue(*args, **kwargs)[source]

Bases: dict

Localized description entry.

get(locale=None)[source]

Return the value for key if key is in the dictionary, else default.

set(value, locale=None)[source]
set_default(default)[source]
get_default()[source]
class univention.info_tools.LocalizedDictionary[source]

Bases: dict

Localized descriptions.

get(key)[source]
get(key, default)

Return the value for key if key is in the dictionary, else default.

has_key(key)

True if the dictionary has the specified key, else False.

normalize(key=None)[source]
get_dict(key)[source]
class univention.info_tools.UnicodeConfig[source]

Bases: configparser.ConfigParser

read(filename, encoding='UTF-8')[source]

Read and parse a filename or an iterable of filenames.

Files that cannot be opened are silently ignored; this is designed so that you can specify an iterable of potential configuration file locations (e.g. current directory, user’s home directory, systemwide directory), and all existing configuration files in the iterable will be read. A single filename may also be given.

Return list of successfully read files.

write(fp)[source]

Write an .ini-format representation of the configuration state.

univention.info_tools.set_language(lang)[source]

univention.ldif module

Univention LDIF tool

univention.ldif.ldif_decode(src=<_io.TextIOWrapper name='<stdin>' mode='r' encoding='UTF-8'>, dst=<_io.BufferedWriter name='<stdout>'>)[source]

Decode bas64 in LDIF.

univention.ldif.ldif_unwrap(src=<_io.TextIOWrapper name='<stdin>' mode='r' encoding='UTF-8'>, dst=<_io.BufferedWriter name='<stdout>'>)[source]

Unwrap LDIF.

univention.ldif.ldif_normalize(src=<_io.TextIOWrapper name='<stdin>' mode='r' encoding='UTF-8'>, dst=<_io.BufferedWriter name='<stdout>'>)[source]

Unwrap and base64 decode LDIF.

univention.password module

exception univention.password.CheckFailed[source]

Bases: Exception

class univention.password.Check(lo, username=None)[source]

Bases: object

check(password, username=None, displayname=None)[source]
univention.password.password_config(scope=None)[source]

Read password configuration options from UCR.

Parameters

scope (str) – UCR scope in which password configuration options are searched for. Default is None.

Returns

Password configuration options.

Return type

dict

univention.password.generate_password(digits=6, lower=6, other=0, upper=6, forbidden='', min_length=24)[source]

Generate random password using given parameters. Whitespaces are implicitly forbidden.

Parameters
  • digits (int) – Minimal number of digits in generated password. 0 excludes it from the password.

  • lower (int) – Minimal number of lowercase ASCII letters in generated password. 0 excludes it from the password.

  • other (int) – Minimal number of special characters in generated password. 0 excludes it from the password.

  • upper (int) – Minimal number of uppercase ASCII letters in generated password. 0 excludes it from the password.

  • forbidden (str) – Forbidden characters in generated password.

  • min_length (int) – Minimal length of generated password.

Returns

Randomly generated password.

Return type

str

Raises

ValueError – In case any password quality precondition fails.

univention.pkgdb module

Univention Package Database python module for the package database

univention.pkgdb.parse_options()[source]
parse options and return <options> with

<options.debug> <options.action> <options.system> <options.db_server> set

univention.pkgdb.log(message)[source]

Log-Funktion

univention.pkgdb.build_sysversion(config_registry)[source]
univention.pkgdb.sql_check_privileges(cursor)[source]

DB-Privs testen (leerer Zugriff)

univention.pkgdb.get_dbservername(domainname)[source]

Datenbankserver ermitteln

univention.pkgdb.sql_test_superuser(cursor)[source]

Prüfe auf Superuser

univention.pkgdb.sql_grant_system(connection, cursor, sysname)[source]

Datenbankbenutzer hinzufügen

univention.pkgdb.sql_revoke_system(connection, cursor, sysname)[source]

Datenbankbenutzer entfernen

univention.pkgdb.sql_put_sys_in_systems(cursor, sysname, sysversion, sysrole, ldaphostdn, architecture)[source]

insert a system name into the system-table (or update its data)

univention.pkgdb.sql_put_sys_in_systems_no_architecture(cursor, sysname, sysversion, sysrole, ldaphostdn)[source]

insert a system name into the old system-table (or update its data)

univention.pkgdb.sql_select(cursor, sqlcmd)[source]

SQL Selects

univention.pkgdb.sql_getall_systems(cursor)[source]
univention.pkgdb.sql_getall_systemroles(cursor)[source]
univention.pkgdb.sql_getall_systemversions(cursor)[source]
univention.pkgdb.sql_getall_packages_in_systems(cursor)[source]
univention.pkgdb.sql_get_systems_by_query(cursor, query)[source]
univention.pkgdb.sql_get_packages_in_systems_by_query(cursor, query, join_systems, limit=None, orderby='sysname, pkgname, vername')[source]
univention.pkgdb.dump_systems(cursor)[source]

writes CSV with all systems and their system-specific information to stdout

univention.pkgdb.dump_packages(cursor)[source]
univention.pkgdb.dump_systems_packages(cursor)[source]
univention.pkgdb.action_remove_system(connection, cursor, sysname)[source]

removes system <sysname> from the database

univention.pkgdb.scan_and_store_packages(cursor, sysname, fake_null=False, architecture=None)[source]

updates the system <sysname> with the current package state if <fake_null> is True put ‘’ instead of None in the vername field

univention.pkgdb.action_fill_testdb(connection, cursor, config_registry)[source]

Fülle Testdatenbank

univention.pkgdb.action_scan(connection, cursor, config_registry)[source]

put systems <sysname> in the database and updates it with the current package state

univention.pkgdb.open_database_connection(config_registry, pkgdbu=False, db_server=None)[source]
univention.pkgdb.main()[source]

main function for univention-pkgdb-scan

univention.service_info module

exception univention.service_info.ServiceError[source]

Bases: Exception

Error when starting, stopping or restarting a service.

class univention.service_info.Service(*args, **kwargs)[source]

Bases: univention.info_tools.LocalizedDictionary

Description for a system service.

REQUIRED = frozenset({'description', 'programs'})
OPTIONAL = frozenset({'icon', 'init_script', 'name', 'start_type', 'systemd'})
KNOWN = frozenset({'description', 'icon', 'init_script', 'name', 'programs', 'start_type', 'systemd'})
check()[source]

Check service entry for validity, returning list of incomplete entries.

start()[source]

Start the service.

stop()[source]

Stop the service.

restart()[source]

Restart the service.

status()[source]

Get status of the service.

univention.service_info.pidof(name, docker='/var/run/docker.pid')[source]

Return list of process IDs matching name.

Parameters
  • name – Procress name.

  • docker – File name containing process ID of docker process.

>>> import os,sys;os.getpid() in list(pidof(os.path.realpath(sys.executable))) + list(pidof(sys.executable)) + list(pidof(sys.argv[0]))
True
class univention.service_info.ServiceInfo(install_mode=False)[source]

Bases: object

BASE_DIR = '/etc/univention/service.info'
SERVICES = 'services'
CUSTOMIZED = '_customized'
FILE_SUFFIX = '.cfg'
update_services()[source]

Update the run state of all services.

check_services()[source]

Check service descriptions for completeness.

Returns

dictionary of incomplete service descriptions.

write_customized()[source]

Save service cusomization.

read_services(filename=None, package=None, override=False)[source]

Read start/stop levels of services.

Parameters
  • filename – Explicit filename for loading.

  • package – Explicit package name.

  • overrideTrue to overwrite already loaded descriptions.

Raises

AttributeError – if neither filename nor package are given.

read_customized()[source]

Read service cusomization.

get_services()[source]

Return a list fo service names.

Returns

List of service names.

get_service(name)[source]

Return the service object associated with the given name.

Parameters

name – Service name.

Returns

description object or None.

add_service(name, service)[source]

Add a new service object or overrides an old entry.

Parameters
  • name – Service name.

  • serviceService instance.

univention.uldap module

univention.uldap.parentDn(dn, base='')[source]

Return the parent container of a distinguished name.

Parameters
  • dn (str) – The distinguished name.

  • base (str) – distinguished name where to stop.

Returns

The parent distinguished name or None.

Return type

str or None

univention.uldap.explodeDn(dn, notypes=0)[source]

Break up a DN into its component parts.

Parameters
  • dn (str) – The distinguished name.

  • notypes (int) – Return only the component’s attribute values if True. Also the attribute types if False.

Returns

A list of relative distinguished names.

Return type

list[str]

univention.uldap.getRootDnConnection(start_tls=2, decode_ignorelist=[], reconnect=True)[source]

Open a LDAP connection to the local LDAP server with the LDAP root account.

Parameters
  • start_tls (int) – Negotiate TLS with server. If 2 is given, the command will require the operation to be successful.

  • decode_ignorelist (list[str]) – List of LDAP attribute names which shall be handled as binary attributes.

  • reconnect (bool) – Automatically reconect if the connection fails.

Returns

A LDAP access object.

Return type

univention.uldap.access

univention.uldap.getAdminConnection(start_tls=2, decode_ignorelist=[], reconnect=True)[source]

Open a LDAP connection to the Primary Directory Node LDAP server using the admin credentials.

Parameters
  • start_tls (int) – Negotiate TLS with server. If 2 is given, the command will require the operation to be successful.

  • decode_ignorelist (list[str]) – List of LDAP attribute names which shall be handled as binary attributes.

  • reconnect (bool) – Automatically reconect if the connection fails.

Returns

A LDAP access object.

Return type

univention.uldap.access

univention.uldap.getBackupConnection(start_tls=2, decode_ignorelist=[], reconnect=True)[source]

Open a LDAP connection to a Backup Directory Node LDAP server using the admin credentials.

Parameters
  • start_tls (int) – Negotiate TLS with server. If 2 is given, the command will require the operation to be successful.

  • decode_ignorelist (list[str]) – List of LDAP attribute names which shall be handled as binary attributes.

  • reconnect (bool) – Automatically reconect if the connection fails.

Returns

A LDAP access object.

Return type

univention.uldap.access

univention.uldap.getMachineConnection(start_tls=2, decode_ignorelist=[], ldap_master=True, secret_file='/etc/machine.secret', reconnect=True, random_server=False)[source]

Open a LDAP connection using the machine credentials.

Parameters
  • start_tls (int) – Negotiate TLS with server. If 2 is given, the command will require the operation to be successful.

  • decode_ignorelist (list[str]) – List of LDAP attribute names which shall be handled as binary attributes.

  • ldap_master (bool) – Open a connection to the Master if True, to the preferred LDAP server otherwise.

  • secret_file (str) – The name of a file containing the password credentials.

  • reconnect (bool) – Automatically reconnect if the connection fails.

  • random_server (bool) – Choose a random LDAP server from ldap/server/name and ldap/server/addition.

Returns

A LDAP access object.

Return type

univention.uldap.access

class univention.uldap.access(host='localhost', port=None, base='', binddn='', bindpw='', start_tls=2, ca_certfile=None, decode_ignorelist=[], use_ldaps=False, uri=None, follow_referral=False, reconnect=True)[source]

Bases: object

The low-level class to access a LDAP server.

Parameters
  • host (str) – host name of the LDAP server.

  • port (int) – TCP port of the LDAP server. Defaults to 7389 or 7636.

  • base (str) – LDAP base distinguished name.

  • binddn (str) – Distinguished name for simple authentication.

  • bindpw (str) – Password for simple authentication.

  • start_tls (int) – 0=no, 1=try StartTLS, 2=require StartTLS.

  • ca_certfile (str) – File name to CA certificate.

  • decode_ignorelist – List of LDAP attribute names which shall be handled as binary attributes.

  • use_ldaps (bool) – Connect to SSL port.

  • uri (str) – LDAP connection string.

  • follow_referral (bool) – Follow referrals and return result from other servers instead of returning the referral itself.

  • reconnect (bool) – Automatically re-establish connection to LDAP server if connection breaks.

bind(binddn, bindpw)[source]

Do simple LDAP bind using DN and password.

Parameters
  • binddn (str) – The distinguished name of the account.

  • bindpw (str) – The user password for simple authentication.

bind_saml(bindpw)[source]

Do LDAP bind using SAML message.

Parameters

bindpw (str) – The SAML authentication cookie.

unbind()[source]

Unauthenticate.

whoami()[source]

Return the distinguished name of the authenticated user.

Returns

The distinguished name.

Return type

str

get(dn, attr=[], required=False)[source]

Return multiple attributes of a single LDAP object.

Parameters
  • dn (str) – The distinguished name of the object to lookup.

  • attr (list[str]) – The list of attributes to fetch.

  • required (bool) – Raise an exception instead of returning an empty dictionary.

Returns

A dictionary mapping the requested attributes to a list of their values.

Return type

dict[str, list[bytes]]

Raises

ldap.NO_SUCH_OBJECT – If the LDAP object is not accessible.

getAttr(dn, attr, required=False)[source]

Return a single attribute of a single LDAP object.

Parameters
  • dn (str) – The distinguished name of the object to lookup.

  • attr (str) – The attribute to fetch.

  • required (bool) – Raise an exception instead of returning an empty dictionary.

Returns

A list of values.

Return type

list[bytes]

Raises

ldap.NO_SUCH_OBJECT – If the LDAP object is not accessible.

Warning

the attribute name is currently case sensitive and must be given as in the LDAP schema

Warning

when required=True it raises ldap.NO_SUCH_OBJECT even if the object exists but the attribute is not set

search(filter='(objectClass=*)', base='', scope='sub', attr=[], unique=False, required=False, timeout=- 1, sizelimit=0, serverctrls=None, response=None)[source]

Perform LDAP search and return values.

Parameters
  • filter (str) – LDAP search filter.

  • base (str) – the starting point for the search.

  • scope (str) – Specify the scope of the search to be one of base, base+one, one, sub, or domain to specify a base object, base plus one-level, one-level, subtree, or children search.

  • attr (list[str]) – The list of attributes to fetch.

  • unique (bool) – Raise an exception if more than one object matches.

  • required (bool) – Raise an exception instead of returning an empty dictionary.

  • timeout (int) – wait at most timeout seconds for a search to complete. -1 for no limit.

  • sizelimit (int) – retrieve at most sizelimit entries for a search. 0 for no limit.

  • serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.

  • response (dict) – An optional dictionary to receive the server controls of the result.

Returns

A list of 2-tuples (dn, values) for each LDAP object, where values is a dictionary mapping attribute names to a list of values.

Return type

list[tuple[str, dict[str, list[bytes]]]]

Raises
  • ldap.NO_SUCH_OBJECT – Indicates the target object cannot be found.

  • ldap.INAPPROPRIATE_MATCHING – Indicates that the matching rule specified in the search filter does not match a rule defined for the attribute’s syntax.

searchDn(filter='(objectClass=*)', base='', scope='sub', unique=False, required=False, timeout=- 1, sizelimit=0, serverctrls=None, response=None)[source]

Perform LDAP search and return distinguished names only.

Parameters
  • filter (str) – LDAP search filter.

  • base (str) – the starting point for the search.

  • scope (str) – Specify the scope of the search to be one of base, base+one, one, sub, or domain to specify a base object, base plus one-level, one-level, subtree, or children search.

  • unique (bool) – Raise an exception if more than one object matches.

  • required (bool) – Raise an exception instead of returning an empty dictionary.

  • timeout (int) – wait at most timeout seconds for a search to complete. -1 for no limit.

  • sizelimit (int) – retrieve at most sizelimit entries for a search. 0 for no limit.

  • serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request.

  • response (dict) – An optional dictionary to receive the server controls of the result.

Returns

A list of distinguished names.

Return type

list[str]

Raises
  • ldap.NO_SUCH_OBJECT – Indicates the target object cannot be found.

  • ldap.INAPPROPRIATE_MATCHING – Indicates that the matching rule specified in the search filter does not match a rule defined for the attribute’s syntax.

getPolicies(dn, policies=None, attrs=None, result=None, fixedattrs=None)[source]

Return UCS policies for LDAP entry.

Parameters
  • dn (str) – The distinguished name of the LDAP entry.

  • policies (list) – List of policy object classes…

  • attrs (dict) – LDAP attributes. If not given, the data is fetched from LDAP.

  • result – UNUSED!

  • fixedattrs – UNUSED!

Returns

A mapping of policy names to

get_schema()[source]

Retrieve LDAP schema information from LDAP server.

Returns

The LDAP schema.

Return type

ldap.schema.subentry.SubSchema

add(dn, al, serverctrls=None, response=None)[source]

Add LDAP entry at distinguished name and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values).

Parameters
  • dn (str) – The distinguished name of the object to add.

  • al – The add-list of 2-tuples (attribute-name, new-values).

  • serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request

  • response (dict) – An optional dictionary to receive the server controls of the result.

modify(dn, changes, serverctrls=None, response=None, rename_callback=None)[source]

Modify LDAP entry DN with attributes in changes=(attribute-name, old-values, new-values).

Parameters
  • dn (str) – The distinguished name of the object to modify.

  • changes – The modify-list of 3-tuples (attribute-name, old-values, new-values).

  • serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request

  • response (dict) – An optional dictionary to receive the server controls of the result.

Returns

The distinguished name.

Return type

str

modify_s(dn, ml)[source]

Redirect modify_s directly to lo.

Parameters
  • dn (str) – The distinguished name of the object to modify.

  • ml – The modify-list of 3-tuples (attribute-name, old-values, new-values).

modify_ext_s(dn, ml, serverctrls=None, response=None)[source]

Redirect modify_ext_s directly to lo.

Parameters
  • dn (str) – The distinguished name of the object to modify.

  • ml – The modify-list of 3-tuples (attribute-name, old-values, new-values).

  • serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request

  • response (dict) – An optional dictionary to receive the server controls of the result.

rename(dn, newdn, serverctrls=None, response=None)[source]

Rename a LDAP object.

Parameters
  • dn (str) – The old distinguished name of the object to rename.

  • newdn (str) – The new distinguished name of the object to rename.

  • serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request

  • response (dict) – An optional dictionary to receive the server controls of the result.

rename_ext_s(dn, newrdn, newsuperior=None, serverctrls=None, response=None)[source]

Redirect rename_ext_s directly to lo.

Parameters
  • dn (str) – The old distinguished name of the object to rename.

  • newdn (str) – The new distinguished name of the object to rename.

  • newsuperior (str) – The distinguished name of the new container.

  • serverctrls (list[ldap.controls.LDAPControl]) – a list of ldap.controls.LDAPControl instances sent to the server along with the LDAP request

  • response (dict) – An optional dictionary to receive the server controls of the result.

delete(dn)[source]

Delete a LDAP object.

Parameters

dn (str) – The distinguished name of the object to remove.

parentDn(dn)[source]

Return the parent container of a distinguished name.

Parameters

dn (str) – The distinguished name.

Returns

The parent distinguished name or None if the LDAP base is reached.

Return type

str or None

explodeDn(dn, notypes=False)[source]

Break up a DN into its component parts.

Parameters
  • dn (str) – The distinguished name.

  • notypes (bool) – Return only the component’s attribute values if True. Also the attribute types if False.

Returns

A list of relative distinguished names.

Return type

list[str]

classmethod compare_dn(a, b)[source]

Test DNs are same

Parameters
  • a (str) – The first distinguished name.

  • b (str) – A second distinguished name.

Returns

True if the DNs are the same, False otherwise.

Return type

bool

>>> compare_dn = access.compare_dn
>>> compare_dn('foo=1', 'foo=1')
True
>>> compare_dn('foo=1', 'foo=2')
False
>>> compare_dn('Foo=1', 'foo=1')
True
>>> compare_dn('Foo=1', 'foo=2')
False
>>> compare_dn('foo=1,bar=2', 'foo=1,bar=2')
True
>>> compare_dn('bar=2,foo=1', 'foo=1,bar=2')
False
>>> compare_dn('foo=1+bar=2', 'foo=1+bar=2')
True
>>> compare_dn('bar=2+foo=1', 'foo=1+bar=2')
True
>>> compare_dn('bar=2+Foo=1', 'foo=1+Bar=2')
True
>>> compare_dn(r'foo=\31', r'foo=1')
True