"Fossies" - the Fresh Open Source Software Archive

Member "web2ldap-1.6.19/web2ldap/app/plugins/opends.py" (4 Nov 2021, 19269 Bytes) of package /linux/www/web2ldap-1.6.19.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "opends.py" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 1.6.16_vs_1.6.17.

    1 # -*- coding: ascii -*-
    2 """
    3 web2ldap plugin classes for OpenDS and OpenDJ
    4 """
    5 
    6 import re
    7 from typing import Dict
    8 
    9 import ldap0
   10 from ldap0.dn import DNObj
   11 
   12 from ..schema.syntaxes import (
   13     BindDN,
   14     DirectoryString,
   15     DynamicDNSelectList,
   16     MultilineText,
   17     OctetString,
   18     SelectList,
   19     syntax_registry,
   20 )
   21 from .x509 import Certificate
   22 from .groups import MemberOf
   23 from .quirks import NamingContexts
   24 from ..schema import no_humanreadable_attr
   25 
   26 
   27 syntax_registry.reg_at(
   28     MemberOf.oid, [
   29         '1.3.6.1.4.1.42.2.27.9.1.792', # isMemberOf
   30     ]
   31 )
   32 
   33 
   34 class OpenDSCfgPasswordPolicy(DynamicDNSelectList):
   35     oid: str = 'OpenDSCfgPasswordPolicy-oid'
   36     desc: str = 'DN of the ds-cfg-password-policy entry'
   37     ldap_url = 'ldap:///cn=Password Policies,cn=config?cn?one?(objectClass=ds-cfg-password-policy)'
   38 
   39 syntax_registry.reg_at(
   40     OpenDSCfgPasswordPolicy.oid, [
   41         '1.3.6.1.4.1.26027.1.1.161', # ds-cfg-default-password-policy
   42         '1.3.6.1.4.1.26027.1.1.244', # ds-pwp-password-policy-dn
   43     ]
   44 )
   45 
   46 
   47 class OpenDSCfgPasswordStorageScheme(DynamicDNSelectList):
   48     oid: str = 'OpenDSCfgPasswordStorageScheme-oid'
   49     desc: str = 'DN of the ds-cfg-password-storage-scheme entry'
   50     ldap_url = 'ldap:///cn=Password Storage Schemes,cn=config?cn?one?(objectClass=ds-cfg-password-storage-scheme)'
   51 
   52 syntax_registry.reg_at(
   53     OpenDSCfgPasswordStorageScheme.oid, [
   54         '1.3.6.1.4.1.26027.1.1.137', # ds-cfg-default-password-storage-scheme
   55     ]
   56 )
   57 
   58 
   59 class OpenDSCfgPasswordGenerator(DynamicDNSelectList):
   60     oid: str = 'OpenDSCfgPasswordGenerator-oid'
   61     desc: str = 'DN of the ds-cfg-password-generator entry'
   62     ldap_url = 'ldap:///cn=Password Generators,cn=config?cn?one?(objectClass=ds-cfg-password-generator)'
   63 
   64 syntax_registry.reg_at(
   65     OpenDSCfgPasswordGenerator.oid, [
   66         '1.3.6.1.4.1.26027.1.1.153', # ds-cfg-password-generator
   67     ]
   68 )
   69 
   70 
   71 class OpenDSCfgIdentityMapper(DynamicDNSelectList):
   72     oid: str = 'OpenDSCfgIdentityMapper-oid'
   73     desc: str = 'DN of the ds-cfg-identity-mapper entry'
   74     ldap_url = 'ldap:///cn=Identity Mappers,cn=config?cn?one?(objectClass=ds-cfg-identity-mapper)'
   75 
   76 syntax_registry.reg_at(
   77     OpenDSCfgIdentityMapper.oid, [
   78         '1.3.6.1.4.1.26027.1.1.113', # ds-cfg-identity-mapper
   79         '1.3.6.1.4.1.26027.1.1.114', # ds-cfg-proxied-authorization-identity-mapper
   80     ]
   81 )
   82 
   83 
   84 class OpenDSCfgCertificateMapper(DynamicDNSelectList):
   85     oid: str = 'OpenDSCfgCertificateMapper-oid'
   86     desc: str = 'DN of the ds-cfg-certificate-mapper entry'
   87     ldap_url = 'ldap:///cn=Certificate Mappers,cn=config?cn?one?(objectClass=ds-cfg-certificate-mapper)'
   88 
   89 syntax_registry.reg_at(
   90     OpenDSCfgCertificateMapper.oid, [
   91         '1.3.6.1.4.1.26027.1.1.262', # ds-cfg-certificate-mapper
   92     ]
   93 )
   94 
   95 
   96 class OpenDSCfgKeyManagerProvider(DynamicDNSelectList):
   97     oid: str = 'OpenDSCfgKeyManagerProvider-oid'
   98     desc: str = 'DN of the ds-cfg-key-manager-provider entry'
   99     ldap_url = 'ldap:///cn=Key Manager Providers,cn=config?cn?one?(objectClass=ds-cfg-key-manager-provider)'
  100 
  101 syntax_registry.reg_at(
  102     OpenDSCfgKeyManagerProvider.oid, [
  103         '1.3.6.1.4.1.26027.1.1.263', # ds-cfg-key-manager-provider
  104     ]
  105 )
  106 
  107 
  108 class OpenDSCfgTrustManagerProvider(DynamicDNSelectList):
  109     oid: str = 'OpenDSCfgTrustManagerProvider-oid'
  110     desc: str = 'DN of the ds-cfg-trust-manager-provider entry'
  111     ldap_url = 'ldap:///cn=Trust Manager Providers,cn=config?cn?one?(objectClass=ds-cfg-trust-manager-provider)'
  112 
  113 syntax_registry.reg_at(
  114     OpenDSCfgTrustManagerProvider.oid, [
  115         '1.3.6.1.4.1.26027.1.1.264', # ds-cfg-trust-manager-provider
  116     ]
  117 )
  118 
  119 
  120 class OpenDSCfgSSLClientAuthPolicy(SelectList):
  121     oid: str = 'OpenDSCfgSSLClientAuthPolicy-oid'
  122     desc: str = 'Specifies the policy regarding client SSL certificates'
  123     attr_value_dict: Dict[str, str] = {
  124         'disabled': 'Client certificate is not requested',
  125         'optional': 'Client certificate is requested but not required',
  126         'required': 'Client certificate is required',
  127     }
  128 
  129 syntax_registry.reg_at(
  130     OpenDSCfgSSLClientAuthPolicy.oid, [
  131         '1.3.6.1.4.1.26027.1.1.90', # ds-cfg-ssl-client-auth-policy
  132     ]
  133 )
  134 
  135 
  136 class OpenDSCfgSNMPSecurityLevel(SelectList):
  137     oid: str = 'OpenDSCfgSNMPSecurityLevel-oid'
  138     desc: str = 'Specifies the policy regarding client SSL certificates'
  139     attr_value_dict: Dict[str, str] = {
  140         'authnopriv': 'Authentication activated with no privacy.',
  141         'authpriv': 'Authentication with privacy activated.',
  142         'noauthnopriv': 'No security mechanisms activated.',
  143     }
  144 
  145 syntax_registry.reg_at(
  146     OpenDSCfgSNMPSecurityLevel.oid, [
  147         '1.3.6.1.4.1.26027.1.1.452', # ds-cfg-security-level
  148     ]
  149 )
  150 
  151 
  152 class OpenDSCfgInvalidSchemaBehaviour(SelectList):
  153     oid: str = 'OpenDSCfgInvalidSchemaBehaviour-oid'
  154     desc: str = 'Specifies how OpenDS behaves in case of schema errors'
  155     attr_value_dict: Dict[str, str] = {
  156         'reject': 'reject',
  157         'default': 'default',
  158         'accept': 'accept',
  159         'warn': 'warn',
  160     }
  161 
  162 syntax_registry.reg_at(
  163     OpenDSCfgInvalidSchemaBehaviour.oid, [
  164         '1.3.6.1.4.1.26027.1.1.31', # ds-cfg-invalid-attribute-syntax-behavior
  165         '1.3.6.1.4.1.26027.1.1.88', # ds-cfg-single-structural-objectclass-behavior
  166     ]
  167 )
  168 
  169 
  170 class OpenDSCfgEtimeResolution(SelectList):
  171     oid: str = 'OpenDSCfgEtimeResolution-oid'
  172     desc: str = 'Specifies the resolution to use for operation elapsed processing time (etime) measurements.'
  173     attr_value_dict: Dict[str, str] = {
  174         'milliseconds': 'milliseconds',
  175         'nanoseconds': 'nanoseconds',
  176     }
  177 
  178 syntax_registry.reg_at(
  179     OpenDSCfgEtimeResolution.oid, [
  180         '1.3.6.1.4.1.26027.1.1.442', # ds-cfg-etime-resolution
  181     ]
  182 )
  183 
  184 
  185 class OpenDSCfgWritabilityMode(SelectList):
  186     oid: str = 'OpenDSCfgWritabilityMode-oid'
  187     desc: str = 'Specifies the kinds of write operations the Directory Server can process.'
  188     attr_value_dict: Dict[str, str] = {
  189         'disabled': 'all write operations are rejected',
  190         'enabled': 'all write operations are processed',
  191         'internal-only': 'write operations requested as internal/sync operations are processed',
  192     }
  193 
  194 syntax_registry.reg_at(
  195     OpenDSCfgWritabilityMode.oid, [
  196         '1.3.6.1.4.1.26027.1.1.123', # ds-cfg-writability-mode
  197     ]
  198 )
  199 
  200 
  201 class OpenDSCfgCertificateValidationPolicy(SelectList):
  202     oid: str = 'OpenDSCfgCertificateValidationPolicy-oid'
  203     desc: str = 'Specifies the way client certs are checked in user entry.'
  204     attr_value_dict: Dict[str, str] = {
  205         'always': "Always require matching peer certificate in user's entry",
  206         'ifpresent': "Require one matching certificate if attribute exists in user's entry",
  207         'never': "Peer certificate is not checked in user's entry at all",
  208     }
  209 
  210 syntax_registry.reg_at(
  211     OpenDSCfgCertificateValidationPolicy.oid, [
  212         '1.3.6.1.4.1.26027.1.1.16', # ds-cfg-certificate-validation-policy
  213     ]
  214 )
  215 
  216 
  217 class OpenDSCfgAccountStatusNotificationType(SelectList):
  218     oid: str = 'OpenDSCfgAccountStatusNotificationType-oid'
  219     desc: str = 'Specifies when the generate a notification about account status'
  220     attr_value_dict: Dict[str, str] = {
  221         'account-disabled': 'User account has been disabled by an administrator',
  222         'account-enabled': 'User account has been enabled by an administrator',
  223         'account-expired': 'User authentication has failed because the account has expired',
  224         'account-idle-locked': 'User account has been locked because it was idle for too long',
  225         'account-permanently-locked': 'User account has been permanently locked after too many failed attempts',
  226         'account-reset-locked': 'User account has been locked, because the password had been reset by an administrator but not changed by the User within the required interval',
  227         'account-temporarily-locked': 'User account has been temporarily locked after too many failed attempts',
  228         'account-unlocked': 'User account has been unlocked by an administrator',
  229         'password-changed': 'User changes his/her own password',
  230         'password-expired': 'User authentication has failed because the password has expired',
  231         'password-expiring': "Password expiration warning is encountered for user's password for the first time.",
  232         'password-reset': "User's password was reset by an administrator.",
  233     }
  234 
  235 syntax_registry.reg_at(
  236     OpenDSCfgAccountStatusNotificationType.oid, [
  237         '1.3.6.1.4.1.26027.1.1.238', # ds-cfg-account-status-notification-type
  238     ]
  239 )
  240 
  241 
  242 class OpenDSCfgSslProtocol(SelectList):
  243     oid: str = 'OpenDSCfgSslProtocol-oid'
  244     desc: str = 'Specifies the SSL/TLS protocols supported.'
  245     attr_value_dict: Dict[str, str] = {
  246         'SSL': 'any version of SSL',
  247         'SSLv2': 'SSL version 2 or higher',
  248         'SSLv3': 'SSL version 3',
  249         'TLS': 'any version of TLS',
  250         'TLSv1': 'TLS version 1.0 (RFC 2246)',
  251         'TLSv1.1': 'TLS version 1.1 (RFC 4346)',
  252     }
  253 
  254 syntax_registry.reg_at(
  255     OpenDSCfgSslProtocol.oid, [
  256         '1.3.6.1.4.1.26027.1.1.391', # ds-cfg-ssl-protocol
  257     ]
  258 )
  259 
  260 
  261 class OpenDSCfgSslCipherSuite(SelectList):
  262     oid: str = 'OpenDSCfgSslCipherSuite-oid'
  263     desc: str = 'Specifies the used cipher suites.'
  264     attr_value_dict: Dict[str, str] = {
  265         'SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA': 'SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA',
  266         'SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA': 'SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA',
  267         'SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA': 'SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA',
  268         'SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA': 'SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA',
  269         'SSL_DHE_DSS_WITH_DES_CBC_SHA': 'SSL_DHE_DSS_WITH_DES_CBC_SHA',
  270         'SSL_DHE_DSS_WITH_RC4_128_SHA': 'SSL_DHE_DSS_WITH_RC4_128_SHA',
  271         'SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA': 'SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA',
  272         'SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA': 'SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA',
  273         'SSL_DHE_RSA_WITH_DES_CBC_SHA': 'SSL_DHE_RSA_WITH_DES_CBC_SHA',
  274         'SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA': 'SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA',
  275         'SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA': 'SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA',
  276         'SSL_DH_DSS_WITH_DES_CBC_SHA': 'SSL_DH_DSS_WITH_DES_CBC_SHA',
  277         'SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA': 'SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA',
  278         'SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA': 'SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA',
  279         'SSL_DH_RSA_WITH_DES_CBC_SHA': 'SSL_DH_RSA_WITH_DES_CBC_SHA',
  280         'SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA': 'SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA',
  281         'SSL_DH_anon_EXPORT_WITH_RC4_40_MD5': 'SSL_DH_anon_EXPORT_WITH_RC4_40_MD5',
  282         'SSL_DH_anon_WITH_3DES_EDE_CBC_SHA': 'SSL_DH_anon_WITH_3DES_EDE_CBC_SHA',
  283         'SSL_DH_anon_WITH_DES_CBC_SHA': 'SSL_DH_anon_WITH_DES_CBC_SHA',
  284         'SSL_DH_anon_WITH_RC4_128_MD5': 'SSL_DH_anon_WITH_RC4_128_MD5',
  285         'SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA': 'SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA',
  286         'SSL_FORTEZZA_DMS_WITH_NULL_SHA': 'SSL_FORTEZZA_DMS_WITH_NULL_SHA',
  287         'SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA': 'SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA',
  288         'SSL_RSA_EXPORT1024_WITH_RC4_56_SHA': 'SSL_RSA_EXPORT1024_WITH_RC4_56_SHA',
  289         'SSL_RSA_EXPORT_WITH_DES40_CBC_SHA': 'SSL_RSA_EXPORT_WITH_DES40_CBC_SHA',
  290         'SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5': 'SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5',
  291         'SSL_RSA_EXPORT_WITH_RC4_40_MD5': 'SSL_RSA_EXPORT_WITH_RC4_40_MD5',
  292         'SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA': 'SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA',
  293         'SSL_RSA_FIPS_WITH_DES_CBC_SHA': 'SSL_RSA_FIPS_WITH_DES_CBC_SHA',
  294         'SSL_RSA_WITH_3DES_EDE_CBC_SHA': 'SSL_RSA_WITH_3DES_EDE_CBC_SHA',
  295         'SSL_RSA_WITH_DES_CBC_SHA': 'SSL_RSA_WITH_DES_CBC_SHA',
  296         'SSL_RSA_WITH_IDEA_CBC_SHA': 'SSL_RSA_WITH_IDEA_CBC_SHA',
  297         'SSL_RSA_WITH_NULL_MD5': 'SSL_RSA_WITH_NULL_MD5',
  298         'SSL_RSA_WITH_NULL_SHA': 'SSL_RSA_WITH_NULL_SHA',
  299         'SSL_RSA_WITH_RC4_128_MD5': 'SSL_RSA_WITH_RC4_128_MD5',
  300         'SSL_RSA_WITH_RC4_128_SHA': 'SSL_RSA_WITH_RC4_128_SHA',
  301         'TLS_DHE_DSS_WITH_AES_128_CBC_SHA': 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA',
  302         'TLS_DHE_DSS_WITH_AES_256_CBC_SHA': 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA',
  303         'TLS_DHE_RSA_WITH_AES_128_CBC_SHA': 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
  304         'TLS_DHE_RSA_WITH_AES_256_CBC_SHA': 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
  305         'TLS_DH_anon_WITH_AES_128_CBC_SHA': 'TLS_DH_anon_WITH_AES_128_CBC_SHA',
  306         'TLS_DH_anon_WITH_AES_256_CBC_SHA': 'TLS_DH_anon_WITH_AES_256_CBC_SHA',
  307         'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5': 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5',
  308         'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA': 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA',
  309         'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5': 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5',
  310         'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA': 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA',
  311         'TLS_KRB5_EXPORT_WITH_RC4_40_MD5': 'TLS_KRB5_EXPORT_WITH_RC4_40_MD5',
  312         'TLS_KRB5_EXPORT_WITH_RC4_40_SHA': 'TLS_KRB5_EXPORT_WITH_RC4_40_SHA',
  313         'TLS_KRB5_WITH_3DES_EDE_CBC_MD5': 'TLS_KRB5_WITH_3DES_EDE_CBC_MD5',
  314         'TLS_KRB5_WITH_3DES_EDE_CBC_SHA': 'TLS_KRB5_WITH_3DES_EDE_CBC_SHA',
  315         'TLS_KRB5_WITH_DES_CBC_MD5': 'TLS_KRB5_WITH_DES_CBC_MD5',
  316         'TLS_KRB5_WITH_DES_CBC_SHA': 'TLS_KRB5_WITH_DES_CBC_SHA',
  317         'TLS_KRB5_WITH_IDEA_CBC_MD5': 'TLS_KRB5_WITH_IDEA_CBC_MD5',
  318         'TLS_KRB5_WITH_IDEA_CBC_SHA': 'TLS_KRB5_WITH_IDEA_CBC_SHA',
  319         'TLS_KRB5_WITH_RC4_128_MD5': 'TLS_KRB5_WITH_RC4_128_MD5',
  320         'TLS_KRB5_WITH_RC4_128_SHA': 'TLS_KRB5_WITH_RC4_128_SHA',
  321         'TLS_RSA_WITH_AES_128_CBC_SHA': 'TLS_RSA_WITH_AES_128_CBC_SHA',
  322         'TLS_RSA_WITH_AES_256_CBC_SHA': 'TLS_RSA_WITH_AES_256_CBC_SHA',
  323     }
  324 
  325 syntax_registry.reg_at(
  326     OpenDSCfgSslCipherSuite.oid, [
  327         '1.3.6.1.4.1.26027.1.1.392', # ds-cfg-ssl-cipher-suite
  328     ]
  329 )
  330 
  331 
  332 class OpenDSCfgPrivilege(SelectList):
  333     oid: str = 'OpenDSCfgPrivilege-oid'
  334     desc: str = 'Specifies the name of a privilege that should not be evaluated by the server.'
  335     attr_value_dict: Dict[str, str] = {
  336         'backend-backup': 'Request backup tasks',
  337         'backend-restore': 'Request restore tasks',
  338         'bypass-acl': 'Bypass access control checks',
  339         'bypass-lockdown': 'Bypass server lockdown mode',
  340         'cancel-request': 'Cancel operations of other client connections',
  341         'config-read': 'Read server configuration',
  342         'config-write': 'Update the server configuration',
  343         'data-sync': 'Participate in data synchronization',
  344         'disconnect-client': 'Terminate other client connections',
  345         'jmx-notify': 'Subscribe to receive JMX notifications',
  346         'jmx-read': 'Perform JMX read operations',
  347         'jmx-write': 'Perform JMX write operations',
  348         'ldif-export': 'Request LDIF export tasks',
  349         'ldif-import': 'Request LDIF import tasks',
  350         'modify-acl': "Modify the server's access control configuration",
  351         'password-reset': 'Reset user passwords',
  352         'privilege-change': 'Make changes to specific root privileges and user privileges',
  353         'proxied-auth': 'Use proxied authorization control or SASL authz ID',
  354         'server-lockdown': 'Lockdown a server',
  355         'server-restart': 'Request server to perform an in-core restart',
  356         'server-shutdown': 'Request server shut down',
  357         'subentry-write': 'Perform write ops on LDAP subentries',
  358         'unindexed-search': 'Request unindexed searches',
  359         'update-schema': 'Change server schema',
  360         'changelog-read': 'Read change log backend',
  361         'monitor-read': 'Read monitoring backend',
  362     }
  363 
  364 
  365 syntax_registry.reg_at(
  366     OpenDSCfgPrivilege.oid, [
  367         '1.3.6.1.4.1.26027.1.1.261', # ds-cfg-default-root-privilege-name
  368         '1.3.6.1.4.1.26027.1.1.387', # ds-cfg-disabled-privilege
  369         '1.3.6.1.4.1.26027.1.1.260', # ds-privilege-name
  370     ]
  371 )
  372 
  373 
  374 class OpenDSCfgTimeInterval(DirectoryString):
  375     oid: str = 'OpenDSCfgTimeInterval-oid'
  376     desc: str = 'A time interval consisting of integer value and time unit'
  377     pattern = re.compile('^[0-9]+ (seconds|minutes|hours|days)$')
  378 
  379 syntax_registry.reg_at(
  380     OpenDSCfgTimeInterval.oid, [
  381         '1.3.6.1.4.1.26027.1.1.142', # ds-cfg-idle-lockout-interval
  382         '1.3.6.1.4.1.26027.1.1.145', # ds-cfg-lockout-duration
  383         '1.3.6.1.4.1.26027.1.1.147', # ds-cfg-lockout-failure-expiration-interval
  384         '1.3.6.1.4.1.26027.1.1.148', # ds-cfg-max-password-age
  385         '1.3.6.1.4.1.26027.1.1.149', # ds-cfg-max-password-reset-age
  386         '1.3.6.1.4.1.26027.1.1.150', # ds-cfg-min-password-age
  387         '1.3.6.1.4.1.26027.1.1.152', # ds-cfg-password-expiration-warning-interval
  388         '1.3.6.1.4.1.26027.1.1.375', # ds-cfg-password-history-duration
  389         '1.3.6.1.4.1.26027.1.1.115', # ds-cfg-time-limit
  390     ]
  391 )
  392 
  393 class OpenDSSyncHist(OctetString, DirectoryString):
  394     oid: str = 'OpenDSSyncHist-oid'
  395     desc: str = 'List of modifications'
  396 
  397     def display(self, vidx, links) -> str:
  398         try:
  399             mod_attr_type, mod_number, mod_type, mod_value = self._av.split(':', 3)
  400         except ValueError:
  401             return OctetString.display(self, vidx, links)
  402         first_str = self._app.form.s2d(
  403             ':'.join((mod_attr_type, mod_number, mod_type)).decode(self._app.ls.charset)
  404         )
  405         if no_humanreadable_attr(self._schema, mod_attr_type):
  406             mod_value_html = mod_value.hex().upper()
  407         else:
  408             mod_value_html = self._app.form.s2d(mod_value.decode(self._app.ls.charset))
  409         return ':<br>'.join((first_str, mod_value_html))
  410 
  411 syntax_registry.reg_at(
  412     OpenDSSyncHist.oid, [
  413         '1.3.6.1.4.1.26027.1.1.119', # ds-sync-hist
  414     ]
  415 )
  416 
  417 
  418 class OpenDSdsCfgAlternatebindDn(BindDN):
  419     oid: str = 'OpenDSdsCfgAlternatebindDn-oid'
  420     desc: str = 'OpenDS/OpenDJ alternative bind DN'
  421 
  422     def form_value(self) -> str:
  423         if not self._av:
  424             return ''
  425         try:
  426             dn_obj = DNObj(self.av_u)
  427         except ldap0.DECODING_ERROR:
  428             return BindDN.form_value(self)
  429         new_rdn = DNObj(tuple([
  430             (
  431                 rdn_attr,
  432                 rdn_value[0] or self._entry.get(rdn_attr, [''])[0],
  433             )
  434             for rdn_attr, rdn_value in dn_obj.rdn_attrs().items()
  435         ]))
  436         return str(new_rdn+dn_obj.parent())
  437 
  438 syntax_registry.reg_at(
  439     OpenDSdsCfgAlternatebindDn.oid, [
  440         '1.3.6.1.4.1.26027.1.1.13', # ds-cfg-alternate-bind-dn
  441     ]
  442 )
  443 
  444 
  445 # cn=changelog
  446 #------------------------
  447 
  448 class ChangeLogChanges(MultilineText):
  449     oid: str = 'ChangeLogChanges-oid'
  450     desc: str = 'a set of changes to apply to an entry'
  451     lineSep = b'\n'
  452     cols = 77
  453 
  454 syntax_registry.reg_at(
  455     ChangeLogChanges.oid, [
  456         '2.16.840.1.113730.3.1.8', # changes
  457     ]
  458 )
  459 
  460 
  461 # Register some more attribute types
  462 #-----------------------------------
  463 
  464 syntax_registry.reg_at(
  465     Certificate.oid, [
  466         '1.3.6.1.4.1.26027.1.1.408', # ds-cfg-public-key-certificate
  467     ]
  468 )
  469 
  470 
  471 syntax_registry.reg_at(
  472     NamingContexts.oid,
  473     [
  474         '1.3.6.1.4.1.26027.1.1.246', # ds-private-naming-contexts
  475         '1.3.6.1.4.1.26027.1.1.8',   # ds-cfg-base-dn
  476     ]
  477 )
  478 
  479 
  480 # Register all syntax classes in this module
  481 syntax_registry.reg_syntaxes(__name__)