; BFc@s,dZdZdkZdkZdkZdkZdkZdkZy dk ZWne j onXdk l Z dZ dZdZdZdZd Zd Zd Zd Zd ZdZdddddddddddddddddd d!d"d#gZd$Zd%e fd&YZd'fd(YZdS()s: ldapsession.py - higher-level class for handling LDAP connections (c) by Michael Stroeder This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) $Id: ldapsession.py,v 1.264 2007/06/25 13:21:06 michael Exp $ s0.11.1N(sReconnectLDAPObjectiiis1.3.18.0.2.10.23s1.3.6.1.4.1.4203.666.5.15s1.3.6.1.4.1.7628.5.101.1s2.16.840.1.113730.3.4.2s1.3.6.1.4.1.4203.666.5.12s1.3.18.0.2.10.15s1.3.6.1.4.1.4203.1.10.1s1.2.840.113556.1.4.805s altServersnamingContextssogSupportedProfilessubschemaSubentryssupportedControlssupportedFeaturesssupportedLDAPVersionssupportedSASLMechanismss vendorNames vendorVersions auditContexts configContextsmonitorContextsconfigurationNamingContextsdefaultNamingContexts defaultRnrDNs dnsHostNamesschemaNamingContextssupportedCapabilitiesssupportedLDAPPoliciessibm-configurationnamingcontextixs LDAPObjectcBstZdeddZdZdZdZddZddZeed Z eed Z eed Z eed Z eed Z edeedZdedeedddZeedZRS(Niic Cshdg<dg<dg<dg<dg<dg<dg<dg<d g<d g<d g<|_ti|||||d d ddSdS(Ns__all__s__read__s __write__s abandon_extsadd_exts compare_exts delete_exts modify_extsrenames search_exts unbind_exts retry_maxis retry_delayf20.0(sselfs _serverctrlssReconnectLDAPObjects__init__suris trace_levels trace_filestrace_stack_limit(sselfsuris trace_levels trace_filestrace_stack_limit((s./pylib/ldapsession.pys__init__Gsl cCs3h}x"|i|D]}|||iti|||p!|id|id|id|SdS(Ns__all__s __write__s delete_ext(sReconnectLDAPObjects delete_extsselfsdns serverctrlss _serverctrlss clientctrls(sselfsdns serverctrlss clientctrls((s./pylib/ldapsession.pys delete_exts 'cCsAti||||p!|id|id|id|SdS(Ns__all__s __write__s modify_ext(sReconnectLDAPObjects modify_extsselfsdnsmodlists serverctrlss _serverctrlss clientctrls(sselfsdnsmodlists serverctrlss clientctrls((s./pylib/ldapsession.pys modify_exts'ic CsGti||||||p!|id|id|id|SdS(Ns__all__s __write__srename( sReconnectLDAPObjectsrenamesselfsdnsnewrdns newsuperiorsdelolds serverctrlss _serverctrlss clientctrls(sselfsdnsnewrdns newsuperiorsdelolds serverctrlss clientctrls((s./pylib/ldapsession.pysrenames's(objectClass=*)ic CsPti|||||||p!|i d|i d|i d||| SdS(Ns__all__s__read__s search_ext( sReconnectLDAPObjects search_extsselfsbasesscopes filterstrsattrlists attrsonlys serverctrlss _serverctrlss clientctrlsstimeouts sizelimit( sselfsbasesscopes filterstrsattrlists attrsonlys serverctrlss clientctrlsstimeouts sizelimit((s./pylib/ldapsession.pys search_exts'cCs0ti||p|id|id|SdS(Ns__all__s unbind_ext(sReconnectLDAPObjects unbind_extsselfs serverctrlss _serverctrlss clientctrls(sselfs serverctrlss clientctrls((s./pylib/ldapsession.pys unbind_exts (s__name__s __module__sNones__init__s_get_server_ctrlssadd_server_controlsdel_server_controls manage_dsa_its manage_dits abandon_extsadd_exts compare_exts delete_exts modify_extsrenames search_exts unbind_ext(((s./pylib/ldapsession.pys LDAPObjectEs    s LDAPSessioncBsvtZdZededZdZdddddZedZdZ dddddZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZedddZeddddZddZdZdZdZdZeddZd Z d!Z!d"dd#Z"d$Z#d%Z$RS(&s0 Class for handling LDAP connection objects icCst|_h|_|id||_|pti |_ d|_ h|_ h|_ h|_h|_d|_d|_d|_||_dS(sInitialize a LDAPSession objectusutf-8i<iiN(sNonesselfsurisnamingContextsDictssetDNs traceLevels _traceLevels traceFilessyssstdouts _traceFilescharsetsrootDSEs read_cachesschema_dn_caches schema_cachestimeouts onlyAttrTypesssupportsAllOpAttrs on_behalfsonBehalf(sselfs on_behalfs traceLevels traceFile((s./pylib/ldapsession.pys__init__s            cCsF|iititiy|iiddWntitifj ot |_ nti j o|ii |`t |i|i|i|_|iititi|iiti|i|iiddt |_ nQtij o}t |_ n1tij o}t |_ |n Xt |_ dSdS(sc Try to determine the highest supported protocol version by trying to bind anonymously sN(sselfsls set_optionsldapsOPT_PROTOCOL_VERSIONsVERSION3s simple_bind_ssINVALID_CREDENTIALSsINAPPROPRIATE_AUTHsNoneswhosPROTOCOL_ERRORsunbind_ss LDAPObjectsuris _traceLevels _traceFilesVERSION2sOPT_NETWORK_TIMEOUTstimeoutsINSUFFICIENT_ACCESSses LDAPError(sselfse((s./pylib/ldapsession.pys_supportedLDAPVersions(      scCsxtiofxcti|fti|fti|fti|ffD]'\}}|oti ||qAqAWndSdS(N( sldaps TLS_AVAILsOPT_X_TLS_CACERTDIRs tls_cacertdirsOPT_X_TLS_CACERTFILEstls_cacertfilesOPT_X_TLS_CERTFILEs tls_certfilesOPT_X_TLS_KEYFILEs tls_keyfilesldap_optsldap_opt_values set_option(sselfs tls_cacertdirstls_cacertfiles tls_certfiles tls_keyfilesldap_optsldap_opt_value((s./pylib/ldapsession.pys setTLSOptionss  7 cCs|o|iititi|iiti|y|iiWnoti ti fj od|_ qt j o9}d|_ ti hdt|<dd<qXd|_ n d|_ dSdS(s"StartTLS if possible and requestedisdescsinfos4python-ldap installation is lacking StartTLS supportiN(sstartTLSOptionsselfsls set_optionsldapsOPT_PROTOCOL_VERSIONsVERSION3s OPT_X_TLSs start_tls_ss SERVER_DOWNs CONNECT_ERRORs secureConnsAttributeErrorsesstr(sselfsstartTLSOptionse((s./pylib/ldapsession.pys startTLSExtOp s  ,  cCsx|o|diid}yKt||i|i|_||_|ii t i |i |i Wn>t ij o/|i|id|oqqqXPqWdS(Nisascii(suri_listsstripsencodesuris LDAPObjectsselfs _traceLevels _traceFilesls set_optionsldapsOPT_NETWORK_TIMEOUTstimeouts_supportedLDAPVersions SERVER_DOWNsunbindspop(sselfsuri_listsuri((s./pylib/ldapsession.pys _initialize"s   c Cs?|pttd|iit|titi ti gjptt d||_ t|titi gjo |g}n!t|ti jo |}n|i|||||i||iiido|i|n@|iiidp|iiido d|_ndSdS(s  Open a LDAP connection with separate DNS lookup uri Either a (Unicode) string or a list of strings containing LDAP URLs of host(s) to connect to. If host is a list connecting is tried until a connect to a host in the list was successful. s/No host string or list specified for %s.open().s>Parameter uri must be either list of strings or single string.sldap:sldaps:sldapi:iN(surisAssertionErrors ValueErrorsselfs __class__s__name__stypestypess StringTypes UnicodeTypesListTypes TypeErrorstimeoutsuri_lists setTLSOptionss tls_cacertdirstls_cacertfiles tls_certfiles tls_keyfiles _initializeslowers startswiths startTLSExtOpsstartTLSs secureConn( sselfsuristimeoutsstartTLSs tls_cacertdirstls_cacertfiles tls_certfiles tls_keyfilesuri_list((s./pylib/ldapsession.pysopen7s!5    2 cCst|doFy|ii|`WqVtij oqVtj oqVXnt|_h|_ h|_ |i dSdS(s)Close LDAP connection object if necessaryslN( shasattrsselfslsunbind_ssldaps LDAPErrorsAttributeErrorsNonesurisschema_dn_caches schema_caches flushCache(sself((s./pylib/ldapsession.pysunbind[s       c Cs?y|iddg}Wn=titititititi fj o g} nX|og} |ddi dg}x|D]u}y|idd\}}Wntj oqX| igi}|idD]}||iq~qWng} gi}| D]}|t||iq~SdS(s^ Try to read entry cn=config attribute database from UMich LDAPv2 server derivate s cn=configsdatabaseiis : N(sselfs readEntrys ldap_resultsldapsNO_SUCH_OBJECTsPARTIAL_RESULTSsUNDEFINED_TYPEsINAPPROPRIATE_MATCHINGsINSUFFICIENT_ACCESSsOPERATIONS_ERRORsresultsgetslsdssplitsdbtypesbasedns ValueErrorsextendsappends_[1]sdnsstripsisunicodescharset( sselfsdnsdsdbtypesbasednsls_[1]sis ldap_resultsresult((s./pylib/ldapsession.pysgetUmichConfigms"2 EcCsh|_d|_h|_dS(sForget all old RootDSE valuesiN(sselfsrootDSEssupportsAllOpAttrsnamingContextsDict(sself((s./pylib/ldapsession.pys_forgetRootDSEAttrss  cCs|iiSdS(N(sselfsnamingContextsDictskeys(sself((s./pylib/ldapsession.pysgetNamingContextsscCs8x-|D]%}tii|}t|i|s,suriswhosdnsonBehalfs startedTLSs%s:%s( shasattrsselfslsprotocol_versionsconnection_strsjoinsappends_[1]sasreprsgetattr(sselfsas_[1]sconnection_str((s./pylib/ldapsession.pys__repr__s(%s__name__s __module__s__doc__sNones__init__s_supportedLDAPVersions setTLSOptionss START_TLS_TRYs startTLSExtOps _initializesopensunbindsgetUmichConfigs_forgetRootDSEAttrssgetNamingContextss_updateNamingContextss_setRootDSEAttrss getRootDSEs getSearchRoots isLeafEntrys subOrdinatessgetObjectClassesssearchSubSchemaEntryDNsretrieveSubSchemasgetAttributeTypess readEntrys existingEntrys flushCaches uncacheEntrysaddEntrys modifyEntrys renameEntrys deleteEntryssetDNsbindsvalids__repr__(((s./pylib/ldapsession.pys LDAPSessionsB  !  $  !        1   '       ? (s__doc__s __version__ssysstimestypessldaps ldap.cidicts ldaputil.basesldaputils ldap.sasls ImportErrorsldap.ldapobjectsReconnectLDAPObjects START_TLS_NOs START_TLS_TRYsSTART_TLS_REQUIREDsCONTROL_DONOTREPLICATEsCONTROL_DONTUSECOPYsCONTROL_LDUP_SUBENTRIESsCONTROL_MANAGEDSAITsCONTROL_RELAXRULESsCONTROL_SERVERADMINISTRATIONsCONTROL_SUBENTRIESsCONTROL_TREEDELETEs ROOTDSE_ATTRSsREAD_CACHE_EXPIREs LDAPObjects LDAPSession(s LDAPSessionsCONTROL_DONTUSECOPYsCONTROL_SUBENTRIESsldaputilsCONTROL_MANAGEDSAITs ROOTDSE_ATTRSsSTART_TLS_REQUIREDsReconnectLDAPObjectsCONTROL_RELAXRULESs START_TLS_NOsCONTROL_TREEDELETEsCONTROL_SERVERADMINISTRATIONsldaps __version__sREAD_CACHE_EXPIREs LDAPObjectssyssCONTROL_DONOTREPLICATEs START_TLS_TRYstypesstimesCONTROL_LDUP_SUBENTRIES((s./pylib/ldapsession.pys? s,6  Ep