XcA@sdZddkZddkZddkZddklZddkZddklZl Z l Z ddkl Z l Z l Z ddklZlZlZddklZddklZlZdd klZdd klZdd klZlZdd klZlZed dededdededdededdededdededdededdededdededdeded dd!ed"ded#ed$ded%ed&dd'ed(ded)ed*ded+ed,ded-ed.ded/ed0ded1ed2dd3ed4ded5ed6ded7ed8dd9ed:dd;ed<dd=ed>dd?ed@dedAedBdedCedDdedEedFdedGedHdedIedJdedKedLdedMedNdedOedPdedQedRddSedTddUedVddWedXddYedZdd[ed\dd]ed^ded_ed`dedaedbdedcedddedeedfdedgdhdigedjdedkedldedmf/ZdnZ doZ!dpZ"dqZ#e$drZ%dsZ&e'dtZ(duZ)dvZ*edwe*dedxdhdygZ+dzZ,d{Z-d|Z.d}Z/d~e fdYZ0dZ1dZ2dZ3de fdYZ4de4e fdYZ5de5e i6fdYZ7de5e i8fdYZ9de9fdYZ:de9fdYZ;de9e i<fdYZ=de:fdYZ>de9fdYZ?de?fdYZ@de?fdYZAdZBde5e iCfdYZDde9fdYZEdeEfdYZFdeEfdYZGdS(s Base classes for LDAP plugins. iN(tdeepcopy(tapitcrudterrors(tMethodtObjecttCommand(tFlagtInttStr(t NameSpace(tto_clitfrom_cli(toutput(t_(tjson_serializetvalidate_hostname(tDNtRDNt has_passwordtlabeltPasswordtmembersFailed memberss member_user?s Member userss member_group?s Member groupssmemberof_group?sMember of groupss member_host?s Member hostssmember_hostgroup?sMember host-groupssmemberof_hostgroup?sMember of host-groupssmemberof_permission?t Permissionssmemberof_privilege?t Privilegessmemberof_role?tRolessmemberof_sudocmdgroup?sSudo Command Groupssmember_privilege?sGranted to Privileges member_role?sGranting privilege to rolessmember_netgroup?sMember netgroupssmemberof_netgroup?sMember of netgroupssmember_service?sMember servicessmember_servicegroup?sMember service groupssmemberof_servicegroup?sMember of service groupssmember_hbacsvc?sMember HBAC servicesmember_hbacsvcgroup?sMember HBAC service groupssmemberof_hbacsvcgroup?sMember of HBAC service groupssmember_sudocmd?sMember Sudo commandssmemberof_sudorule?sMember of Sudo rulesmemberof_hbacrule?sMember of HBAC rulesmemberindirect_user?sIndirect Member userssmemberindirect_group?sIndirect Member groupssmemberindirect_host?sIndirect Member hostssmemberindirect_hostgroup?sIndirect Member host-groupssmemberindirect_role?sIndirect Member of rolessmemberindirect_permission?sIndirect Member permissionssmemberindirect_hbacsvc?sIndirect Member HBAC servicesmemberindirect_hbacsvcgrp?s"Indirect Member HBAC service groupsmemberindirect_netgroup?sIndirect Member netgroupssmemberofindirect_group?sIndirect Member of groupsmemberofindirect_netgroup?sIndirect Member of netgroupsmemberofindirect_hostgroup?sIndirect Member of host-groupsmemberofindirect_role?sIndirect Member of rolesmemberofindirect_sudorule?sIndirect Member of Sudo rulesmemberofindirect_hbacrule?sIndirect Member of HBAC rulet sourcehostsFailed source hosts/hostgroupst memberhostsFailed hosts/hostgroupst memberusersFailed users/groupst memberservicesFailed service/service groupstfailedsFailed to removetflagstsuppress_emptyt ipasudorunass Failed RunAstipasudorunasgroupsFailed RunAsGroupcCst|d|dS(Ntaddattr(tvalidate_attribute(tugettexttattr((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytvalidate_add_attributescCst|d|dS(Ntsetattr(R$(R%R&((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytvalidate_set_attributescCst|d|dS(Ntdelattr(R$(R%R&((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytvalidate_del_attributescCsYtid|}| pt|idjo"tid|dtdndS(Ns\s*(.*?)\s*=\s*(.*?)\s*$itnameterrors$Invalid format. Should be name=value(tretmatchtlentgroupsRtValidationErrorR(R%R,R&tm((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR$s! cCs|djodddg}n|i||}h}d|djoa|dd}|did}x=|D]1}|id\}}|||ii/s(RMRNt get_entryt isinstancetlistttupletmapR=(R>R?R&tvalueRTRUtvalues((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytwait_for_values      c Cs=yt|dtdtWntj o}t|SXdS(Nt check_fqdntallow_underscore(RtFalsetTruet ValueErrortunicode(R%thostnameRI((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytvalidate_externalhost9ss externalhost*s External hostt no_optionc Csd}|i|o|djo |}nti|i}x||D]v}y||WqKtij o$}tid|d|iqKtj o!}tid|d|qKXqKWn|S(s Pre callback to validate external members. This should be called by a command pre callback directly. membertype is the type of member cSst|dtdtdS(NRaRb(RRcRd(Rg((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt validate_hostQsthostR,R-(tgetRRt primary_keyRR2R-Re( t membertypeR>R?RFtoptionsRjt validatorR^RI((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytadd_external_pre_callbackFs    %c Osd} | idt} ||jo|||jo|i||g\}} |i|g} | i|g}td|D}g}x |||D]}|di}ti|i|}||joQ|| joD| o|i|n|i|d|i || d7} q||jol|| jo_t t i i }|d|f}|||i|}|||||<|i|q|i|qW| oPy|i|h||6Wnt ij onX||||<|||vs i(RlRdRYtsetR=RRtget_dntappendtaddRfRtAlreadyGroupMembertmessagetindext update_entryt EmptyModlist(t memberattrRnt externalattrR>RPRR?RURFRotcompleted_externalt normalizet entry_attrs_tmemberstexternal_entriestlc_external_entriestfailed_entriesRGt membernamet member_dntmsgtnewerrortind((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytadd_external_post_callbackbsF      c OsZ||jo?|||jo.|i||g\}} | i|g} g} d} x|||D]}|di}|| jp|d| joFy| i|Wn$tj o| i|dnX| d7} qf| i|qfW| oPy|i|h| |6Wntij onX| |||<| ||RPRR?RURFRoRRRRRGR((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytremove_external_post_callbacks.c Cstd|fd d d tii}y=|i|dg\}}tidddtd Wntij od SXd S(sq Check to see if this host is a master. Raises an exception if a master, otherwise returns nothing. tcntmasterstipatetct objectclassR,RgR-s0An IPA master host cannot be deleted or disabledN(RR(RR(RR( RRtenvtbasednRYRR2RtNotFound(R>tfqdnt master_dnR?RU((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pythost_is_masters $"t LDAPObjectcBsneZdZdZdZdZeZedZ edZ gZ d4Z gZgZgZgZd4ZgZgZddgZdZdZhZeZgZeZhd5d 6d6d 6d7d6d8d6ZedZedZedZ edZ!edZ"edZ#dZ$dZ%dZ&dZ'dZ(dZ)dZ*d Z+d!Z,d9Z-d3Z.RS(:s+ Object representing a LDAP entry. tldap2tRGtentriesRtacitMembertno_Rs Member Oftin_tnot_in_RLsIndirect Membert no_indirect_tmemberindirectsIndirect Member Oftnot_in_indirect_tmemberofindirecttEntrys)container entry (%(container)s) not founds%(parent)s: %(oname)s not founds%(pkey)s: %(oname)s not founds-%(oname)s with name "%(pkey)s" already existsc Os|io$|ii|ii|d }n |i}|io\y;|ii|ii |d|i dg|i\}}Wnt i j oqX|Sn|io2|ddj o!|ii|ii |d|S|S(NiR(t parent_objectRRRut container_dnt rdn_attributetbackendtfind_entry_by_attrRmR,t object_classRRR9tmake_dn_from_attr(tselfRFtkwargst parent_dnR?RU((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRus $    cOs4|i||}|ii|dg\}}|S(NR(RuRRY(RRFRR?RU((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytget_dn_if_existssc Csyi|io[|ii||iig\}}y||iidSWqhttfj odSXnWntij onXy||iiSWntj ot |SXdS(NiR( RRRYRmR,tKeyErrort IndexErrorRRRf(RR?RU((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytget_primary_key_from_dns  c cs|io|ii|i}x|iD] }|Vq*W|ioC|i}|i|i|idtdtd|id|iVqndS(Ntrequiredtquerytcli_nameR( RRRtget_ancestor_primary_keysRmt __class__R,RdR(Rt parent_objtkeytpkey((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR,s     cCs"td|}|i|jS(NcSs |iS((R=(RT((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRX9s(R]R=(RtclassesRtoc((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pythas_objectclass8sc Os|idtodSx|iD]}x|i|gD]w}xn|i|D]_}|ii|}|i|jo9d||if}|i|gi|i |qOqOWq;W||=q"WdS(Ntraws%s_%s( RlRctattribute_memberst setdefaultRRRR,RvR( RRURFRoR&Rt ldap_obj_nametldap_objtnew_attr((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytconvert_attribute_members<s c Cs}xv|iD]k\}}d|}y2|i||g||i\}}t||R?RUtpwattrR&t search_filterRt truncated((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytget_password_attributesJs  cGsLd}|io|d}ntid|ih|d6|id6dS(NRitreasonRtoname(RmRRtobject_not_found_msgt object_name(RRFR((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pythandle_not_found]s    cGsLd}|io|d}ntid|ih|d6|id6dS(NRiRyRR(RmRtDuplicateEntrytalready_exists_msgR(RRFR((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pythandle_duplicate_entrygs    RRRtobject_name_pluralRtobject_class_configtdefault_attributesRtlabel_singularthidden_attributestuuid_attributeRR,t takes_paramsRtbindablet relationshipsc sfi}tfdiD}ioii|d|s Rmiitaciattrstmethods(Rtdicttjson_friendly_attributesRmR,RRtget_ipa_configRltpossible_objectclassesRtBackendRtschematattribute_typest iteritemsRvtnamesR=tsortR( RR>t json_dictt objectclassestconfigR@tattrlisttoidR&t_[1]R3((Rs;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt__json__ys.         (N(RRR(s Member OfRR(sIndirect MemberNR(sIndirect Member OfNR(s parent_objects container_dns object_namesobject_name_plurals object_classsobject_class_configsdefault_attributesslabelslabel_singularshidden_attributessuuid_attributesattribute_memberssnameRs rdn_attributesbindables relationships(/t__name__t __module__t__doc__t backend_nameRRRdt normalize_dnRRRRR9RRtlimit_object_classestdisallow_object_classestsearch_attributestsearch_attributes_configRtsearch_display_attributesRRRRRctrdn_is_primary_keyRRRRRtcontainer_not_found_msgtparent_not_found_msgRRRuRRRRRRRRRR(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs`                 cCsxy|iD]k\}}t|ttfoIt|djo6||jo%||i otid|qxq q WdS(NiR&(RRZR[R\R0t multivalueRtOnlyOneValueAllowed(tparamsRURRE((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt_check_single_value_attrss  )cCsx|iD]q\}}|djp#t|toHt|djo5||jo$||iotid|q~q q WdS(NiR,(RR9RZt basestringR0RRtRequirementError(RRURRE((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt_check_empty_attrss  0c Cst|ddjot|ddjodSt|}x|diD]\}}|idi|jo[|p6tidtdtd|idin|i |idiqPqPWx|diD]\}}|idi|jo[|p6tidtdtd|idin|i |idiqqWt|djo4|o-tidtdtd|dndS(s+ If the set of objectclasses is limited enforce that only those are updated in entry_attrs (plus dn) allow_only tells us what mode to check in: If True then we enforce that the attributes must be in the list of allowed. If False then those attributes are not allowed. iiNtinfos%attribute "%(attribute)s" not allowedt attribute( R0RRRR=RtObjectclassViolationRRR(t attributesR@t allow_onlyt limitattrsRR&((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt_check_limit_object_classs. .   "  " tCallbackInterfacecBs8eZdZeZedZeedZRS(sCallback registration interface This class's subclasses allow different types of callbacks to be added and removed to them. Registering a callback is done either by ``register_callback``, or by defining a ``_callback`` method. Subclasses should define the `_callback_registry` attribute as a dictionary mapping allowed callback types to (initially) empty dictionaries. ccss|i|i|dg}xP|D]H}|djo0yt|d|VWqktj oqkXq#|Vq#WdS(s!Yield callbacks of the given types %s_callbackN(t_callback_registryRlR9RtAttributeError(tclst callback_typet callbackstcallback((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt get_callbackss  cCsoy|i||}Wn+tj odg}|i||R@tnewdictRR3R&R^((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt_convert_2_dicts8   #   cstfddDodS|ii}|i|idg}|i|idg}|i|idg}t|i} t|i} t|i} |djo| } | } g}n)| | @} | | @} t| | B| }x$|i D]\}}|||_s R(R#R*NR&R^Rcssx|]}|iVqWdS(N(R=(Rstn((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pys s R,R-sNo such attribute on this entryii(ssetattrsaddattrsdelattr(%tallR&RR*RlRtRFR9R[RRRZR\textendRReRtAttrValueNotFoundt _exc_wrapperRYRRRR2tpopRR$Rftbase64t b64encodeRR RR0RR-tConversionError(RRUR?RFRoR>tadddicttsetdicttdeldicttsetattrstaddattrstdelattrst direct_addt direct_delt needldapattrsR&tvaltdelvalt old_entryRtdel_nonexistingt changedattrstparamR^terrR((Ros;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytprocess_attr_optionsFs         %" !)!     @ 1cCs|id||dS(s*Shortcut for register_callback('pre', ...)RN(R(RRR((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytregister_pre_callbackscCs|id||dS(s+Shortcut for register_callback('post', ...)R N(R(RRR((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytregister_post_callbackscCs|id||dS(s*Shortcut for register_callback('exc', ...)R!N(R(RRR((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytregister_exc_callbackscCs|id||dS(s9Shortcut for register_callback('interactive_prompt', ...)R"N(R(RRR((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt$register_interactive_prompt_callbackscsfd}|S(s=Function wrapper that automatically calls exception callbackscs}tid}xytoqy|||SWqtij oJ|pn|idfd}|}qXqWdS(NR!ics||S(N((targsR(RIRFRRt call_funcRo(s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytexc_funcs(R[RRdRtExecutionErrorR0(t call_argst call_kwargstfuncRRK(RFRRJRo(RIRs;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytwrappeds((RRFRoRJRP((RFRRJRos;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR/sc csx"tt|iD] }|VqW|iiobx_|iD]P}t|titi fo.t ddt ddddddgVPq<q<WndS( Nt no_membersRs-Suppress processing of membership attributes.RRRRit no_output( tsuperRt get_optionsR&Rt has_outputRZR Rt ListOfEntriesRR(RRBto((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRTs     (RRRR R)Rtsetattr_optionR'taddattr_optionR+tdelattr_optionRRR*RDRRcRERFRGRHR/RT(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs:         ! ,  t LDAPCreatecBskeZdZeieifZdZeZ dZ dZ dZ dZ dZd ZdZRS( s% Create a new entry in LDAP. ccssx|iiD] }|VqW|iio|iiidtVnx%tti|iD] }|Vq`WdS(NR ( R&RRmtcloneRdRSRtCreatetget_args(RRtarg((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR^s  c Os|ii}|i||}|i|d||t|ii|d<|iio4|id}|i |ii|d|dRURR?tdn_attrt attrs_listRRaR((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytexecutes      44/         cOs|S(N((RR>R?RURiRFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt pre_callbacktscOs|S(N((RR>R?RURFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt post_callbackxscOs |dS(N((RRFRoR!RJRMRN((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt exc_callback|scCsdS(N((Rtkw((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytinteractive_prompt_callbackst takes_argscs9tfdiD}ti|d<|S(Nc3s(x!|]}|t|fVqWdS(N(R(RsR(R(s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pys s t takes_options(RRR[tget_json_options(RR((Rs;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs(Rp(RRRRRXRYRqR^tglobal_output_paramsthas_output_paramsRjRkRlRmRoRR(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR[s  c    t LDAPQuerycBs&eZdZdZdZdZRS(sJ Base class for commands that need to retrieve an existing entry. ccsyx|iiD] }|VqW|iio!|iiidtdtVnx%tti|iD] }|VqfWdS(NR R( R&RRmR\RdRSRtPKQueryR^(RRR_((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR^s  !Rpcs9tfdiD}ti|d<|S(Nc3s(x!|]}|t|fVqWdS(N(R(RsR(R(s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pys s Rq(RRR[Rr(RR((Rs;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs(s takes_args(RRRR^RR(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRus tLDAPMultiQuerycBs8eZdZeddddedfZdZRS(sU Base class for commands that need to retrieve one or more existing entries. tcontinueRRs&Continuous mode: Don't stop on errors.c csx|iiD] }|VqW|iio'|iiidtdtdtVnx%tti|iD] }|VqlWdS(NR RR( R&RRmR\RdRSRRvR^(RRR_((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR^s  (RRRRRRqR^(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRws  t LDAPRetrievecBsqeZdZeiZeZedde dde dfZ dZ dZ dZ d Zd ZRS( s! Retrieve an LDAP entry. RARtRightsRsWDisplay the access rights of this entry (requires --all). See ipa man page for details.c Os|ii}|ii||}|idtodg|ii}nIt|ii}|idto|i|iint |}x2|i dD]!}|||||||}qWy7|i |||i ||d|ii \}}Wn&tij o|ii|nX|idto*|idtot|||dR?RiRRU((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRjs:  & cOs|S(N((RR>R?RiRFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRkscOs|S(N((RR>R?RURFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRlscOs |dS(N((RRFRoR!RJRMRN((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRmscCsdS(N((RRn((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRos(RRRR tstandard_entryRURsRtRRRqRjRkRlRmRo(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRys    (   t LDAPUpdatec BseZdZeieieieddeddedfZ e Z dZ dZ dZd Zd Zd Zd ZRS( s Update an LDAP entry. RARRzRsWDisplay the access rights of this entry (requires --all). See ipa man page for details.c Csbt|ii|iii}|iddddtdtddtdtd|ii S( NtrenameRRRtRenameRs#Rename the %(ldap_obj_name)s objectR( RR&RRmR,t clone_renameRcRRR(Rtrdnparam((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyt_get_rename_options  ccsEx"tt|iD] }|VqW|iio|iVndS(N(RSR|RTR&RR(Rtoption((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRTs   c Os|ii}t|djotin|ii||}|i|}|i|||||idt odg|ii }n\t |ii }|i |i |idt o|i|iint|}t|i|t|ii|x5|idD]$}||||||||}q!Wt|iiiii|ii|i dtt|iiiii|ii|i dt t }yC|iioOd|joB|dptiddd d n|d||ii i!R?RURiRRtrdnkeysRI((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRj#st  44 #)  /" &cOs|S(N((RR>R?RURiRFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRkwscOs|S(N((RR>R?RURFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRl{scOs |dS(N((RRFRoR!RJRMRN((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRmscCsdS(N((RRn((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRos(RRRRRXRYRZRRRqRsRtRRTRjRkRlRmRo(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR|s    T   t LDAPDeletecBsJeZdZeiZeZdZdZ dZ dZ dZ RS(s@ Delete an LDAP entry and all of its direct subentries. c s\iifd}ii ptdttf odf}n d}g}g}t}xv|D]n}y||p t}nWn=ti j o.i dtpn|i |qX|i |qWiio@|ddj o/t dt ddi|ddi|St dt dd dd S( Ncsd |fii}x/idD]}||}q6Wfdy,ii|diiWnEtij oiin!ti j o|nXx/idD]}||}qW|S(NiRcst}xo|ogy(iddg|i\}}Wntij oPq Xx|D]\}}|qYWq Wy,ii|dii Wn&tij oii nXdS(NRR( RdRR9tSCOPE_ONELEVELRRR/t delete_entryR&RR(tbase_dnRt subentriestdn_RU(tdelete_subtreeRR>tnkeysRo(s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs" ,RR ( R&RuRR/RRRRRtNotAllowedOnNonLeaf(RR?RRK(RFRR>Ro(RRs;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs",iRxiRKRu,R^u(R&RRmRZR[R\RdRcRRLRlRvR9Rtjoin( RRFRoRtpkeyitertdeletedRRKR((RFRR>Ros;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRjs* ()  /cOs|S(N((RR>R?RFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRkscOstS(N(Rd(RR>R?RFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRlscOs |dS(N((RRFRoR!RJRMRN((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRmscCsdS(N((RRn((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRos( RRRR tstandard_deleteRURsRtRjRkRlRmRo(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs  B   t LDAPModMembercBs;eZdZdgZedZdZdZdZRS(s- Base class for member manipulation. Rscomma-separated list of %ss%i member processed.s%i members processed.ccsx"tt|iD] }|VqWx|iD]}x|ii|D]p}|ii|}t|}|i |i }t d|dd|d|dt d|i dtdtVqFWq/WdS( Ns%s*Rs%ssRRs member %stcsvt alwaysask(RSRRTtmember_attributesR&RRRR tmember_param_docRR RRRd(RRR&RRR,R((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRTs   c Ks(h}h}x|iD]}h|||id D]-}|||||||||\}}q=W||d <|ii|||td |d |d |S(NRit allow_sameiR,R4RQRR R?RPRRK(R&RRRuRRtadd_entry_to_groupRRRRRRvRRfRlRcRRtReRFRfRR[R/RYRRRRR(RRFRoR>t member_dnsRR?RRPR&tobjsRtm_dnRIRRiRU((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRj s`     " cOs|S(N((RR>R?tfoundt not_foundRFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRk]scOs ||fS(N((RR>RPRR?RURFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRlascOs |dS(N((RRFRoR!RJRMRN((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRmescCsdS(N((RRn((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRohs(s%i member added.s%i members added.(RRRRRRRcRR RtOutputRtintRURsRtRjRkRlRmRo(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR s"      =   tLDAPRemoveMemberc BseZdZedZdZeideidde dedeid de ded fZ e Z d Zd Zd ZdZdZRS(s+ Remove LDAP entries from members. s$comma-separated list of %s to removes%i member removed.s%i members removed.RKRR#Rs!Members that could not be removedRPsNumber of members removedcOs|ii}|i|\}}|ii||}x5|idD]$}||||||||}qFWd}x|iD]\} } x| iD]\} } x| D]} | pqny|i| || WnRtij oC}|i i | }|| | i |i | t |fqX|d7}qWqWqW|idtodg|ii}n\t|ii}|i|i|idto|i|iint|}tidy7|i|||i||d|ii\}}Wn&tij o|ii|nXx>|id D]-}|||||||||\}}qEW||d <|ii|||td |d |d |S(NRiiR,R4RQg333333?RR R?RPRRK( R&RRRuRRtremove_entry_from_groupRRRRRvRRfRlRcRRtReRFRfRR[RMRNR/RYRRRRR(RRFRoR>RRR?RRPR&RRtm_dnsRRIRRiRU((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRjsb      " cOs|S(N((RR>R?RRRFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRkscOs ||fS(N((RR>RPRR?RURFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRlscOs |dS(N((RRFRoR!RJRMRN((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRmscCsdS(N((RRn((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRos(s%i member removed.s%i members removed.(RRRRRRR RRRRRURsRtRjRkRlRmRo(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRls       A   cCs,tddtddtdt|S(Ns pkey_only?RsPrimary key onlyRs8Results should contain primary key attribute only ("%s")(RRR (R((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytgen_pkey_only_options   t LDAPSearchc Bs eZdZgZedZedZeZe ddeddeddd gd d d e e d deddeddd gd d d e fZ dZ dZ dZdZeZdZdZdZdZdZdZdZRS(s@ Retrieve all LDAP entries matching the given criteria. sKSearch for %(searched_object)s with these %(relationship)s %(ldap_object)s.sNSearch for %(searched_object)s without these %(relationship)s %(ldap_object)s.s timelimit?Rs Time LimitRsTime limit of search in secondsRt no_displaytminvalueitautofills sizelimit?s Size Limits"Maximum number of entries returnedc cshx|iiD] }|VqWtddtdtdVx%tti|iD] }|VqUWdS(Ns criteria?tnoextrawhitespaceRs3A string searched in all relevant object attributes( R&RR RcRRSRtSearchR^(RRR_((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR^s  c csJxC|ii|D]1}|ii|}|iii|dddg}|itd|iid|di d|i}d|d t |f}t d |d d |d |d|i dt V|itd|iid|di d|i}d|dt |f}t d |d d |d |d|i dt VqWdS(NRRRtsearched_objectt relationshipit ldap_objects%s%sis%s*Rs%ssRRRi(R&RRRRRltmember_param_incl_docRRR=R R RRdtmember_param_excl_doc(RR&RRRRR,((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytget_member_optionss*       ccsx"tt|iD] }|VqW|iio.d|iiijot|iiiVnx0|iD]%}x|i |D] }|VqWqjWdS(NRR( RSRRTR&RmRRRRR(RRR&((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRTs   c Ks1d}x$|iD]}x|ii|D]}|ii|}|iii|dddg}|d}|i|if} xt || D]\} } d| t |f} |i| oeg} x(|| D]}| i |i |qW|i || | }|i||f|i}qqWq'WqW|S(NRRRis%s%s(RR&RRRRRlt MATCH_ALLt MATCH_NONEtzipR RvRutmake_filter_from_attrtcombine_filters(RR>RotfilterR&RRRtparam_prefixestrulest param_prefixtrulet param_nameRRtflt((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pytget_member_filter$s,     %csGii}|d}iio'iiiii|d }n ii}i|}iioii}n ii }|i dt oii i g}nz|i dt odg|}nVt|}|i|i|i dt o|iiint|}iioii} n ii } iioj|id} | i iig} t| djo+t| dto| did} qnii|d <|i|d |i} h}x| D]} ||| ttermRt search_kwtdefattrsRit search_attrsRt config_attrst attr_filterRt term_filtert member_filterRtscopeRRRRRIRR?((Rs;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRj>s   '         '  "' cOs |||fS(N((RR>tfiltersRiRRRIRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRkscOs|S(N((RR>RRRIRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRlscOs |dS(N((RRIRoR!RJRMRN((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRmscCsdS(N((RRn((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRosRpcs9tfdiD}ti|d<|S(Nc3s(x!|]}|t|fVqWdS(N(R(RsR(R(s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pys s Rq(RRR[Rr(RR((Rs;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs(s takes_args(RRRRRRRRdRRRcRqR^RRTRRsRtRjRkRlRmRoRR(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs:              ]    tLDAPModReverseMembercBs8eZdZdgZedZdZeZdZ RS(s5 Base class for reverse member manipulation. Rscomma-separated list of %ss%i member processed.s%i members processed.ccsx"tt|iD] }|VqWx|iD]}xx|ii|D]f}|ii|}t|}|i |i }t d|dd|d|d|i dt dt VqFWq/WdS(Ns%s*Rs%ssRRRR(RSRRTtreverse_attributesR&treverse_membersRRR treverse_param_docRR RRd(RRR&RRR,R((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRTs   (s%i member processed.s%i members processed.( RRRRRRtreverse_count_outRsRtRT(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs   tLDAPAddReverseMemberc BseZdZedZdZdZdZdZ dZ e i de i ddedede i d deded fZeZd Zd Zd ZdZdZRS(s Add other LDAP entries to members in reverse. The call looks like "add A to B" but in fact executes add B to A to handle reverse membership. s!comma-separated list of %s to adds%i member added.s%i members added.RKRR#RsMembers that could not be addedRPsNumber of members addedcOsF|ii}|ii|i|dd}|d}x/|idD]}||||||}qGW|idtodg|ii}nIt |ii}|idto|i |ii nt |}|ii|i|dd}d} hhg|i 6d 6} xh|i|i pgD]M} yh|dd |i6}y|i|||ii|i| |}|d d jo| d } n6| d |i i| |d d |idd fWnftij oW} t| } | idd \} } | d |i i| t| ifnXWq3tij o-} | d |i i| t| fq3Xq3Wy"t||| |idt}Wn9tj o-} tidtddt| nXx>|idD]-}|||| | ||||\} }qW||dRKR?RRiRORPRR&RIRRU((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRjs\ !  !+9 3-") cOs|S(N((RR>R?RFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRk&scOs ||fS(N((RR>RPRR?RURFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRl*scOs |dS(N((RRFRoR!RJRMRN((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRm.scCsdS(N((RRn((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRo1s(s%i member added.s%i members added.N(RRRRRRR9RQRRRR RRRRRURsRtRjRkRlRmRo(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRs(      >   tLDAPRemoveReverseMemberc BseZdZedZdZdZdZdZ dZ e i de i ddedede i d deded fZeZd Zd Zd ZdZdZRS(s Remove other LDAP entries from members in reverse. The call looks like "remove A from B" but in fact executes remove B from A to handle reverse membership. s$comma-separated list of %s to removes%i member removed.s%i members removed.RKRR#Rs!Members that could not be removedRPsNumber of members removedcOsF|ii}|ii|i|dd}|d}x/|idD]}||||||}qGW|idtodg|ii}nIt |ii}|idto|i |ii nt |}|ii|i|dd}d} hhg|i 6d 6} xh|i|i pgD]M} yh|dd |i6}y|i|||ii|i| |}|d d jo| d } n6| d |i i| |d d |idd fWnftij oW} t| } | idd \} } | d |i i| t| ifnXWq3tij o-} | d |i i| t| fq3Xq3Wy"t||| |idt}Wn9tj o-} tidtddt| nXx>|idD]-}|||| | ||||\} }qW||dRKR?RRiRORPRR&RIRRU((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRjQs\ !  !+9 3-") cOs|S(N((RR>R?RFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRkscOs ||fS(N((RR>RPRR?RURFRo((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRlscOs |dS(N((RRFRoR!RJRMRN((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRmscCsdS(N((RRn((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyRos(s%i member removed.s%i members removed.N(RRRRRRR9RQRRRR RRRRRURsRtRjRkRlRmRo(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyR4s(      >   (HRR.tjsonRMtcopyRR1tipalibRRRRRRRRR t ipalib.baseR t ipalib.cliR R R t ipalib.textRt ipalib.utilRRt ipapython.dnRRRsR'R)R+R$R9R:RJRdRVR`Rhtexternal_host_paramRqRRRRRRRRRR]R[RvRuRwRytUpdateR|RRRRRRRRRR(((s;/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.pyts"                                                                                            , #      9     %4EY+be i