PNG  IHDRX cHRMz&u0`:pQ<bKGD pHYsodtIME MeqIDATxw]Wug^Qd˶ 6`!N:!@xI~)%7%@Bh&`lnjVF29gΨ4E$|>cɚ{gk= %,a KX%,a KX%,a KX%,a KX%,a KX%,a KX%, b` ǟzeאfp]<!SJmɤY޲ڿ,%c ~ع9VH.!Ͳz&QynֺTkRR.BLHi٪:l;@(!MԴ=žI,:o&N'Kù\vRmJ雵֫AWic H@" !: Cé||]k-Ha oݜ:y F())u]aG7*JV@J415p=sZH!=!DRʯvɱh~V\}v/GKY$n]"X"}t@ xS76^[bw4dsce)2dU0 CkMa-U5tvLƀ~mlMwfGE/-]7XAƟ`׮g ewxwC4\[~7@O-Q( a*XGƒ{ ՟}$_y3tĐƤatgvێi|K=uVyrŲlLӪuܿzwk$m87k( `múcE)"@rK( z4$D; 2kW=Xb$V[Ru819קR~qloѱDyįݎ*mxw]y5e4K@ЃI0A D@"BDk_)N\8͜9dz"fK0zɿvM /.:2O{ Nb=M=7>??Zuo32 DLD@D| &+֎C #B8ַ`bOb $D#ͮҪtx]%`ES`Ru[=¾!@Od37LJ0!OIR4m]GZRJu$‡c=%~s@6SKy?CeIh:[vR@Lh | (BhAMy=݃  G"'wzn޺~8ԽSh ~T*A:xR[ܹ?X[uKL_=fDȊ؂p0}7=D$Ekq!/t.*2ʼnDbŞ}DijYaȲ(""6HA;:LzxQ‘(SQQ}*PL*fc\s `/d'QXW, e`#kPGZuŞuO{{wm[&NBTiiI0bukcA9<4@SӊH*؎4U/'2U5.(9JuDfrޱtycU%j(:RUbArLֺN)udA':uGQN"-"Is.*+k@ `Ojs@yU/ H:l;@yyTn}_yw!VkRJ4P)~y#)r,D =ě"Q]ci'%HI4ZL0"MJy 8A{ aN<8D"1#IJi >XjX֔#@>-{vN!8tRݻ^)N_╗FJEk]CT՟ YP:_|H1@ CBk]yKYp|og?*dGvzنzӴzjֺNkC~AbZƷ`.H)=!QͷVTT(| u78y֮}|[8-Vjp%2JPk[}ԉaH8Wpqhwr:vWª<}l77_~{s۴V+RCģ%WRZ\AqHifɤL36: #F:p]Bq/z{0CU6ݳEv_^k7'>sq*+kH%a`0ԣisqにtү04gVgW΂iJiS'3w.w}l6MC2uԯ|>JF5`fV5m`Y**Db1FKNttu]4ccsQNnex/87+}xaUW9y>ͯ骵G{䩓Գ3+vU}~jJ.NFRD7<aJDB1#ҳgSb,+CS?/ VG J?|?,2#M9}B)MiE+G`-wo߫V`fio(}S^4e~V4bHOYb"b#E)dda:'?}׮4繏`{7Z"uny-?ǹ;0MKx{:_pÚmFמ:F " .LFQLG)Q8qN q¯¯3wOvxDb\. BKD9_NN &L:4D{mm o^tֽ:q!ƥ}K+<"m78N< ywsard5+Š²z~mnG)=}lYݧNj'QJS{S :UYS-952?&O-:W}(!6Mk4+>A>j+i|<<|;ر^߉=HE|V#F)Emm#}/"y GII웻Jі94+v뾧xu~5C95~ūH>c@덉pʃ1/4-A2G%7>m;–Y,cyyaln" ?ƻ!ʪ<{~h~i y.zZB̃/,雋SiC/JFMmBH&&FAbϓO^tubbb_hZ{_QZ-sύodFgO(6]TJA˯#`۶ɟ( %$&+V'~hiYy>922 Wp74Zkq+Ovn錄c>8~GqܲcWꂎz@"1A.}T)uiW4="jJ2W7mU/N0gcqܗOO}?9/wìXžΏ0 >֩(V^Rh32!Hj5`;O28؇2#ݕf3 ?sJd8NJ@7O0 b־?lldщ̡&|9C.8RTWwxWy46ah嘦mh٤&l zCy!PY?: CJyв]dm4ǜҐR޻RլhX{FƯanшQI@x' ao(kUUuxW_Ñ줮[w8 FRJ(8˼)_mQ _!RJhm=!cVmm ?sFOnll6Qk}alY}; "baӌ~M0w,Ggw2W:G/k2%R,_=u`WU R.9T"v,<\Ik޽/2110Ӿxc0gyC&Ny޽JҢrV6N ``یeA16"J³+Rj*;BϜkZPJaÍ<Jyw:NP8/D$ 011z֊Ⱳ3ι֘k1V_"h!JPIΣ'ɜ* aEAd:ݺ>y<}Lp&PlRfTb1]o .2EW\ͮ]38؋rTJsǏP@芎sF\> P^+dYJLbJ C-xϐn> ι$nj,;Ǖa FU *择|h ~izť3ᤓ`K'-f tL7JK+vf2)V'-sFuB4i+m+@My=O҈0"|Yxoj,3]:cо3 $#uŘ%Y"y죯LebqtҢVzq¼X)~>4L׶m~[1_k?kxֺQ`\ |ٛY4Ѯr!)N9{56(iNq}O()Em]=F&u?$HypWUeB\k]JɩSع9 Zqg4ZĊo oMcjZBU]B\TUd34ݝ~:7ڶSUsB0Z3srx 7`:5xcx !qZA!;%͚7&P H<WL!džOb5kF)xor^aujƍ7 Ǡ8/p^(L>ὴ-B,{ۇWzֺ^k]3\EE@7>lYBȝR.oHnXO/}sB|.i@ɥDB4tcm,@ӣgdtJ!lH$_vN166L__'Z)y&kH;:,Y7=J 9cG) V\hjiE;gya~%ks_nC~Er er)muuMg2;֫R)Md) ,¶ 2-wr#F7<-BBn~_(o=KO㭇[Xv eN_SMgSҐ BS헃D%g_N:/pe -wkG*9yYSZS.9cREL !k}<4_Xs#FmҶ:7R$i,fi!~' # !6/S6y@kZkZcX)%5V4P]VGYq%H1!;e1MV<!ϐHO021Dp= HMs~~a)ަu7G^];git!Frl]H/L$=AeUvZE4P\.,xi {-~p?2b#amXAHq)MWǾI_r`S Hz&|{ +ʖ_= (YS(_g0a03M`I&'9vl?MM+m~}*xT۲(fY*V4x@29s{DaY"toGNTO+xCAO~4Ϳ;p`Ѫ:>Ҵ7K 3}+0 387x\)a"/E>qpWB=1 ¨"MP(\xp߫́A3+J] n[ʼnӼaTbZUWb={~2ooKױӰp(CS\S筐R*JغV&&"FA}J>G֐p1ٸbk7 ŘH$JoN <8s^yk_[;gy-;߉DV{c B yce% aJhDȶ 2IdйIB/^n0tNtџdcKj4϶v~- CBcgqx9= PJ) dMsjpYB] GD4RDWX +h{y`,3ꊕ$`zj*N^TP4L:Iz9~6s) Ga:?y*J~?OrMwP\](21sZUD ?ܟQ5Q%ggW6QdO+\@ ̪X'GxN @'4=ˋ+*VwN ne_|(/BDfj5(Dq<*tNt1х!MV.C0 32b#?n0pzj#!38}޴o1KovCJ`8ŗ_"]] rDUy޲@ Ȗ-;xџ'^Y`zEd?0„ DAL18IS]VGq\4o !swV7ˣι%4FѮ~}6)OgS[~Q vcYbL!wG3 7띸*E Pql8=jT\꘿I(z<[6OrR8ºC~ډ]=rNl[g|v TMTղb-o}OrP^Q]<98S¤!k)G(Vkwyqyr޽Nv`N/e p/~NAOk \I:G6]4+K;j$R:Mi #*[AȚT,ʰ,;N{HZTGMoּy) ]%dHء9Պ䠬|<45,\=[bƟ8QXeB3- &dҩ^{>/86bXmZ]]yޚN[(WAHL$YAgDKp=5GHjU&99v簪C0vygln*P)9^͞}lMuiH!̍#DoRBn9l@ xA/_v=ȺT{7Yt2N"4!YN`ae >Q<XMydEB`VU}u]嫇.%e^ánE87Mu\t`cP=AD/G)sI"@MP;)]%fH9'FNsj1pVhY&9=0pfuJ&gޤx+k:!r˭wkl03׼Ku C &ѓYt{.O.zҏ z}/tf_wEp2gvX)GN#I ݭ߽v/ .& и(ZF{e"=V!{zW`, ]+LGz"(UJp|j( #V4, 8B 0 9OkRrlɱl94)'VH9=9W|>PS['G(*I1==C<5"Pg+x'K5EMd؞Af8lG ?D FtoB[je?{k3zQ vZ;%Ɠ,]E>KZ+T/ EJxOZ1i #T<@ I}q9/t'zi(EMqw`mYkU6;[t4DPeckeM;H}_g pMww}k6#H㶏+b8雡Sxp)&C $@'b,fPߑt$RbJ'vznuS ~8='72_`{q纶|Q)Xk}cPz9p7O:'|G~8wx(a 0QCko|0ASD>Ip=4Q, d|F8RcU"/KM opKle M3#i0c%<7׿p&pZq[TR"BpqauIp$ 8~Ĩ!8Սx\ւdT>>Z40ks7 z2IQ}ItԀ<-%S⍤};zIb$I 5K}Q͙D8UguWE$Jh )cu4N tZl+[]M4k8֦Zeq֮M7uIqG 1==tLtR,ƜSrHYt&QP윯Lg' I,3@P'}'R˪e/%-Auv·ñ\> vDJzlӾNv5:|K/Jb6KI9)Zh*ZAi`?S {aiVDԲuy5W7pWeQJk֤#5&V<̺@/GH?^τZL|IJNvI:'P=Ϛt"¨=cud S Q.Ki0 !cJy;LJR;G{BJy޺[^8fK6)=yʊ+(k|&xQ2`L?Ȓ2@Mf 0C`6-%pKpm')c$׻K5[J*U[/#hH!6acB JA _|uMvDyk y)6OPYjœ50VT K}cǻP[ $:]4MEA.y)|B)cf-A?(e|lɉ#P9V)[9t.EiQPDѠ3ϴ;E:+Օ t ȥ~|_N2,ZJLt4! %ա]u {+=p.GhNcŞQI?Nd'yeh n7zi1DB)1S | S#ًZs2|Ɛy$F SxeX{7Vl.Src3E℃Q>b6G ўYCmtկ~=K0f(=LrAS GN'ɹ9<\!a`)֕y[uՍ[09` 9 +57ts6}b4{oqd+J5fa/,97J#6yν99mRWxJyѡyu_TJc`~W>l^q#Ts#2"nD1%fS)FU w{ܯ R{ ˎ󅃏џDsZSQS;LV;7 Od1&1n$ N /.q3~eNɪ]E#oM~}v֯FڦwyZ=<<>Xo稯lfMFV6p02|*=tV!c~]fa5Y^Q_WN|Vs 0ҘދU97OI'N2'8N֭fgg-}V%y]U4 峧p*91#9U kCac_AFңĪy뚇Y_AiuYyTTYЗ-(!JFLt›17uTozc. S;7A&&<ԋ5y;Ro+:' *eYJkWR[@F %SHWP 72k4 qLd'J "zB6{AC0ƁA6U.'F3:Ȅ(9ΜL;D]m8ڥ9}dU "v!;*13Rg^fJyShyy5auA?ɩGHRjo^]׽S)Fm\toy 4WQS@mE#%5ʈfFYDX ~D5Ϡ9tE9So_aU4?Ѽm%&c{n>.KW1Tlb}:j uGi(JgcYj0qn+>) %\!4{LaJso d||u//P_y7iRJ߬nHOy) l+@$($VFIQ9%EeKʈU. ia&FY̒mZ=)+qqoQn >L!qCiDB;Y<%} OgBxB!ØuG)WG9y(Ą{_yesuZmZZey'Wg#C~1Cev@0D $a@˲(.._GimA:uyw֬%;@!JkQVM_Ow:P.s\)ot- ˹"`B,e CRtaEUP<0'}r3[>?G8xU~Nqu;Wm8\RIkբ^5@k+5(By'L&'gBJ3ݶ!/㮻w҅ yqPWUg<e"Qy*167΃sJ\oz]T*UQ<\FԎ`HaNmڜ6DysCask8wP8y9``GJ9lF\G g's Nn͵MLN֪u$| /|7=]O)6s !ĴAKh]q_ap $HH'\1jB^s\|- W1:=6lJBqjY^LsPk""`]w)󭃈,(HC ?䔨Y$Sʣ{4Z+0NvQkhol6C.婧/u]FwiVjZka&%6\F*Ny#8O,22+|Db~d ~Çwc N:FuuCe&oZ(l;@ee-+Wn`44AMK➝2BRՈt7g*1gph9N) *"TF*R(#'88pm=}X]u[i7bEc|\~EMn}P瘊J)K.0i1M6=7'_\kaZ(Th{K*GJyytw"IO-PWJk)..axӝ47"89Cc7ĐBiZx 7m!fy|ϿF9CbȩV 9V-՛^pV̌ɄS#Bv4-@]Vxt-Z, &ֺ*diؠ2^VXbs֔Ìl.jQ]Y[47gj=幽ex)A0ip׳ W2[ᎇhuE^~q흙L} #-b۸oFJ_QP3r6jr+"nfzRJTUqoaۍ /$d8Mx'ݓ= OՃ| )$2mcM*cЙj}f };n YG w0Ia!1Q.oYfr]DyISaP}"dIӗթO67jqR ҊƐƈaɤGG|h;t]䗖oSv|iZqX)oalv;۩meEJ\!8=$4QU4Xo&VEĊ YS^E#d,yX_> ۘ-e\ "Wa6uLĜZi`aD9.% w~mB(02G[6y.773a7 /=o7D)$Z 66 $bY^\CuP. (x'"J60׿Y:Oi;F{w佩b+\Yi`TDWa~|VH)8q/=9!g߆2Y)?ND)%?Ǐ`k/sn:;O299yB=a[Ng 3˲N}vLNy;*?x?~L&=xyӴ~}q{qE*IQ^^ͧvü{Huu=R|>JyUlZV, B~/YF!Y\u_ݼF{_C)LD]m {H 0ihhadd nUkf3oٺCvE\)QJi+֥@tDJkB$1!Đr0XQ|q?d2) Ӣ_}qv-< FŊ߫%roppVBwü~JidY4:}L6M7f٬F "?71<2#?Jyy4뷢<_a7_=Q E=S1И/9{+93֮E{ǂw{))?maÆm(uLE#lïZ  ~d];+]h j?!|$F}*"4(v'8s<ŏUkm7^7no1w2ؗ}TrͿEk>p'8OB7d7R(A 9.*Mi^ͳ; eeUwS+C)uO@ =Sy]` }l8^ZzRXj[^iUɺ$tj))<sbDJfg=Pk_{xaKo1:-uyG0M ԃ\0Lvuy'ȱc2Ji AdyVgVh!{]/&}}ċJ#%d !+87<;qN޼Nفl|1N:8ya  8}k¾+-$4FiZYÔXk*I&'@iI99)HSh4+2G:tGhS^繿 Kتm0 вDk}֚+QT4;sC}rՅE,8CX-e~>G&'9xpW,%Fh,Ry56Y–hW-(v_,? ; qrBk4-V7HQ;ˇ^Gv1JVV%,ik;D_W!))+BoS4QsTM;gt+ndS-~:11Sgv!0qRVh!"Ȋ(̦Yl.]PQWgٳE'`%W1{ndΗBk|Ž7ʒR~,lnoa&:ü$ 3<a[CBݮwt"o\ePJ=Hz"_c^Z.#ˆ*x z̝grY]tdkP*:97YľXyBkD4N.C_[;F9`8& !AMO c `@BA& Ost\-\NX+Xp < !bj3C&QL+*&kAQ=04}cC!9~820G'PC9xa!w&bo_1 Sw"ܱ V )Yl3+ס2KoXOx]"`^WOy :3GO0g;%Yv㐫(R/r (s } u B &FeYZh0y> =2<Ϟc/ -u= c&׭,.0"g"7 6T!vl#sc>{u/Oh Bᾈ)۴74]x7 gMӒ"d]U)}" v4co[ ɡs 5Gg=XR14?5A}D "b{0$L .\4y{_fe:kVS\\O]c^W52LSBDM! C3Dhr̦RtArx4&agaN3Cf<Ԉp4~ B'"1@.b_/xQ} _߃҉/gٓ2Qkqp0շpZ2fԫYz< 4L.Cyυι1t@鎫Fe sYfsF}^ V}N<_`p)alٶ "(XEAVZ<)2},:Ir*#m_YӼ R%a||EƼIJ,,+f"96r/}0jE/)s)cjW#w'Sʯ5<66lj$a~3Kʛy 2:cZ:Yh))+a߭K::N,Q F'qB]={.]h85C9cr=}*rk?vwV렵ٸW Rs%}rNAkDv|uFLBkWY YkX מ|)1!$#3%y?pF<@<Rr0}: }\J [5FRxY<9"SQdE(Q*Qʻ)q1E0B_O24[U'],lOb ]~WjHޏTQ5Syu wq)xnw8~)c 쫬gٲߠ H% k5dƝk> kEj,0% b"vi2Wس_CuK)K{n|>t{P1򨾜j>'kEkƗBg*H%'_aY6Bn!TL&ɌOb{c`'d^{t\i^[uɐ[}q0lM˕G:‚4kb祔c^:?bpg… +37stH:0}en6x˟%/<]BL&* 5&fK9Mq)/iyqtA%kUe[ڛKN]Ě^,"`/ s[EQQm?|XJ߅92m]G.E΃ח U*Cn.j_)Tѧj̿30ڇ!A0=͜ar I3$C^-9#|pk!)?7.x9 @OO;WƝZBFU keZ75F6Tc6"ZȚs2y/1 ʵ:u4xa`C>6Rb/Yм)^=+~uRd`/|_8xbB0?Ft||Z\##|K 0>>zxv8۴吅q 8ĥ)"6>~\8:qM}#͚'ĉ#p\׶ l#bA?)|g g9|8jP(cr,BwV (WliVxxᡁ@0Okn;ɥh$_ckCgriv}>=wGzβ KkBɛ[˪ !J)h&k2%07δt}!d<9;I&0wV/ v 0<H}L&8ob%Hi|޶o&h1L|u֦y~󛱢8fٲUsւ)0oiFx2}X[zVYr_;N(w]_4B@OanC?gĦx>мgx>ΛToZoOMp>40>V Oy V9iq!4 LN,ˢu{jsz]|"R޻&'ƚ{53ўFu(<٪9:΋]B;)B>1::8;~)Yt|0(pw2N%&X,URBK)3\zz&}ax4;ǟ(tLNg{N|Ǽ\G#C9g$^\}p?556]/RP.90 k,U8/u776s ʪ_01چ|\N 0VV*3H鴃J7iI!wG_^ypl}r*jɤSR 5QN@ iZ#1ٰy;_\3\BQQ x:WJv츟ٯ$"@6 S#qe딇(/P( Dy~TOϻ<4:-+F`0||;Xl-"uw$Цi󼕝mKʩorz"mϺ$F:~E'ҐvD\y?Rr8_He@ e~O,T.(ފR*cY^m|cVR[8 JҡSm!ΆԨb)RHG{?MpqrmN>߶Y)\p,d#xۆWY*,l6]v0h15M˙MS8+EdI='LBJIH7_9{Caз*Lq,dt >+~ّeʏ?xԕ4bBAŚjﵫ!'\Ը$WNvKO}ӽmSşذqsOy?\[,d@'73'j%kOe`1.g2"e =YIzS2|zŐƄa\U,dP;jhhhaxǶ?КZ՚.q SE+XrbOu%\GتX(H,N^~]JyEZQKceTQ]VGYqnah;y$cQahT&QPZ*iZ8UQQM.qo/T\7X"u?Mttl2Xq(IoW{R^ ux*SYJ! 4S.Jy~ BROS[V|žKNɛP(L6V^|cR7i7nZW1Fd@ Ara{詑|(T*dN]Ko?s=@ |_EvF]׍kR)eBJc" MUUbY6`~V޴dJKß&~'d3i WWWWWW

F1l3 Manager

Current Directory: /opt/saltstack/salt/lib/python3.10/site-packages/salt/modules
/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/
Viewing File: /opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/ldap3.py
""" Query and modify an LDAP database (alternative interface) ========================================================= .. versionadded:: 2016.3.0 This is an alternative to the ``ldap`` interface provided by the :py:mod:`ldapmod <salt.modules.ldapmod>` execution module. :depends: - ``ldap`` Python module """ import logging import salt.utils.data available_backends = set() try: import ldap import ldap.ldapobject # pylint: disable=no-name-in-module import ldap.modlist # pylint: disable=no-name-in-module import ldap.sasl # pylint: disable=no-name-in-module available_backends.add("ldap") except ImportError: pass log = logging.getLogger(__name__) def __virtual__(): """Only load this module if the Python ldap module is present""" if available_backends: return True return False class LDAPError(Exception): """Base class of all LDAP exceptions raised by backends. This is only used for errors encountered while interacting with the LDAP server; usage errors (e.g., invalid backend name) will have a different type. :ivar cause: backend exception object, if applicable """ def __init__(self, message, cause=None): super().__init__(message) self.cause = cause def _convert_exception(e): """Convert an ldap backend exception to an LDAPError and raise it.""" raise LDAPError(f"exception in ldap backend: {e!r}", e) from e def _bind(l, bind=None): """Bind helper.""" if bind is None: return method = bind.get("method", "simple") if method is None: return elif method == "simple": l.simple_bind_s(bind.get("dn", ""), bind.get("password", "")) elif method == "sasl": sasl_class = getattr(ldap.sasl, bind.get("mechanism", "EXTERNAL").lower()) creds = bind.get("credentials", None) if creds is None: creds = {} auth = sasl_class(*creds.get("args", []), **creds.get("kwargs", {})) l.sasl_interactive_bind_s(bind.get("dn", ""), auth) else: raise ValueError( 'unsupported bind method "' + method + '"; supported bind methods: simple sasl' ) def _format_unicode_password(pwd): """Formats a string per Microsoft AD password specifications. The string must be enclosed in double quotes and UTF-16 encoded. See: https://msdn.microsoft.com/en-us/library/cc223248.aspx :param pwd: The desired password as a string :returns: A unicode string """ return f'"{pwd}"'.encode("utf-16-le") class _connect_ctx: def __init__(self, c): self.c = c def __enter__(self): return self def __exit__(self, *exc): pass def connect(connect_spec=None): """Connect and optionally bind to an LDAP server. :param connect_spec: This can be an LDAP connection object returned by a previous call to :py:func:`connect` (in which case the argument is simply returned), ``None`` (in which case an empty dict is used), or a dict with the following keys: * ``'backend'`` Optional; default depends on which Python LDAP modules are installed. Name of the Python LDAP module to use. Only ``'ldap'`` is supported at the moment. * ``'url'`` Optional; defaults to ``'ldapi:///'``. URL to the LDAP server. * ``'bind'`` Optional; defaults to ``None``. Describes how to bind an identity to the LDAP connection. If ``None``, an anonymous connection is made. Valid keys: * ``'method'`` Optional; defaults to ``None``. The authentication method to use. Valid values include but are not necessarily limited to ``'simple'``, ``'sasl'``, and ``None``. If ``None``, an anonymous connection is made. Available methods depend on the chosen backend. * ``'mechanism'`` Optional; defaults to ``'EXTERNAL'``. The SASL mechanism to use. Ignored unless the method is ``'sasl'``. Available methods depend on the chosen backend and the server's capabilities. * ``'credentials'`` Optional; defaults to ``None``. An object specific to the chosen SASL mechanism and backend that represents the authentication credentials. Ignored unless the method is ``'sasl'``. For the ``'ldap'`` backend, this is a dictionary. If ``None``, an empty dict is used. Keys: * ``'args'`` Optional; defaults to an empty list. A list of arguments to pass to the SASL mechanism constructor. See the SASL mechanism constructor documentation in the ``ldap.sasl`` Python module. * ``'kwargs'`` Optional; defaults to an empty dict. A dict of keyword arguments to pass to the SASL mechanism constructor. See the SASL mechanism constructor documentation in the ``ldap.sasl`` Python module. * ``'dn'`` Optional; defaults to an empty string. The distinguished name to bind. * ``'password'`` Optional; defaults to an empty string. Password for binding. Ignored if the method is ``'sasl'``. * ``'tls'`` Optional; defaults to ``None``. A backend-specific object containing settings to override default TLS behavior. For the ``'ldap'`` backend, this is a dictionary. Not all settings in this dictionary are supported by all versions of ``python-ldap`` or the underlying TLS library. If ``None``, an empty dict is used. Possible keys: * ``'starttls'`` If present, initiate a TLS connection using StartTLS. (The value associated with this key is ignored.) * ``'cacertdir'`` Set the path of the directory containing CA certificates. * ``'cacertfile'`` Set the pathname of the CA certificate file. * ``'certfile'`` Set the pathname of the certificate file. * ``'cipher_suite'`` Set the allowed cipher suite. * ``'crlcheck'`` Set the CRL evaluation strategy. Valid values are ``'none'``, ``'peer'``, and ``'all'``. * ``'crlfile'`` Set the pathname of the CRL file. * ``'dhfile'`` Set the pathname of the file containing the parameters for Diffie-Hellman ephemeral key exchange. * ``'keyfile'`` Set the pathname of the certificate key file. * ``'newctx'`` If present, instruct the underlying TLS library to create a new TLS context. (The value associated with this key is ignored.) * ``'protocol_min'`` Set the minimum protocol version. * ``'random_file'`` Set the pathname of the random file when ``/dev/random`` and ``/dev/urandom`` are not available. * ``'require_cert'`` Set the certificate validation policy. Valid values are ``'never'``, ``'hard'``, ``'demand'``, ``'allow'``, and ``'try'``. * ``'opts'`` Optional; defaults to ``None``. A backend-specific object containing options for the backend. For the ``'ldap'`` backend, this is a dictionary of OpenLDAP options to set. If ``None``, an empty dict is used. Each key is a the name of an OpenLDAP option constant without the ``'LDAP_OPT_'`` prefix, then converted to lower case. :returns: an object representing an LDAP connection that can be used as the ``connect_spec`` argument to any of the functions in this module (to avoid the overhead of making and terminating multiple connections). This object should be used as a context manager. It is safe to nest ``with`` statements. CLI Example: .. code-block:: bash salt '*' ldap3.connect "{ 'url': 'ldaps://ldap.example.com/', 'bind': { 'method': 'simple', 'dn': 'cn=admin,dc=example,dc=com', 'password': 'secret'} }" """ if isinstance(connect_spec, _connect_ctx): return connect_spec if connect_spec is None: connect_spec = {} backend_name = connect_spec.get("backend", "ldap") if backend_name not in available_backends: raise ValueError( "unsupported backend or required Python module" + f" unavailable: {backend_name}" ) url = connect_spec.get("url", "ldapi:///") try: l = ldap.initialize(url) l.protocol_version = ldap.VERSION3 # set up tls tls = connect_spec.get("tls", None) if tls is None: tls = {} vars = {} for k, v in tls.items(): if k in ("starttls", "newctx"): vars[k] = True elif k in ("crlcheck", "require_cert"): l.set_option( getattr(ldap, "OPT_X_TLS_" + k.upper()), getattr(ldap, "OPT_X_TLS_" + v.upper()), ) else: l.set_option(getattr(ldap, "OPT_X_TLS_" + k.upper()), v) if vars.get("starttls", False): l.start_tls_s() if vars.get("newctx", False): l.set_option(ldap.OPT_X_TLS_NEWCTX, 0) # set up other options l.set_option(ldap.OPT_REFERRALS, 0) opts = connect_spec.get("opts", None) if opts is None: opts = {} for k, v in opts.items(): opt = getattr(ldap, "OPT_" + k.upper()) l.set_option(opt, v) _bind(l, connect_spec.get("bind", None)) except ldap.LDAPError as e: _convert_exception(e) return _connect_ctx(l) def search( connect_spec, base, scope="subtree", filterstr="(objectClass=*)", attrlist=None, attrsonly=0, ): """Search an LDAP database. :param connect_spec: See the documentation for the ``connect_spec`` parameter for :py:func:`connect`. :param base: Distinguished name of the entry at which to start the search. :param scope: One of the following: * ``'subtree'`` Search the base and all of its descendants. * ``'base'`` Search only the base itself. * ``'onelevel'`` Search only the base's immediate children. :param filterstr: String representation of the filter to apply in the search. :param attrlist: Limit the returned attributes to those in the specified list. If ``None``, all attributes of each entry are returned. :param attrsonly: If non-zero, don't return any attribute values. :returns: a dict of results. The dict is empty if there are no results. The dict maps each returned entry's distinguished name to a dict that maps each of the matching attribute names to a list of its values. CLI Example: .. code-block:: bash salt '*' ldap3.search "{ 'url': 'ldaps://ldap.example.com/', 'bind': { 'method': 'simple', 'dn': 'cn=admin,dc=example,dc=com', 'password': 'secret', }, }" "base='dc=example,dc=com'" """ l = connect(connect_spec) scope = getattr(ldap, "SCOPE_" + scope.upper()) try: results = l.c.search_s(base, scope, filterstr, attrlist, attrsonly) except ldap.NO_SUCH_OBJECT: results = [] except ldap.LDAPError as e: _convert_exception(e) return dict(results) def add(connect_spec, dn, attributes): """Add an entry to an LDAP database. :param connect_spec: See the documentation for the ``connect_spec`` parameter for :py:func:`connect`. :param dn: Distinguished name of the entry. :param attributes: Non-empty dict mapping each of the new entry's attributes to a non-empty iterable of values. :returns: ``True`` if successful, raises an exception otherwise. CLI Example: .. code-block:: bash salt '*' ldap3.add "{ 'url': 'ldaps://ldap.example.com/', 'bind': { 'method': 'simple', 'password': 'secret', }, }" "dn='dc=example,dc=com'" "attributes={'example': 'values'}" """ l = connect(connect_spec) # convert the "iterable of values" to lists in case that's what # addModlist() expects (also to ensure that the caller's objects # are not modified) attributes = { attr: salt.utils.data.encode(list(vals)) for attr, vals in attributes.items() } log.info("adding entry: dn: %s attributes: %s", repr(dn), repr(attributes)) if "unicodePwd" in attributes: attributes["unicodePwd"] = [ _format_unicode_password(x) for x in attributes["unicodePwd"] ] modlist = ldap.modlist.addModlist(attributes) try: l.c.add_s(dn, modlist) except ldap.LDAPError as e: _convert_exception(e) return True def delete(connect_spec, dn): """Delete an entry from an LDAP database. :param connect_spec: See the documentation for the ``connect_spec`` parameter for :py:func:`connect`. :param dn: Distinguished name of the entry. :returns: ``True`` if successful, raises an exception otherwise. CLI Example: .. code-block:: bash salt '*' ldap3.delete "{ 'url': 'ldaps://ldap.example.com/', 'bind': { 'method': 'simple', 'password': 'secret'} }" dn='cn=admin,dc=example,dc=com' """ l = connect(connect_spec) log.info("deleting entry: dn: %s", repr(dn)) try: l.c.delete_s(dn) except ldap.LDAPError as e: _convert_exception(e) return True def modify(connect_spec, dn, directives): """Modify an entry in an LDAP database. :param connect_spec: See the documentation for the ``connect_spec`` parameter for :py:func:`connect`. :param dn: Distinguished name of the entry. :param directives: Iterable of directives that indicate how to modify the entry. Each directive is a tuple of the form ``(op, attr, vals)``, where: * ``op`` identifies the modification operation to perform. One of: * ``'add'`` to add one or more values to the attribute * ``'delete'`` to delete some or all of the values from the attribute. If no values are specified with this operation, all of the attribute's values are deleted. Otherwise, only the named values are deleted. * ``'replace'`` to replace all of the attribute's values with zero or more new values * ``attr`` names the attribute to modify * ``vals`` is an iterable of values to add or delete :returns: ``True`` if successful, raises an exception otherwise. CLI Example: .. code-block:: bash salt '*' ldap3.modify "{ 'url': 'ldaps://ldap.example.com/', 'bind': { 'method': 'simple', 'password': 'secret'} }" dn='cn=admin,dc=example,dc=com' directives="('add', 'example', ['example_val'])" """ l = connect(connect_spec) # convert the "iterable of values" to lists in case that's what # modify_s() expects (also to ensure that the caller's objects are # not modified) modlist = [ (getattr(ldap, "MOD_" + op.upper()), attr, list(vals)) for op, attr, vals in directives ] for idx, mod in enumerate(modlist): if mod[1] == "unicodePwd": modlist[idx] = ( mod[0], mod[1], [_format_unicode_password(x) for x in mod[2]], ) modlist = salt.utils.data.decode(modlist, to_str=True, preserve_tuples=True) try: l.c.modify_s(dn, modlist) except ldap.LDAPError as e: _convert_exception(e) return True def change(connect_spec, dn, before, after): """Modify an entry in an LDAP database. This does the same thing as :py:func:`modify`, but with a simpler interface. Instead of taking a list of directives, it takes a before and after view of an entry, determines the differences between the two, computes the directives, and executes them. Any attribute value present in ``before`` but missing in ``after`` is deleted. Any attribute value present in ``after`` but missing in ``before`` is added. Any attribute value in the database that is not mentioned in either ``before`` or ``after`` is not altered. Any attribute value that is present in both ``before`` and ``after`` is ignored, regardless of whether that attribute value exists in the database. :param connect_spec: See the documentation for the ``connect_spec`` parameter for :py:func:`connect`. :param dn: Distinguished name of the entry. :param before: The expected state of the entry before modification. This is a dict mapping each attribute name to an iterable of values. :param after: The desired state of the entry after modification. This is a dict mapping each attribute name to an iterable of values. :returns: ``True`` if successful, raises an exception otherwise. CLI Example: .. code-block:: bash salt '*' ldap3.change "{ 'url': 'ldaps://ldap.example.com/', 'bind': { 'method': 'simple', 'password': 'secret'} }" dn='cn=admin,dc=example,dc=com' before="{'example_value': 'before_val'}" after="{'example_value': 'after_val'}" """ l = connect(connect_spec) # convert the "iterable of values" to lists in case that's what # modifyModlist() expects (also to ensure that the caller's dicts # are not modified) before = {attr: salt.utils.data.encode(list(vals)) for attr, vals in before.items()} after = {attr: salt.utils.data.encode(list(vals)) for attr, vals in after.items()} if "unicodePwd" in after: after["unicodePwd"] = [_format_unicode_password(x) for x in after["unicodePwd"]] modlist = ldap.modlist.modifyModlist(before, after) try: l.c.modify_s(dn, modlist) except ldap.LDAPError as e: _convert_exception(e) return True
webs 1.0 - Enhanced UI