%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/modules/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/modules/ldap3.pyc

�
���^c@@s_dZddlmZmZmZddlZddlZe�ZyAddl	Z	ddl
Z	ddlZ	ddlZ	ej
d�Wnek
r�nXddlZddlmZeje�Zd�Zdefd��YZd	�Zdd
�Zd�Zdefd
��YZdd�Zddddd�Z d�Z
d�Z!d�Z"d�Z#dS(u2
Query and modify an LDAP database (alternative interface)
=========================================================

.. versionadded:: 2016.3.0

This is an alternative to the ``ldap`` interface provided by the
:py:mod:`ldapmod <salt.modules.ldapmod>` execution module.

:depends: - ``ldap`` Python module
i(tabsolute_importtprint_functiontunicode_literalsNuldap(tsixcC@sttt��S(u:Only load this module if the Python ldap module is present(tbooltlentavailable_backends(((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyt__virtual__"st	LDAPErrorcB@seZdZdd�ZRS(uBase class of all LDAP exceptions raised by backends.

    This is only used for errors encountered while interacting with
    the LDAP server; usage errors (e.g., invalid backend name) will
    have a different type.

    :ivar cause: backend exception object, if applicable
    cC@s#tt|�j|�||_dS(N(tsuperRt__init__tcause(tselftmessageR((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyR
0sN(t__name__t
__module__t__doc__tNoneR
(((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyR'scC@s^djt|��|f}tjrDtjt|tj�d�ntjt|�|�dS(u?Convert an ldap backend exception to an LDAPError and raise it.uexception in ldap backend: {0}iN(	tformattreprRtPY2treraiseRtsystexc_infot
raise_from(tetargs((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyt_convert_exception5s	 cC@s|dkrdS|jdd�}|dkr2dS|dkri|j|jdd�|jdd��n�|dkrttj|jdd	�j��}|jd
d�}|dkr�i}n||jdg�|jdi��}|j|jdd�|�ntd
|d��dS(uBind helper.Numethodusimpleudnuupasswordusaslu	mechanismuEXTERNALucredentialsuargsukwargsuunsupported bind method "u&"; supported bind methods: simple sasl(	Rtgett
simple_bind_stgetattrtldaptsasltlowertsasl_interactive_bind_st
ValueError(tltbindtmethodt
sasl_classtcredstauth((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyt_bind>s"+		'cC@sdj|�jd�S(u%Formats a string per Microsoft AD password specifications.
    The string must be enclosed in double quotes and UTF-16 encoded.
    See: https://msdn.microsoft.com/en-us/library/cc223248.aspx

    :param pwd:
       The desired password as a string

    :returns:
        A unicode string
    u"{0}"u	utf-16-le(Rtencode(tpwd((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyt_format_unicode_passwordTst_connect_ctxcB@s#eZd�Zd�Zd�ZRS(cC@s
||_dS(N(tc(RR/((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyR
cscC@s|S(N((R((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyt	__enter__fscG@sdS(N((Rtexc((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyt__exit__is(RRR
R0R2(((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyR.bs		cC@sqt|t�r|S|dkr(i}n|jdd�}|tkrbtddj|���n|jdd�}y�tj|�}tj	|_
|jdd�}|dkr�i}ni}x�tj|�D]�\}}|dkr�t
||<q�|dkr9|jttd|j��ttd|j���q�|jttd|j��|�q�W|jdt�r|j�n|jd	t�r�|jtjd
�n|jtjd
�|jdd�}|dkr�i}nxFtj|�D]5\}}ttd|j��}	|j|	|�q�Wt||jdd��Wn tjk
rf}
t|
�nXt|�S(u�Connect and optionally bind to an LDAP server.

    :param connect_spec:
        This can be an LDAP connection object returned by a previous
        call to :py:func:`connect` (in which case the argument is
        simply returned), ``None`` (in which case an empty dict is
        used), or a dict with the following keys:

        * ``'backend'``
            Optional; default depends on which Python LDAP modules are
            installed.  Name of the Python LDAP module to use.  Only
            ``'ldap'`` is supported at the moment.

        * ``'url'``
            Optional; defaults to ``'ldapi:///'``.  URL to the LDAP
            server.

        * ``'bind'``
            Optional; defaults to ``None``.  Describes how to bind an
            identity to the LDAP connection.  If ``None``, an
            anonymous connection is made.  Valid keys:

            * ``'method'``
                Optional; defaults to ``None``.  The authentication
                method to use.  Valid values include but are not
                necessarily limited to ``'simple'``, ``'sasl'``, and
                ``None``.  If ``None``, an anonymous connection is
                made.  Available methods depend on the chosen backend.

            * ``'mechanism'``
                Optional; defaults to ``'EXTERNAL'``.  The SASL
                mechanism to use.  Ignored unless the method is
                ``'sasl'``.  Available methods depend on the chosen
                backend and the server's capabilities.

            * ``'credentials'``
                Optional; defaults to ``None``.  An object specific to
                the chosen SASL mechanism and backend that represents
                the authentication credentials.  Ignored unless the
                method is ``'sasl'``.

                For the ``'ldap'`` backend, this is a dictionary.  If
                ``None``, an empty dict is used.  Keys:

                * ``'args'``
                    Optional; defaults to an empty list.  A list of
                    arguments to pass to the SASL mechanism
                    constructor.  See the SASL mechanism constructor
                    documentation in the ``ldap.sasl`` Python module.

                * ``'kwargs'``
                    Optional; defaults to an empty dict.  A dict of
                    keyword arguments to pass to the SASL mechanism
                    constructor.  See the SASL mechanism constructor
                    documentation in the ``ldap.sasl`` Python module.

            * ``'dn'``
                Optional; defaults to an empty string.  The
                distinguished name to bind.

            * ``'password'``
                Optional; defaults to an empty string.  Password for
                binding.  Ignored if the method is ``'sasl'``.

        * ``'tls'``
            Optional; defaults to ``None``.  A backend-specific object
            containing settings to override default TLS behavior.

            For the ``'ldap'`` backend, this is a dictionary.  Not all
            settings in this dictionary are supported by all versions
            of ``python-ldap`` or the underlying TLS library.  If
            ``None``, an empty dict is used.  Possible keys:

            * ``'starttls'``
                If present, initiate a TLS connection using StartTLS.
                (The value associated with this key is ignored.)

            * ``'cacertdir'``
                Set the path of the directory containing CA
                certificates.

            * ``'cacertfile'``
                Set the pathname of the CA certificate file.

            * ``'certfile'``
                Set the pathname of the certificate file.

            * ``'cipher_suite'``
                Set the allowed cipher suite.

            * ``'crlcheck'``
                Set the CRL evaluation strategy.  Valid values are
                ``'none'``, ``'peer'``, and ``'all'``.

            * ``'crlfile'``
                Set the pathname of the CRL file.

            * ``'dhfile'``
                Set the pathname of the file containing the parameters
                for Diffie-Hellman ephemeral key exchange.

            * ``'keyfile'``
                Set the pathname of the certificate key file.

            * ``'newctx'``
                If present, instruct the underlying TLS library to
                create a new TLS context.  (The value associated with
                this key is ignored.)

            * ``'protocol_min'``
                Set the minimum protocol version.

            * ``'random_file'``
                Set the pathname of the random file when
                ``/dev/random`` and ``/dev/urandom`` are not
                available.

            * ``'require_cert'``
                Set the certificate validation policy.  Valid values
                are ``'never'``, ``'hard'``, ``'demand'``,
                ``'allow'``, and ``'try'``.

        * ``'opts'``
            Optional; defaults to ``None``.  A backend-specific object
            containing options for the backend.

            For the ``'ldap'`` backend, this is a dictionary of
            OpenLDAP options to set.  If ``None``, an empty dict is
            used.  Each key is a the name of an OpenLDAP option
            constant without the ``'LDAP_OPT_'`` prefix, then
            converted to lower case.

    :returns:
        an object representing an LDAP connection that can be used as
        the ``connect_spec`` argument to any of the functions in this
        module (to avoid the overhead of making and terminating
        multiple connections).

        This object should be used as a context manager.  It is safe
        to nest ``with`` statements.

    CLI example:

    .. code-block:: bash

        salt '*' ldap3.connect "{
            'url': 'ldaps://ldap.example.com/',
            'bind': {
                'method': 'simple',
                'dn': 'cn=admin,dc=example,dc=com',
                'password': 'secret'}
        }"
    ubackenduldapu-unsupported backend or required Python moduleu unavailable: {0}uurlu	ldapi:///utlsustarttlsunewctxucrlcheckurequire_certu
OPT_X_TLS_iuoptsuOPT_ubindN(ustarttlsunewctx(ucrlcheckurequire_cert(t
isinstanceR.RRRR#RRt
initializetVERSION3tprotocol_versionRt	iteritemstTruet
set_optionRtuppertFalsetstart_tls_stOPT_X_TLS_NEWCTXt
OPT_REFERRALSR*RR(tconnect_spectbackend_nameturlR$ttlstvarstktvtoptstoptR((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pytconnectmsL�		
'
	usubtreeu(objectClass=*)c	C@s�t|�}ttd|j��}y"|jj|||||�}Wn9tjk
rcg}n tjk
r�}t|�nXt	|�S(u�Search an LDAP database.

    :param connect_spec:
        See the documentation for the ``connect_spec`` parameter for
        :py:func:`connect`.

    :param base:
        Distinguished name of the entry at which to start the search.

    :param scope:
        One of the following:

        * ``'subtree'``
            Search the base and all of its descendants.

        * ``'base'``
            Search only the base itself.

        * ``'onelevel'``
            Search only the base's immediate children.

    :param filterstr:
        String representation of the filter to apply in the search.

    :param attrlist:
        Limit the returned attributes to those in the specified list.
        If ``None``, all attributes of each entry are returned.

    :param attrsonly:
        If non-zero, don't return any attribute values.

    :returns:
        a dict of results.  The dict is empty if there are no results.
        The dict maps each returned entry's distinguished name to a
        dict that maps each of the matching attribute names to a list
        of its values.

    CLI example:

    .. code-block:: bash

        salt '*' ldap3.search "{
            'url': 'ldaps://ldap.example.com/',
            'bind': {
                'method': 'simple',
                'dn': 'cn=admin,dc=example,dc=com',
                'password': 'secret',
            },
        }" "base='dc=example,dc=com'"
    uSCOPE_(
RHRRR:R/tsearch_stNO_SUCH_OBJECTRRtdict(	R?tbasetscopet	filterstrtattrlistt	attrsonlyR$tresultsR((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pytsearch5s4"	cC@s�t|�}td�tj|�D��}tjdt|�t|��d|kr�g|dD]}t|�^qa|d<ntj	j
|�f}y|jj||�Wn tj
k
r�}t|�nXtS(u�Add an entry to an LDAP database.

    :param connect_spec:
        See the documentation for the ``connect_spec`` parameter for
        :py:func:`connect`.

    :param dn:
        Distinguished name of the entry.

    :param attributes:
        Non-empty dict mapping each of the new entry's attributes to a
        non-empty iterable of values.

    :returns:
        ``True`` if successful, raises an exception otherwise.

    CLI example:

    .. code-block:: bash

        salt '*' ldap3.add "{
            'url': 'ldaps://ldap.example.com/',
            'bind': {
                'method': 'simple',
                'password': 'secret',
            },
        }" "dn='dc=example,dc=com'" "attributes={'example': 'values'}"
    cs@s6|],\}}|tjjjt|��fVqdS(N(tsalttutilstdataR+tlist(t.0tattrtvals((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pys	<genexpr>�su#adding entry: dn: %s attributes: %su
unicodePwd(RHRKRR7tlogtinfoRR-Rtmodlistt
addModlistR/tadd_sRRR8(R?tdnt
attributesR$txR\R((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pytaddts	*cC@s]t|�}tjdt|��y|jj|�Wn tjk
rX}t|�nXt	S(u6Delete an entry from an LDAP database.

    :param connect_spec:
        See the documentation for the ``connect_spec`` parameter for
        :py:func:`connect`.

    :param dn:
        Distinguished name of the entry.

    :returns:
        ``True`` if successful, raises an exception otherwise.

    CLI example:

    .. code-block:: bash

        salt '*' ldap3.delete "{
            'url': 'ldaps://ldap.example.com/',
            'bind': {
                'method': 'simple',
                'password': 'secret'}
        }" dn='cn=admin,dc=example,dc=com'
    udeleting entry: dn: %s(
RHRZR[RR/tdelete_sRRRR8(R?R_R$R((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pytdelete�scC@st|�}g|D]7\}}}ttd|j��|t|�f^q}xet|�D]W\}}	|	ddkr]|	d|	dg|	dD]}
t|
�^q�f||<q]q]Wtjj	j
|dtdt�}y|jj
||�Wn tjk
r}t|�nXtS(u�Modify an entry in an LDAP database.

    :param connect_spec:
        See the documentation for the ``connect_spec`` parameter for
        :py:func:`connect`.

    :param dn:
        Distinguished name of the entry.

    :param directives:
        Iterable of directives that indicate how to modify the entry.
        Each directive is a tuple of the form ``(op, attr, vals)``,
        where:

        * ``op`` identifies the modification operation to perform.
          One of:

          * ``'add'`` to add one or more values to the attribute

          * ``'delete'`` to delete some or all of the values from the
            attribute.  If no values are specified with this
            operation, all of the attribute's values are deleted.
            Otherwise, only the named values are deleted.

          * ``'replace'`` to replace all of the attribute's values
            with zero or more new values

        * ``attr`` names the attribute to modify

        * ``vals`` is an iterable of values to add or delete

    :returns:
        ``True`` if successful, raises an exception otherwise.

    CLI example:

    .. code-block:: bash

        salt '*' ldap3.modify "{
            'url': 'ldaps://ldap.example.com/',
            'bind': {
                'method': 'simple',
                'password': 'secret'}
        }" dn='cn=admin,dc=example,dc=com'
        directives="('add', 'example', ['example_val'])"
    uMOD_iu
unicodePwdiitto_strtpreserve_tuples(RHRRR:RVt	enumerateR-RSRTRUtdecodeR8R/tmodify_sRR(R?R_t
directivesR$topRXRYR\tidxtmodRaR((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pytmodify�s/A1!cC@s�t|�}td�tj|�D��}td�tj|�D��}d|kr�g|dD]}t|�^qa|d<ntjj||�}y|jj	||�Wn tj
k
r�}t|�nXtS(u�Modify an entry in an LDAP database.

    This does the same thing as :py:func:`modify`, but with a simpler
    interface.  Instead of taking a list of directives, it takes a
    before and after view of an entry, determines the differences
    between the two, computes the directives, and executes them.

    Any attribute value present in ``before`` but missing in ``after``
    is deleted.  Any attribute value present in ``after`` but missing
    in ``before`` is added.  Any attribute value in the database that
    is not mentioned in either ``before`` or ``after`` is not altered.
    Any attribute value that is present in both ``before`` and
    ``after`` is ignored, regardless of whether that attribute value
    exists in the database.

    :param connect_spec:
        See the documentation for the ``connect_spec`` parameter for
        :py:func:`connect`.

    :param dn:
        Distinguished name of the entry.

    :param before:
        The expected state of the entry before modification.  This is
        a dict mapping each attribute name to an iterable of values.

    :param after:
        The desired state of the entry after modification.  This is a
        dict mapping each attribute name to an iterable of values.

    :returns:
        ``True`` if successful, raises an exception otherwise.

    CLI example:

    .. code-block:: bash

        salt '*' ldap3.change "{
            'url': 'ldaps://ldap.example.com/',
            'bind': {
                'method': 'simple',
                'password': 'secret'}
        }" dn='cn=admin,dc=example,dc=com'
        before="{'example_value': 'before_val'}"
        after="{'example_value': 'after_val'}"
    cs@s6|],\}}|tjjjt|��fVqdS(N(RSRTRUR+RV(RWRXRY((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pys	<genexpr>;scs@s6|],\}}|tjjjt|��fVqdS(N(RSRTRUR+RV(RWRXRY((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pys	<genexpr>=su
unicodePwd(
RHRKRR7R-RR\t
modifyModlistR/RiRRR8(R?R_tbeforetafterR$RaR\R((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pytchanges/		*($Rt
__future__RRRtloggingRtsetRRtldap.ldapobjecttldap.modlistt	ldap.saslRbtImportErrortsalt.utils.dataRStsalt.extRt	getLoggerRRZRt	ExceptionRRRR*R-tobjectR.RHRRRdRnRr(((s6/usr/lib/python2.7/site-packages/salt/modules/ldap3.pyt<module>s8	
				�>	0	!	C

Zerion Mini Shell 1.0