diff options
author | Brian May <bam@debian.org> | 2015-12-15 17:04:32 +1100 |
---|---|---|
committer | Brian May <bam@debian.org> | 2015-12-15 17:04:32 +1100 |
commit | 8e2c1076e1c13f6b7a8b576443c3903a618004e4 (patch) | |
tree | a6f2d9e46b5dc76d16b3ebed19b286ded906c622 /ldap3/extend/microsoft | |
parent | a2ec7f5e5025fb3a1f2b75fa04c8c67159a89d77 (diff) |
Import python-ldap3_1.0.2.orig.tar.gz
Diffstat (limited to 'ldap3/extend/microsoft')
-rw-r--r-- | ldap3/extend/microsoft/dirSync.py | 178 | ||||
-rw-r--r-- | ldap3/extend/microsoft/modifyPassword.py | 30 |
2 files changed, 117 insertions, 91 deletions
diff --git a/ldap3/extend/microsoft/dirSync.py b/ldap3/extend/microsoft/dirSync.py index 6b48460..6e50bb5 100644 --- a/ldap3/extend/microsoft/dirSync.py +++ b/ldap3/extend/microsoft/dirSync.py @@ -1,91 +1,87 @@ -""" -""" - -# Created on 2015.10.21 -# -# Author: Giovanni Cannata -# -# Copyright 2015 Giovanni Cannata -# -# This file is part of ldap3. -# -# ldap3 is free software: you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as published -# by the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# ldap3 is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public License -# along with ldap3 in the COPYING and COPYING.LESSER files. -# If not, see <http://www.gnu.org/licenses/>. - -from ...core.exceptions import LDAPExtensionError -from ...protocol.microsoft import dir_sync_control, extended_dn_control, show_deleted_control -from ... import SUBTREE, DEREF_NEVER -#from ...utils.asn1 import decode_sequence - - -class DirSync(object): - def __init__(self, - connection, - sync_base, - sync_filter, - attributes, - cookie, - object_security, - ancestors_first, - public_data_only, - incremental_values, - max_length, - hex_guid - ): - self.connection = connection - self.base = sync_base - self.filter = sync_filter - self.attributes = attributes - self.cookie = cookie - self.object_security = object_security - self.ancestors_first = ancestors_first - self.public_data_only = public_data_only - self.incremental_values = incremental_values - self.max_length = max_length - self.hex_guid = hex_guid - self.more_results = True - - def loop(self): - result = self.connection.search(search_base=self.base, - search_filter=self.filter, - search_scope=SUBTREE, - attributes=self.attributes, - dereference_aliases=DEREF_NEVER, - controls=[dir_sync_control(criticality=True, - object_security=self.object_security, - ancestors_first=self.ancestors_first, - public_data_only=self.public_data_only, - incremental_values=self.incremental_values, - max_length=self.max_length, cookie=self.cookie), - extended_dn_control(criticality=False, hex_format=self.hex_guid), - show_deleted_control(criticality=False)] - ) - if not self.connection.strategy.sync: - response, result = self.connection.get_response(result) - else: - response = self.connection.response - result = self.connection.result - - if result['description'] == 'success' and 'controls' in result and '1.2.840.113556.1.4.841' in result['controls']: - # decoded_value = decode_sequence(result['controls']['1.2.840.113556.1.4.841']['value'], 0, len(result['controls']['1.2.840.113556.1.4.841']['value'])) - #self.more_results = True if decoded_value[0][3][0][3] else False # more_result if nonzero - #self.cookie = decoded_value[0][3][2][3] # cookie returned by the fast decoder - self.more_results = result['controls']['1.2.840.113556.1.4.841']['value']['more_results'] - self.cookie = result['controls']['1.2.840.113556.1.4.841']['value']['cookie'] - return response - elif 'controls' in result: - raise LDAPExtensionError('Missing DirSync control in response from server') - else: - raise LDAPExtensionError('error %r in DirSync' % result) - +"""
+"""
+
+# Created on 2015.10.21
+#
+# Author: Giovanni Cannata
+#
+# Copyright 2015 Giovanni Cannata
+#
+# This file is part of ldap3.
+#
+# ldap3 is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ldap3 is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ldap3 in the COPYING and COPYING.LESSER files.
+# If not, see <http://www.gnu.org/licenses/>.
+
+from ...core.exceptions import LDAPExtensionError
+from ...protocol.microsoft import dir_sync_control, extended_dn_control, show_deleted_control
+from ... import SUBTREE, DEREF_NEVER
+
+
+class DirSync(object):
+ def __init__(self,
+ connection,
+ sync_base,
+ sync_filter,
+ attributes,
+ cookie,
+ object_security,
+ ancestors_first,
+ public_data_only,
+ incremental_values,
+ max_length,
+ hex_guid
+ ):
+ self.connection = connection
+ self.base = sync_base
+ self.filter = sync_filter
+ self.attributes = attributes
+ self.cookie = cookie
+ self.object_security = object_security
+ self.ancestors_first = ancestors_first
+ self.public_data_only = public_data_only
+ self.incremental_values = incremental_values
+ self.max_length = max_length
+ self.hex_guid = hex_guid
+ self.more_results = True
+
+ def loop(self):
+ result = self.connection.search(search_base=self.base,
+ search_filter=self.filter,
+ search_scope=SUBTREE,
+ attributes=self.attributes,
+ dereference_aliases=DEREF_NEVER,
+ controls=[dir_sync_control(criticality=True,
+ object_security=self.object_security,
+ ancestors_first=self.ancestors_first,
+ public_data_only=self.public_data_only,
+ incremental_values=self.incremental_values,
+ max_length=self.max_length, cookie=self.cookie),
+ extended_dn_control(criticality=False, hex_format=self.hex_guid),
+ show_deleted_control(criticality=False)]
+ )
+ if not self.connection.strategy.sync:
+ response, result = self.connection.get_response(result)
+ else:
+ response = self.connection.response
+ result = self.connection.result
+
+ if result['description'] == 'success' and 'controls' in result and '1.2.840.113556.1.4.841' in result['controls']:
+ self.more_results = result['controls']['1.2.840.113556.1.4.841']['value']['more_results']
+ self.cookie = result['controls']['1.2.840.113556.1.4.841']['value']['cookie']
+ return response
+ elif 'controls' in result:
+ raise LDAPExtensionError('Missing DirSync control in response from server')
+ else:
+ raise LDAPExtensionError('error %r in DirSync' % result)
+
diff --git a/ldap3/extend/microsoft/modifyPassword.py b/ldap3/extend/microsoft/modifyPassword.py new file mode 100644 index 0000000..91c67f8 --- /dev/null +++ b/ldap3/extend/microsoft/modifyPassword.py @@ -0,0 +1,30 @@ +from ... import MODIFY_REPLACE, RESULT_SUCCESS, MODIFY_DELETE, MODIFY_ADD +from ...utils.log import log, log_enabled, PROTOCOL + + +def modify_ad_password(connection, user_dn, old_password, new_password): + # old password must be None to reset password with sufficient privileges + encoded_new_password = ('"%s"' % new_password).encode('utf-16-le') + if old_password: # normal users must specify old and new password + encoded_old_password = ('"%s"' % old_password).encode('utf-16-le') + result = connection.modify(user_dn, {'unicodePwd': [(MODIFY_DELETE, [encoded_old_password]), + (MODIFY_ADD, [encoded_new_password])]}) + else: # admin users can reset password without sending the old one + result = connection.modify(user_dn, {'unicodePwd': [(MODIFY_REPLACE, [encoded_new_password])]}) + if not connection.strategy.sync: + _, result = connection.get_response(result) + else: + result = connection.result + + # change successful, returns True + if result['result'] == RESULT_SUCCESS: + return True + + # change was not successful, raises exception if raise_exception = True in connection or returns the operation result, error code is in result['result'] + if connection.raise_exceptions: + from ... import LDAPOperationResult + if log_enabled(PROTOCOL): + log(PROTOCOL, 'operation result <%s> for <%s>', result, connection) + raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) + + return result |