/*
 * net/sched/cls_flow.c		Generic flow classifier
 *
 * Copyright (c) 2007, 2008 Patrick McHardy <kaber@trash.net>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 */

#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/list.h>
#include <linux/jhash.h>
#include <linux/random.h>
#include <linux/pkt_cls.h>
#include <linux/skbuff.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/if_vlan.h>

#include <net/pkt_cls.h>
#include <net/ip.h>
#include <net/route.h>
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
#include <net/netfilter/nf_conntrack.h>
#endif

struct flow_head {
	struct list_head	filters;
};

struct flow_filter {
	struct list_head	list;
	struct tcf_exts		exts;
	struct tcf_ematch_tree	ematches;
	u32			handle;

	u32			nkeys;
	u32			keymask;
	u32			mode;
	u32			mask;
	u32			xor;
	u32			rshift;
	u32			addend;
	u32			divisor;
	u32			baseclass;
};

static u32 flow_hashrnd __read_mostly;
static int flow_hashrnd_initted __read_mostly;

static const struct tcf_ext_map flow_ext_map = {
	.action	= TCA_FLOW_ACT,
	.police	= TCA_FLOW_POLICE,
};

static inline u32 addr_fold(void *addr)
{
	unsigned long a = (unsigned long)addr;

	return (a & 0xFFFFFFFF) ^ (BITS_PER_LONG > 32 ? a >> 32 : 0);
}

static u32 flow_get_src(const struct sk_buff *skb)
{
	switch (skb->protocol) {
	case __constant_htons(ETH_P_IP):
		return ntohl(ip_hdr(skb)->saddr);
	case __constant_htons(ETH_P_IPV6):
		return ntohl(ipv6_hdr(skb)->saddr.s6_addr32[3]);
	default:
		return addr_fold(skb->sk);
	}
}

static u32 flow_get_dst(const struct sk_buff *skb)
{
	switch (skb->protocol) {
	case __constant_htons(ETH_P_IP):
		return ntohl(ip_hdr(skb)->daddr);
	case __constant_htons(ETH_P_IPV6):
		return ntohl(ipv6_hdr(skb)->daddr.s6_addr32[3]);
	default:
		return addr_fold(skb->dst) ^ (__force u16)skb->protocol;
	}
}

static u32 flow_get_proto(const struct sk_buff *skb)
{
	switch (skb->protocol) {
	case __constant_htons(ETH_P_IP):
		return ip_hdr(skb)->protocol;
	case __constant_htons(ETH_P_IPV6):
		return ipv6_hdr(skb)->nexthdr;
	default:
		return 0;
	}
}

static int has_ports(u8 protocol)
{
	switch (protocol) {
	case IPPROTO_TCP:
	case IPPROTO_UDP:
	case IPPROTO_UDPLITE:
	case IPPROTO_SCTP:
	case IPPROTO_DCCP:
	case IPPROTO_ESP:
		return 1;
	default:
		return 0;
	}
}

static u32 flow_get_proto_src(const struct sk_buff *skb)
{
	u32 res = 0;

	switch (skb->protocol) {
	case __constant_htons(ETH_P_IP): {
		struct iphdr *iph = ip_hdr(skb);

		if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
		    has_ports(iph->protocol))
			res = ntohs(*(__be16 *)((void *)iph + iph->ihl * 4));
		break;
	}
	case __constant_htons(ETH_P_IPV6): {
		struct ipv6hdr *iph = ipv6_hdr(skb);

		if (has_ports(iph->nexthdr))
			res = ntohs(*(__be16 *)&iph[1]);
		break;
	}
	default:
		res = addr_fold(skb->sk);
	}

	return res;
}

static u32 flow_get_proto_dst(const struct sk_buff *skb)
{
	u32 res = 0;

	switch (skb->protocol) {
	case __constant_htons(ETH_P_IP): {
		struct iphdr *iph = ip_hdr(skb);

		if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
		    has_ports(iph->protocol))
			res = ntohs(*(__be16 *)((void *)iph + iph->ihl * 4 + 2));
		break;
	}
	case __constant_htons(ETH_P_IPV6): {
		struct ipv6hdr *iph = ipv6_hdr(skb);

		if (has_ports(iph->nexthdr))
			res = ntohs(*(__be16 *)((void *)&iph[1] + 2));
		break;
	}
	default:
		res = addr_fold(skb->dst) ^ (__force u16)skb->protocol;
	}

	return res;
}

static u32 flow_get_iif(const struct sk_buff *skb)
{
	return skb->iif;
}

static u32 flow_get_priority(const struct sk_buff *skb)
{
	return skb->priority;
}

static u32 flow_get_mark(const struct sk_buff *skb)
{
	return skb->mark;
}

static u32 flow_get_nfct(const struct sk_buff *skb)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
	return addr_fold(skb->nfct);
#else
	return 0;
#endif
}

#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
#define CTTUPLE(skb, member)						\
({									\
	enum ip_conntrack_info ctinfo;					\
	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);			\
	if (ct == NULL)							\
		goto fallback;						\
	ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member;			\
})
#else
#define CTTUPLE(skb, member)						\
({									\
	goto fallback;							\
	0;								\
})
#endif

static u32 flow_get_nfct_src(const struct sk_buff *skb)
{
	switch (skb->protocol) {
	case __constant_htons(ETH_P_IP):
		return ntohl(CTTUPLE(skb, src.u3.ip));
	case __constant_htons(ETH_P_IPV6):
		return ntohl(CTTUPLE(skb, src.u3.ip6[3]));
	}
fallback:
	return flow_get_src(skb);
}

static u32 flow_get_nfct_dst(const struct sk_buff *skb)
{
	switch (skb->protocol) {
	case __constant_htons(ETH_P_IP):
		return ntohl(CTTUPLE(skb, dst.u3.ip));
	case __constant_htons(ETH_P_IPV6):
		return ntohl(CTTUPLE(skb, dst.u3.ip6[3]));
	}
fallback:
	return flow_get_dst(skb);
}

static u32 flow_get_nfct_proto_src(const struct sk_buff *skb)
{
	return ntohs(CTTUPLE(skb, src.u.all));
fallback:
	return flow_get_proto_src(skb);
}

static u32 flow_get_nfct_proto_dst(const struct sk_buff *skb)
{
	return ntohs(CTTUPLE(skb, dst.u.all));
fallback:
	return flow_get_proto_dst(skb);
}

static u32 flow_get_rtclassid(const struct sk_buff *skb)
{
#ifdef CONFIG_NET_CLS_ROUTE
	if (skb->dst)
		return skb->dst->tclassid;
#endif
	return 0;
}

static u32 flow_get_skuid(const struct sk_buff *skb)
{
	if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file)
		return skb->sk->sk_socket->file->f_uid;
	return 0;
}

static u32 flow_get_skgid(const struct sk_buff *skb)
{
	if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file)
		return skb->sk->sk_socket->file->f_gid;
	return 0;
}

static u32 flow_get_vlan_tag(const struct sk_buff *skb)
{
	u16 uninitialized_var(tag);

	if (vlan_get_tag(skb, &tag) < 0)
		return 0;
	return tag & VLAN_VID_MASK;
}

static u32 flow_key_get(const struct sk_buff *skb, int key)
{
	switch (key) {
	case FLOW_KEY_SRC:
		return flow_get_src(skb);
	case FLOW_KEY_DST:
		return flow_get_dst(skb);
	case FLOW_KEY_PROTO:
		return flow_get_proto(skb);
	case FLOW_KEY_PROTO_SRC:
		return flow_get_proto_src(skb);
	case FLOW_KEY_PROTO_DST:
		return flow_get_proto_dst(skb);
	case FLOW_KEY_IIF:
		return flow_get_iif(skb);
	case FLOW_KEY_PRIORITY:
		return flow_get_priority(skb);
	case FLOW_KEY_MARK:
		return flow_get_mark(skb);
	case FLOW_KEY_NFCT:
		return flow_get_nfct(skb);
	case FLOW_KEY_NFCT_SRC:
		return flow_get_nfct_src(skb);
	case FLOW_KEY_NFCT_DST:
		return flow_get_nfct_dst(skb);
	case FLOW_KEY_NFCT_PROTO_SRC:
		return flow_get_nfct_proto_src(skb);
	case FLOW_KEY_NFCT_PROTO_DST:
		return flow_get_nfct_proto_dst(skb);
	case FLOW_KEY_RTCLASSID:
		return flow_get_rtclassid(skb);
	case FLOW_KEY_SKUID:
		return flow_get_skuid(skb);
	case FLOW_KEY_SKGID:
		return flow_get_skgid(skb);
	case FLOW_KEY_VLAN_TAG:
		return flow_get_vlan_tag(skb);
	default:
		WARN_ON(1);
		return 0;
	}
}

static int flow_classify(struct sk_buff *skb, struct tcf_proto *tp,
			 struct tcf_result *res)
{
	struct flow_head *head = tp->root;
	struct flow_filter *f;
	u32 keymask;
	u32 classid;
	unsigned int n, key;
	int r;

	list_for_each_entry(f, &head->filters, list) {
		u32 keys[f->nkeys];

		if (!tcf_em_tree_match(skb, &f->ematches, NULL))
			continue;

		keymask = f->keymask;

		for (n = 0; n < f->nkeys; n++) {
			key = ffs(keymask) - 1;
			keymask &= ~(1 << key);
			keys[n] = flow_key_get(skb, key);
		}

		if (f->mode == FLOW_MODE_HASH)
			classid = jhash2(keys, f->nkeys, flow_hashrnd);
		else {
			classid = keys[0];
			classid = (classid & f->mask) ^ f->xor;
			classid = (classid >> f->rshift) + f->addend;
		}

		if (f->divisor)
			classid %= f->divisor;

		res->class   = 0;
		res->classid = TC_H_MAKE(f->baseclass, f->baseclass + classid);

		r = tcf_exts_exec(skb, &f->exts, res);
		if (r < 0)
			continue;
		return r;
	}
	return -1;
}

static const struct nla_policy flow_policy[TCA_FLOW_MAX + 1] = {
	[TCA_FLOW_KEYS]		= { .type = NLA_U32 },
	[TCA_FLOW_MODE]		= { .type = NLA_U32 },
	[TCA_FLOW_BASECLASS]	= { .type = NLA_U32 },
	[TCA_FLOW_RSHIFT]	= { .type = NLA_U32 },
	[TCA_FLOW_ADDEND]	= { .type = NLA_U32 },
	[TCA_FLOW_MASK]		= { .type = NLA_U32 },
	[TCA_FLOW_XOR]		= { .type = NLA_U32 },
	[TCA_FLOW_DIVISOR]	= { .type = NLA_U32 },
	[TCA_FLOW_ACT]		= { .type = NLA_NESTED },
	[TCA_FLOW_POLICE]	= { .type = NLA_NESTED },
	[TCA_FLOW_EMATCHES]	= { .type = NLA_NESTED },
};

static int flow_change(struct tcf_proto *tp, unsigned long base,
		       u32 handle, struct nlattr **tca,
		       unsigned long *arg)
{
	struct flow_head *head = tp->root;
	struct flow_filter *f;
	struct nlattr *opt = tca[TCA_OPTIONS];
	struct nlattr *tb[TCA_FLOW_MAX + 1];
	struct tcf_exts e;
	struct tcf_ematch_tree t;
	unsigned int nkeys = 0;
	u32 baseclass = 0;
	u32 keymask = 0;
	u32 mode;
	int err;

	if (opt == NULL)
		return -EINVAL;

	err = nla_parse_nested(tb, TCA_FLOW_MAX, opt, flow_policy);
	if (err < 0)
		return err;

	if (tb[TCA_FLOW_BASECLASS]) {
		baseclass = nla_get_u32(tb[TCA_FLOW_BASECLASS]);
		if (TC_H_MIN(baseclass) == 0)
			return -EINVAL;
	}

	if (tb[TCA_FLOW_KEYS]) {
		keymask = nla_get_u32(tb[TCA_FLOW_KEYS]);

		nkeys = hweight32(keymask);
		if (nkeys == 0)
			return -EINVAL;

		if (fls(keymask) - 1 > FLOW_KEY_MAX)
			return -EOPNOTSUPP;
	}

	err = tcf_exts_validate(tp, tb, tca[TCA_RATE], &e, &flow_ext_map);
	if (err < 0)
		return err;

	err = tcf_em_tree_validate(tp, tb[TCA_FLOW_EMATCHES], &t);
	if (err < 0)
		goto err1;

	f = (struct flow_filter *)*arg;
	if (f != NULL) {
		err = -EINVAL;
		if (f->handle != handle && handle)
			goto err2;

		mode = f->mode;
		if (tb[TCA_FLOW_MODE])
			mode = nla_get_u32(tb[TCA_FLOW_MODE]);
		if (mode != FLOW_MODE_HASH && nkeys > 1)
			goto err2;
	} else {
		err = -EINVAL;
		if (!handle)
			goto err2;
		if (!tb[TCA_FLOW_KEYS])
			goto err2;

		mode = FLOW_MODE_MAP;
		if (tb[TCA_FLOW_MODE])
			mode = nla_get_u32(tb[TCA_FLOW_MODE]);
		if (mode != FLOW_MODE_HASH && nkeys > 1)
			goto err2;

		if (TC_H_MAJ(baseclass) == 0)
			baseclass = TC_H_MAKE(tp->q->handle, baseclass);
		if (TC_H_MIN(baseclass) == 0)
			baseclass = TC_H_MAKE(baseclass, 1);

		err = -ENOBUFS;
		f = kzalloc(sizeof(*f), GFP_KERNEL);
		if (f == NULL)
			goto err2;

		f->handle = handle;
		f->mask	  = ~0U;
	}

	tcf_exts_change(tp, &f->exts, &e);
	tcf_em_tree_change(tp, &f->ematches, &t);

	tcf_tree_lock(tp);

	if (tb[TCA_FLOW_KEYS]) {
		f->keymask = keymask;
		f->nkeys   = nkeys;
	}

	f->mode = mode;

	if (tb[TCA_FLOW_MASK])
		f->mask = nla_get_u32(tb[TCA_FLOW_MASK]);
	if (tb[TCA_FLOW_XOR])
		f->xor = nla_get_u32(tb[TCA_FLOW_XOR]);
	if (tb[TCA_FLOW_RSHIFT])
		f->rshift = nla_get_u32(tb[TCA_FLOW_RSHIFT]);
	if (tb[TCA_FLOW_ADDEND])
		f->addend = nla_get_u32(tb[TCA_FLOW_ADDEND]);

	if (tb[TCA_FLOW_DIVISOR])
		f->divisor = nla_get_u32(tb[TCA_FLOW_DIVISOR]);
	if (baseclass)
		f->baseclass = baseclass;

	if (*arg == 0)
		list_add_tail(&f->list, &head->filters);

	tcf_tree_unlock(tp);

	*arg = (unsigned long)f;
	return 0;

err2:
	tcf_em_tree_destroy(tp, &t);
err1:
	tcf_exts_destroy(tp, &e);
	return err;
}

static void flow_destroy_filter(struct tcf_proto *tp, struct flow_filter *f)
{
	tcf_exts_destroy(tp, &f->exts);
	tcf_em_tree_destroy(tp, &f->ematches);
	kfree(f);
}

static int flow_delete(struct tcf_proto *tp, unsigned long arg)
{
	struct flow_filter *f = (struct flow_filter *)arg;

	tcf_tree_lock(tp);
	list_del(&f->list);
	tcf_tree_unlock(tp);
	flow_destroy_filter(tp, f);
	return 0;
}

static int flow_init(struct tcf_proto *tp)
{
	struct flow_head *head;

	if (!flow_hashrnd_initted) {
		get_random_bytes(&flow_hashrnd, 4);
		flow_hashrnd_initted = 1;
	}

	head = kzalloc(sizeof(*head), GFP_KERNEL);
	if (head == NULL)
		return -ENOBUFS;
	INIT_LIST_HEAD(&head->filters);
	tp->root = head;
	return 0;
}

static void flow_destroy(struct tcf_proto *tp)
{
	struct flow_head *head = tp->root;
	struct flow_filter *f, *next;

	list_for_each_entry_safe(f, next, &head->filters, list) {
		list_del(&f->list);
		flow_destroy_filter(tp, f);
	}
	kfree(head);
}

static unsigned long flow_get(struct tcf_proto *tp, u32 handle)
{
	struct flow_head *head = tp->root;
	struct flow_filter *f;

	list_for_each_entry(f, &head->filters, list)
		if (f->handle == handle)
			return (unsigned long)f;
	return 0;
}

static void flow_put(struct tcf_proto *tp, unsigned long f)
{
	return;
}

static int flow_dump(struct tcf_proto *tp, unsigned long fh,
		     struct sk_buff *skb, struct tcmsg *t)
{
	struct flow_filter *f = (struct flow_filter *)fh;
	struct nlattr *nest;

	if (f == NULL)
		return skb->len;

	t->tcm_handle = f->handle;

	nest = nla_nest_start(skb, TCA_OPTIONS);
	if (nest == NULL)
		goto nla_put_failure;

	NLA_PUT_U32(skb, TCA_FLOW_KEYS, f->keymask);
	NLA_PUT_U32(skb, TCA_FLOW_MODE, f->mode);

	if (f->mask != ~0 || f->xor != 0) {
		NLA_PUT_U32(skb, TCA_FLOW_MASK, f->mask);
		NLA_PUT_U32(skb, TCA_FLOW_XOR, f->xor);
	}
	if (f->rshift)
		NLA_PUT_U32(skb, TCA_FLOW_RSHIFT, f->rshift);
	if (f->addend)
		NLA_PUT_U32(skb, TCA_FLOW_ADDEND, f->addend);

	if (f->divisor)
		NLA_PUT_U32(skb, TCA_FLOW_DIVISOR, f->divisor);
	if (f->baseclass)
		NLA_PUT_U32(skb, TCA_FLOW_BASECLASS, f->baseclass);

	if (tcf_exts_dump(skb, &f->exts, &flow_ext_map) < 0)
		goto nla_put_failure;
#ifdef CONFIG_NET_EMATCH
	if (f->ematches.hdr.nmatches &&
	    tcf_em_tree_dump(skb, &f->ematches, TCA_FLOW_EMATCHES) < 0)
		goto nla_put_failure;
#endif
	nla_nest_end(skb, nest);

	if (tcf_exts_dump_stats(skb, &f->exts, &flow_ext_map) < 0)
		goto nla_put_failure;

	return skb->len;

nla_put_failure:
	nlmsg_trim(skb, nest);
	return -1;
}

static void flow_walk(struct tcf_proto *tp, struct tcf_walker *arg)
{
	struct flow_head *head = tp->root;
	struct flow_filter *f;

	list_for_each_entry(f, &head->filters, list) {
		if (arg->count < arg->skip)
			goto skip;
		if (arg->fn(tp, (unsigned long)f, arg) < 0) {
			arg->stop = 1;
			break;
		}
skip:
		arg->count++;
	}
}

static struct tcf_proto_ops cls_flow_ops __read_mostly = {
	.kind		= "flow",
	.classify	= flow_classify,
	.init		= flow_init,
	.destroy	= flow_destroy,
	.change		= flow_change,
	.delete		= flow_delete,
	.get		= flow_get,
	.put		= flow_put,
	.dump		= flow_dump,
	.walk		= flow_walk,
	.owner		= THIS_MODULE,
};

static int __init cls_flow_init(void)
{
	return register_tcf_proto_ops(&cls_flow_ops);
}

static void __exit cls_flow_exit(void)
{
	unregister_tcf_proto_ops(&cls_flow_ops);
}

module_init(cls_flow_init);
module_exit(cls_flow_exit);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
MODULE_DESCRIPTION("TC flow classifier");
>
<a id='n326' href='#n326'>326</a>
<a id='n327' href='#n327'>327</a>
<a id='n328' href='#n328'>328</a>
<a id='n329' href='#n329'>329</a>
<a id='n330' href='#n330'>330</a>
<a id='n331' href='#n331'>331</a>
<a id='n332' href='#n332'>332</a>
<a id='n333' href='#n333'>333</a>
<a id='n334' href='#n334'>334</a>
<a id='n335' href='#n335'>335</a>
<a id='n336' href='#n336'>336</a>
<a id='n337' href='#n337'>337</a>
<a id='n338' href='#n338'>338</a>
<a id='n339' href='#n339'>339</a>
<a id='n340' href='#n340'>340</a>
<a id='n341' href='#n341'>341</a>
<a id='n342' href='#n342'>342</a>
<a id='n343' href='#n343'>343</a>
<a id='n344' href='#n344'>344</a>
<a id='n345' href='#n345'>345</a>
<a id='n346' href='#n346'>346</a>
<a id='n347' href='#n347'>347</a>
<a id='n348' href='#n348'>348</a>
<a id='n349' href='#n349'>349</a>
<a id='n350' href='#n350'>350</a>
<a id='n351' href='#n351'>351</a>
<a id='n352' href='#n352'>352</a>
<a id='n353' href='#n353'>353</a>
<a id='n354' href='#n354'>354</a>
<a id='n355' href='#n355'>355</a>
<a id='n356' href='#n356'>356</a>
<a id='n357' href='#n357'>357</a>
<a id='n358' href='#n358'>358</a>
<a id='n359' href='#n359'>359</a>
<a id='n360' href='#n360'>360</a>
<a id='n361' href='#n361'>361</a>
<a id='n362' href='#n362'>362</a>
<a id='n363' href='#n363'>363</a>
<a id='n364' href='#n364'>364</a>
<a id='n365' href='#n365'>365</a>
<a id='n366' href='#n366'>366</a>
<a id='n367' href='#n367'>367</a>
<a id='n368' href='#n368'>368</a>
<a id='n369' href='#n369'>369</a>
<a id='n370' href='#n370'>370</a>
<a id='n371' href='#n371'>371</a>
<a id='n372' href='#n372'>372</a>
<a id='n373' href='#n373'>373</a>
<a id='n374' href='#n374'>374</a>
<a id='n375' href='#n375'>375</a>
<a id='n376' href='#n376'>376</a>
<a id='n377' href='#n377'>377</a>
<a id='n378' href='#n378'>378</a>
<a id='n379' href='#n379'>379</a>
<a id='n380' href='#n380'>380</a>
<a id='n381' href='#n381'>381</a>
<a id='n382' href='#n382'>382</a>
<a id='n383' href='#n383'>383</a>
<a id='n384' href='#n384'>384</a>
<a id='n385' href='#n385'>385</a>
<a id='n386' href='#n386'>386</a>
<a id='n387' href='#n387'>387</a>
<a id='n388' href='#n388'>388</a>
<a id='n389' href='#n389'>389</a>
<a id='n390' href='#n390'>390</a>
<a id='n391' href='#n391'>391</a>
<a id='n392' href='#n392'>392</a>
<a id='n393' href='#n393'>393</a>
<a id='n394' href='#n394'>394</a>
<a id='n395' href='#n395'>395</a>
<a id='n396' href='#n396'>396</a>
<a id='n397' href='#n397'>397</a>
<a id='n398' href='#n398'>398</a>
<a id='n399' href='#n399'>399</a>
<a id='n400' href='#n400'>400</a>
<a id='n401' href='#n401'>401</a>
<a id='n402' href='#n402'>402</a>
<a id='n403' href='#n403'>403</a>
<a id='n404' href='#n404'>404</a>
<a id='n405' href='#n405'>405</a>
<a id='n406' href='#n406'>406</a>
<a id='n407' href='#n407'>407</a>
<a id='n408' href='#n408'>408</a>
<a id='n409' href='#n409'>409</a>
<a id='n410' href='#n410'>410</a>
<a id='n411' href='#n411'>411</a>
<a id='n412' href='#n412'>412</a>
<a id='n413' href='#n413'>413</a>
<a id='n414' href='#n414'>414</a>
<a id='n415' href='#n415'>415</a>
<a id='n416' href='#n416'>416</a>
<a id='n417' href='#n417'>417</a>
<a id='n418' href='#n418'>418</a>
<a id='n419' href='#n419'>419</a>
<a id='n420' href='#n420'>420</a>
<a id='n421' href='#n421'>421</a>
<a id='n422' href='#n422'>422</a>
<a id='n423' href='#n423'>423</a>
<a id='n424' href='#n424'>424</a>
<a id='n425' href='#n425'>425</a>
<a id='n426' href='#n426'>426</a>
<a id='n427' href='#n427'>427</a>
<a id='n428' href='#n428'>428</a>
<a id='n429' href='#n429'>429</a>
<a id='n430' href='#n430'>430</a>
<a id='n431' href='#n431'>431</a>
<a id='n432' href='#n432'>432</a>
<a id='n433' href='#n433'>433</a>
<a id='n434' href='#n434'>434</a>
<a id='n435' href='#n435'>435</a>
<a id='n436' href='#n436'>436</a>
<a id='n437' href='#n437'>437</a>
<a id='n438' href='#n438'>438</a>
<a id='n439' href='#n439'>439</a>
<a id='n440' href='#n440'>440</a>
<a id='n441' href='#n441'>441</a>
<a id='n442' href='#n442'>442</a>
<a id='n443' href='#n443'>443</a>
<a id='n444' href='#n444'>444</a>
<a id='n445' href='#n445'>445</a>
<a id='n446' href='#n446'>446</a>
<a id='n447' href='#n447'>447</a>
<a id='n448' href='#n448'>448</a>
<a id='n449' href='#n449'>449</a>
<a id='n450' href='#n450'>450</a>
<a id='n451' href='#n451'>451</a>
<a id='n452' href='#n452'>452</a>
<a id='n453' href='#n453'>453</a>
<a id='n454' href='#n454'>454</a>
<a id='n455' href='#n455'>455</a>
<a id='n456' href='#n456'>456</a>
<a id='n457' href='#n457'>457</a>
<a id='n458' href='#n458'>458</a>
<a id='n459' href='#n459'>459</a>
<a id='n460' href='#n460'>460</a>
<a id='n461' href='#n461'>461</a>
<a id='n462' href='#n462'>462</a>
<a id='n463' href='#n463'>463</a>
<a id='n464' href='#n464'>464</a>
<a id='n465' href='#n465'>465</a>
<a id='n466' href='#n466'>466</a>
<a id='n467' href='#n467'>467</a>
<a id='n468' href='#n468'>468</a>
<a id='n469' href='#n469'>469</a>
<a id='n470' href='#n470'>470</a>
<a id='n471' href='#n471'>471</a>
<a id='n472' href='#n472'>472</a>
<a id='n473' href='#n473'>473</a>
<a id='n474' href='#n474'>474</a>
<a id='n475' href='#n475'>475</a>
<a id='n476' href='#n476'>476</a>
<a id='n477' href='#n477'>477</a>
<a id='n478' href='#n478'>478</a>
<a id='n479' href='#n479'>479</a>
<a id='n480' href='#n480'>480</a>
<a id='n481' href='#n481'>481</a>
<a id='n482' href='#n482'>482</a>
<a id='n483' href='#n483'>483</a>
<a id='n484' href='#n484'>484</a>
<a id='n485' href='#n485'>485</a>
<a id='n486' href='#n486'>486</a>
<a id='n487' href='#n487'>487</a>
<a id='n488' href='#n488'>488</a>
<a id='n489' href='#n489'>489</a>
<a id='n490' href='#n490'>490</a>
<a id='n491' href='#n491'>491</a>
<a id='n492' href='#n492'>492</a>
<a id='n493' href='#n493'>493</a>
<a id='n494' href='#n494'>494</a>
<a id='n495' href='#n495'>495</a>
<a id='n496' href='#n496'>496</a>
<a id='n497' href='#n497'>497</a>
<a id='n498' href='#n498'>498</a>
<a id='n499' href='#n499'>499</a>
<a id='n500' href='#n500'>500</a>
<a id='n501' href='#n501'>501</a>
<a id='n502' href='#n502'>502</a>
<a id='n503' href='#n503'>503</a>
<a id='n504' href='#n504'>504</a>
<a id='n505' href='#n505'>505</a>
<a id='n506' href='#n506'>506</a>
<a id='n507' href='#n507'>507</a>
<a id='n508' href='#n508'>508</a>
<a id='n509' href='#n509'>509</a>
<a id='n510' href='#n510'>510</a>
<a id='n511' href='#n511'>511</a>
<a id='n512' href='#n512'>512</a>
<a id='n513' href='#n513'>513</a>
<a id='n514' href='#n514'>514</a>
<a id='n515' href='#n515'>515</a>
<a id='n516' href='#n516'>516</a>
<a id='n517' href='#n517'>517</a>
<a id='n518' href='#n518'>518</a>
<a id='n519' href='#n519'>519</a>
<a id='n520' href='#n520'>520</a>
<a id='n521' href='#n521'>521</a>
<a id='n522' href='#n522'>522</a>
<a id='n523' href='#n523'>523</a>
<a id='n524' href='#n524'>524</a>
<a id='n525' href='#n525'>525</a>
<a id='n526' href='#n526'>526</a>
<a id='n527' href='#n527'>527</a>
<a id='n528' href='#n528'>528</a>
<a id='n529' href='#n529'>529</a>
<a id='n530' href='#n530'>530</a>
<a id='n531' href='#n531'>531</a>
<a id='n532' href='#n532'>532</a>
<a id='n533' href='#n533'>533</a>
<a id='n534' href='#n534'>534</a>
<a id='n535' href='#n535'>535</a>
<a id='n536' href='#n536'>536</a>
<a id='n537' href='#n537'>537</a>
<a id='n538' href='#n538'>538</a>
<a id='n539' href='#n539'>539</a>
<a id='n540' href='#n540'>540</a>
<a id='n541' href='#n541'>541</a>
<a id='n542' href='#n542'>542</a>
<a id='n543' href='#n543'>543</a>
<a id='n544' href='#n544'>544</a>
<a id='n545' href='#n545'>545</a>
<a id='n546' href='#n546'>546</a>
<a id='n547' href='#n547'>547</a>
<a id='n548' href='#n548'>548</a>
<a id='n549' href='#n549'>549</a>
<a id='n550' href='#n550'>550</a>
<a id='n551' href='#n551'>551</a>
<a id='n552' href='#n552'>552</a>
<a id='n553' href='#n553'>553</a>
<a id='n554' href='#n554'>554</a>
<a id='n555' href='#n555'>555</a>
<a id='n556' href='#n556'>556</a>
<a id='n557' href='#n557'>557</a>
<a id='n558' href='#n558'>558</a>
<a id='n559' href='#n559'>559</a>
<a id='n560' href='#n560'>560</a>
<a id='n561' href='#n561'>561</a>
<a id='n562' href='#n562'>562</a>
<a id='n563' href='#n563'>563</a>
<a id='n564' href='#n564'>564</a>
<a id='n565' href='#n565'>565</a>
<a id='n566' href='#n566'>566</a>
<a id='n567' href='#n567'>567</a>
<a id='n568' href='#n568'>568</a>
<a id='n569' href='#n569'>569</a>
<a id='n570' href='#n570'>570</a>
<a id='n571' href='#n571'>571</a>
<a id='n572' href='#n572'>572</a>
<a id='n573' href='#n573'>573</a>
<a id='n574' href='#n574'>574</a>
<a id='n575' href='#n575'>575</a>
<a id='n576' href='#n576'>576</a>
<a id='n577' href='#n577'>577</a>
<a id='n578' href='#n578'>578</a>
<a id='n579' href='#n579'>579</a>
<a id='n580' href='#n580'>580</a>
<a id='n581' href='#n581'>581</a>
<a id='n582' href='#n582'>582</a>
<a id='n583' href='#n583'>583</a>
<a id='n584' href='#n584'>584</a>
<a id='n585' href='#n585'>585</a>
<a id='n586' href='#n586'>586</a>
<a id='n587' href='#n587'>587</a>
<a id='n588' href='#n588'>588</a>
<a id='n589' href='#n589'>589</a>
<a id='n590' href='#n590'>590</a>
<a id='n591' href='#n591'>591</a>
<a id='n592' href='#n592'>592</a>
<a id='n593' href='#n593'>593</a>
<a id='n594' href='#n594'>594</a>
<a id='n595' href='#n595'>595</a>
<a id='n596' href='#n596'>596</a>
<a id='n597' href='#n597'>597</a>
<a id='n598' href='#n598'>598</a>
<a id='n599' href='#n599'>599</a>
<a id='n600' href='#n600'>600</a>
<a id='n601' href='#n601'>601</a>
<a id='n602' href='#n602'>602</a>
<a id='n603' href='#n603'>603</a>
<a id='n604' href='#n604'>604</a>
<a id='n605' href='#n605'>605</a>
<a id='n606' href='#n606'>606</a>
<a id='n607' href='#n607'>607</a>
<a id='n608' href='#n608'>608</a>
<a id='n609' href='#n609'>609</a>
<a id='n610' href='#n610'>610</a>
<a id='n611' href='#n611'>611</a>
<a id='n612' href='#n612'>612</a>
<a id='n613' href='#n613'>613</a>
<a id='n614' href='#n614'>614</a>
<a id='n615' href='#n615'>615</a>
<a id='n616' href='#n616'>616</a>
<a id='n617' href='#n617'>617</a>
<a id='n618' href='#n618'>618</a>
<a id='n619' href='#n619'>619</a>
<a id='n620' href='#n620'>620</a>
<a id='n621' href='#n621'>621</a>
<a id='n622' href='#n622'>622</a>
<a id='n623' href='#n623'>623</a>
<a id='n624' href='#n624'>624</a>
<a id='n625' href='#n625'>625</a>
<a id='n626' href='#n626'>626</a>
<a id='n627' href='#n627'>627</a>
<a id='n628' href='#n628'>628</a>
<a id='n629' href='#n629'>629</a>
<a id='n630' href='#n630'>630</a>
<a id='n631' href='#n631'>631</a>
<a id='n632' href='#n632'>632</a>
<a id='n633' href='#n633'>633</a>
<a id='n634' href='#n634'>634</a>
<a id='n635' href='#n635'>635</a>
<a id='n636' href='#n636'>636</a>
<a id='n637' href='#n637'>637</a>
<a id='n638' href='#n638'>638</a>
<a id='n639' href='#n639'>639</a>
<a id='n640' href='#n640'>640</a>
<a id='n641' href='#n641'>641</a>
<a id='n642' href='#n642'>642</a>
<a id='n643' href='#n643'>643</a>
<a id='n644' href='#n644'>644</a>
<a id='n645' href='#n645'>645</a>
<a id='n646' href='#n646'>646</a>
<a id='n647' href='#n647'>647</a>
<a id='n648' href='#n648'>648</a>
<a id='n649' href='#n649'>649</a>
<a id='n650' href='#n650'>650</a>
<a id='n651' href='#n651'>651</a>
<a id='n652' href='#n652'>652</a>
<a id='n653' href='#n653'>653</a>
<a id='n654' href='#n654'>654</a>
<a id='n655' href='#n655'>655</a>
<a id='n656' href='#n656'>656</a>
<a id='n657' href='#n657'>657</a>
<a id='n658' href='#n658'>658</a>
<a id='n659' href='#n659'>659</a>
<a id='n660' href='#n660'>660</a>
<a id='n661' href='#n661'>661</a>
<a id='n662' href='#n662'>662</a>
<a id='n663' href='#n663'>663</a>
<a id='n664' href='#n664'>664</a>
<a id='n665' href='#n665'>665</a>
<a id='n666' href='#n666'>666</a>
<a id='n667' href='#n667'>667</a>
<a id='n668' href='#n668'>668</a>
<a id='n669' href='#n669'>669</a>
<a id='n670' href='#n670'>670</a>
<a id='n671' href='#n671'>671</a>
<a id='n672' href='#n672'>672</a>
<a id='n673' href='#n673'>673</a>
<a id='n674' href='#n674'>674</a>
<a id='n675' href='#n675'>675</a>
<a id='n676' href='#n676'>676</a>
<a id='n677' href='#n677'>677</a>
<a id='n678' href='#n678'>678</a>
<a id='n679' href='#n679'>679</a>
<a id='n680' href='#n680'>680</a>
<a id='n681' href='#n681'>681</a>
<a id='n682' href='#n682'>682</a>
<a id='n683' href='#n683'>683</a>
<a id='n684' href='#n684'>684</a>
<a id='n685' href='#n685'>685</a>
<a id='n686' href='#n686'>686</a>
<a id='n687' href='#n687'>687</a>
<a id='n688' href='#n688'>688</a>
<a id='n689' href='#n689'>689</a>
<a id='n690' href='#n690'>690</a>
<a id='n691' href='#n691'>691</a>
<a id='n692' href='#n692'>692</a>
<a id='n693' href='#n693'>693</a>
<a id='n694' href='#n694'>694</a>
<a id='n695' href='#n695'>695</a>
<a id='n696' href='#n696'>696</a>
<a id='n697' href='#n697'>697</a>
<a id='n698' href='#n698'>698</a>
<a id='n699' href='#n699'>699</a>
<a id='n700' href='#n700'>700</a>
<a id='n701' href='#n701'>701</a>
<a id='n702' href='#n702'>702</a>
<a id='n703' href='#n703'>703</a>
<a id='n704' href='#n704'>704</a>
<a id='n705' href='#n705'>705</a>
<a id='n706' href='#n706'>706</a>
<a id='n707' href='#n707'>707</a>
<a id='n708' href='#n708'>708</a>
<a id='n709' href='#n709'>709</a>
<a id='n710' href='#n710'>710</a>
<a id='n711' href='#n711'>711</a>
<a id='n712' href='#n712'>712</a>
<a id='n713' href='#n713'>713</a>
<a id='n714' href='#n714'>714</a>
<a id='n715' href='#n715'>715</a>
<a id='n716' href='#n716'>716</a>
<a id='n717' href='#n717'>717</a>
<a id='n718' href='#n718'>718</a>
<a id='n719' href='#n719'>719</a>
<a id='n720' href='#n720'>720</a>
<a id='n721' href='#n721'>721</a>
<a id='n722' href='#n722'>722</a>
<a id='n723' href='#n723'>723</a>
<a id='n724' href='#n724'>724</a>
<a id='n725' href='#n725'>725</a>
<a id='n726' href='#n726'>726</a>
<a id='n727' href='#n727'>727</a>
<a id='n728' href='#n728'>728</a>
<a id='n729' href='#n729'>729</a>
<a id='n730' href='#n730'>730</a>
<a id='n731' href='#n731'>731</a>
<a id='n732' href='#n732'>732</a>
<a id='n733' href='#n733'>733</a>
<a id='n734' href='#n734'>734</a>
<a id='n735' href='#n735'>735</a>
<a id='n736' href='#n736'>736</a>
<a id='n737' href='#n737'>737</a>
<a id='n738' href='#n738'>738</a>
<a id='n739' href='#n739'>739</a>
<a id='n740' href='#n740'>740</a>
<a id='n741' href='#n741'>741</a>
<a id='n742' href='#n742'>742</a>
<a id='n743' href='#n743'>743</a>
<a id='n744' href='#n744'>744</a>
<a id='n745' href='#n745'>745</a>
<a id='n746' href='#n746'>746</a>
<a id='n747' href='#n747'>747</a>
<a id='n748' href='#n748'>748</a>
<a id='n749' href='#n749'>749</a>
<a id='n750' href='#n750'>750</a>
<a id='n751' href='#n751'>751</a>
<a id='n752' href='#n752'>752</a>
<a id='n753' href='#n753'>753</a>
<a id='n754' href='#n754'>754</a>
<a id='n755' href='#n755'>755</a>
<a id='n756' href='#n756'>756</a>
<a id='n757' href='#n757'>757</a>
<a id='n758' href='#n758'>758</a>
<a id='n759' href='#n759'>759</a>
<a id='n760' href='#n760'>760</a>
<a id='n761' href='#n761'>761</a>
<a id='n762' href='#n762'>762</a>
<a id='n763' href='#n763'>763</a>
<a id='n764' href='#n764'>764</a>
<a id='n765' href='#n765'>765</a>
<a id='n766' href='#n766'>766</a>
<a id='n767' href='#n767'>767</a>
<a id='n768' href='#n768'>768</a>
<a id='n769' href='#n769'>769</a>
<a id='n770' href='#n770'>770</a>
<a id='n771' href='#n771'>771</a>
<a id='n772' href='#n772'>772</a>
<a id='n773' href='#n773'>773</a>
<a id='n774' href='#n774'>774</a>
<a id='n775' href='#n775'>775</a>
<a id='n776' href='#n776'>776</a>
<a id='n777' href='#n777'>777</a>
<a id='n778' href='#n778'>778</a>
<a id='n779' href='#n779'>779</a>
<a id='n780' href='#n780'>780</a>
<a id='n781' href='#n781'>781</a>
<a id='n782' href='#n782'>782</a>
<a id='n783' href='#n783'>783</a>
<a id='n784' href='#n784'>784</a>
<a id='n785' href='#n785'>785</a>
<a id='n786' href='#n786'>786</a>
<a id='n787' href='#n787'>787</a>
<a id='n788' href='#n788'>788</a>
<a id='n789' href='#n789'>789</a>
<a id='n790' href='#n790'>790</a>
<a id='n791' href='#n791'>791</a>
<a id='n792' href='#n792'>792</a>
<a id='n793' href='#n793'>793</a>
<a id='n794' href='#n794'>794</a>
<a id='n795' href='#n795'>795</a>
<a id='n796' href='#n796'>796</a>
<a id='n797' href='#n797'>797</a>
<a id='n798' href='#n798'>798</a>
<a id='n799' href='#n799'>799</a>
<a id='n800' href='#n800'>800</a>
<a id='n801' href='#n801'>801</a>
<a id='n802' href='#n802'>802</a>
<a id='n803' href='#n803'>803</a>
<a id='n804' href='#n804'>804</a>
<a id='n805' href='#n805'>805</a>
<a id='n806' href='#n806'>806</a>
<a id='n807' href='#n807'>807</a>
<a id='n808' href='#n808'>808</a>
<a id='n809' href='#n809'>809</a>
<a id='n810' href='#n810'>810</a>
<a id='n811' href='#n811'>811</a>
<a id='n812' href='#n812'>812</a>
<a id='n813' href='#n813'>813</a>
<a id='n814' href='#n814'>814</a>
<a id='n815' href='#n815'>815</a>
<a id='n816' href='#n816'>816</a>
<a id='n817' href='#n817'>817</a>
<a id='n818' href='#n818'>818</a>
<a id='n819' href='#n819'>819</a>
<a id='n820' href='#n820'>820</a>
<a id='n821' href='#n821'>821</a>
<a id='n822' href='#n822'>822</a>
<a id='n823' href='#n823'>823</a>
<a id='n824' href='#n824'>824</a>
<a id='n825' href='#n825'>825</a>
<a id='n826' href='#n826'>826</a>
<a id='n827' href='#n827'>827</a>
<a id='n828' href='#n828'>828</a>
<a id='n829' href='#n829'>829</a>
<a id='n830' href='#n830'>830</a>
<a id='n831' href='#n831'>831</a>
<a id='n832' href='#n832'>832</a>
<a id='n833' href='#n833'>833</a>
<a id='n834' href='#n834'>834</a>
<a id='n835' href='#n835'>835</a>
<a id='n836' href='#n836'>836</a>
<a id='n837' href='#n837'>837</a>
<a id='n838' href='#n838'>838</a>
<a id='n839' href='#n839'>839</a>
<a id='n840' href='#n840'>840</a>
<a id='n841' href='#n841'>841</a>
<a id='n842' href='#n842'>842</a>
<a id='n843' href='#n843'>843</a>
<a id='n844' href='#n844'>844</a>
<a id='n845' href='#n845'>845</a>
<a id='n846' href='#n846'>846</a>
<a id='n847' href='#n847'>847</a>
<a id='n848' href='#n848'>848</a>
<a id='n849' href='#n849'>849</a>
<a id='n850' href='#n850'>850</a>
<a id='n851' href='#n851'>851</a>
<a id='n852' href='#n852'>852</a>
<a id='n853' href='#n853'>853</a>
<a id='n854' href='#n854'>854</a>
<a id='n855' href='#n855'>855</a>
<a id='n856' href='#n856'>856</a>
<a id='n857' href='#n857'>857</a>
<a id='n858' href='#n858'>858</a>
<a id='n859' href='#n859'>859</a>
</pre></td>
<td class='lines'><pre><code><span class="hl slc">#!/usr/bin/env python</span>

<span class="hl slc"># Unix SMB/CIFS implementation.</span>
<span class="hl slc"># Copyright (C) Jelmer Vernooij &lt;jelmer&#64;samba.org&gt; 2007-2010</span>
<span class="hl slc"># Copyright (C) Matthias Dieter Wallnoefer 2009</span>
<span class="hl slc">#</span>
<span class="hl slc"># Based on the original in EJS:</span>
<span class="hl slc"># Copyright (C) Andrew Tridgell &lt;tridge&#64;samba.org&gt; 2005</span>
<span class="hl slc"># Copyright (C) Giampaolo Lauria &lt;lauria2&#64;yahoo.com&gt; 2011</span>
<span class="hl slc">#</span>
<span class="hl slc"># This program is free software; you can redistribute it and/or modify</span>
<span class="hl slc"># it under the terms of the GNU General Public License as published by</span>
<span class="hl slc"># the Free Software Foundation; either version 3 of the License, or</span>
<span class="hl slc"># (at your option) any later version.</span>
<span class="hl slc">#</span>
<span class="hl slc"># This program is distributed in the hope that it will be useful,</span>
<span class="hl slc"># but WITHOUT ANY WARRANTY; without even the implied warranty of</span>
<span class="hl slc"># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the</span>
<span class="hl slc"># GNU General Public License for more details.</span>
<span class="hl slc">#</span>
<span class="hl slc"># You should have received a copy of the GNU General Public License</span>
<span class="hl slc"># along with this program.  If not, see &lt;http://www.gnu.org/licenses/&gt;.</span>
<span class="hl slc">#</span>

<span class="hl str">&quot;&quot;&quot;Convenience functions for using the SAM.&quot;&quot;&quot;</span>

<span class="hl kwa">import</span> samba
<span class="hl kwa">import</span> ldb
<span class="hl kwa">import</span> time
<span class="hl kwa">import</span> base64
<span class="hl kwa">import</span> os
<span class="hl kwa">from</span> samba <span class="hl kwa">import</span> dsdb
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>ndr <span class="hl kwa">import</span> ndr_unpack<span class="hl opt">,</span> ndr_pack
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>dcerpc <span class="hl kwa">import</span> drsblobs<span class="hl opt">,</span> misc
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>common <span class="hl kwa">import</span> normalise_int32

__docformat__ <span class="hl opt">=</span> <span class="hl str">&quot;restructuredText&quot;</span>


<span class="hl kwa">class</span> <span class="hl kwd">SamDB</span><span class="hl opt">(</span>samba<span class="hl opt">.</span>Ldb<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;The SAM database.&quot;&quot;&quot;</span>

    hash_oid_name <span class="hl opt">= {}</span>

    <span class="hl kwa">def</span> <span class="hl kwd">__init__</span><span class="hl opt">(</span>self<span class="hl opt">,</span> url<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> lp<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> modules_dir<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> session_info<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                 credentials<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> flags<span class="hl opt">=</span><span class="hl num">0</span><span class="hl opt">,</span> options<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> global_schema<span class="hl opt">=</span><span class="hl kwa">True</span><span class="hl opt">,</span>
                 auto_connect<span class="hl opt">=</span><span class="hl kwa">True</span><span class="hl opt">,</span> am_rodc<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">):</span>
        self<span class="hl opt">.</span>lp <span class="hl opt">=</span> lp
        <span class="hl kwa">if not</span> auto_connect<span class="hl opt">:</span>
            url <span class="hl opt">=</span> <span class="hl kwa">None</span>
        <span class="hl kwa">elif</span> url <span class="hl kwa">is None and</span> lp <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            url <span class="hl opt">=</span> lp<span class="hl opt">.</span><span class="hl kwd">samdb_url</span><span class="hl opt">()</span>

        self<span class="hl opt">.</span>url <span class="hl opt">=</span> url

        <span class="hl kwb">super</span><span class="hl opt">(</span>SamDB<span class="hl opt">,</span> self<span class="hl opt">)</span><span class="hl num">.__</span>init<span class="hl num">__</span><span class="hl opt">(</span>url<span class="hl opt">=</span>url<span class="hl opt">,</span> lp<span class="hl opt">=</span>lp<span class="hl opt">,</span> modules_dir<span class="hl opt">=</span>modules_dir<span class="hl opt">,</span>
            session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span> credentials<span class="hl opt">=</span>credentials<span class="hl opt">,</span> flags<span class="hl opt">=</span>flags<span class="hl opt">,</span>
            options<span class="hl opt">=</span>options<span class="hl opt">)</span>

        <span class="hl kwa">if</span> global_schema<span class="hl opt">:</span>
            dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>set<span class="hl num">_</span>global<span class="hl num">_</span>schema<span class="hl opt">(</span>self<span class="hl opt">)</span>

        <span class="hl kwa">if</span> am_rodc <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>set<span class="hl num">_</span>am<span class="hl num">_</span>rodc<span class="hl opt">(</span>self<span class="hl opt">,</span> am_rodc<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">connect</span><span class="hl opt">(</span>self<span class="hl opt">,</span> url<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> flags<span class="hl opt">=</span><span class="hl num">0</span><span class="hl opt">,</span> options<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;connect to the database&#39;&#39;&#39;</span>
        <span class="hl kwa">if</span> self<span class="hl opt">.</span>lp <span class="hl kwa">is not None and not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>url<span class="hl opt">):</span>
            url <span class="hl opt">=</span> self<span class="hl opt">.</span>lp<span class="hl opt">.</span><span class="hl kwd">private_path</span><span class="hl opt">(</span>url<span class="hl opt">)</span>
        self<span class="hl opt">.</span>url <span class="hl opt">=</span> url

        <span class="hl kwb">super</span><span class="hl opt">(</span>SamDB<span class="hl opt">,</span> self<span class="hl opt">).</span><span class="hl kwd">connect</span><span class="hl opt">(</span>url<span class="hl opt">=</span>url<span class="hl opt">,</span> flags<span class="hl opt">=</span>flags<span class="hl opt">,</span>
                options<span class="hl opt">=</span>options<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">am_rodc</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;return True if we are an RODC&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>am<span class="hl num">_</span>rodc<span class="hl opt">(</span>self<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">am_pdc</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;return True if we are an PDC emulator&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>am<span class="hl num">_</span>pdc<span class="hl opt">(</span>self<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">domain_dn</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;return the domain DN&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> <span class="hl kwb">str</span><span class="hl opt">(</span>self<span class="hl opt">.</span><span class="hl kwd">get_default_basedn</span><span class="hl opt">())</span>

    <span class="hl kwa">def</span> <span class="hl kwd">disable_account</span><span class="hl opt">(</span>self<span class="hl opt">,</span> search_filter<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Disables an account</span>
<span class="hl str"></span>
<span class="hl str">        :param search_filter: LDAP filter to find the user (eg</span>
<span class="hl str">            samccountname=name)</span>
<span class="hl str">        &quot;&quot;&quot;</span>

        flags <span class="hl opt">=</span> samba<span class="hl opt">.</span>dsdb<span class="hl opt">.</span>UF_ACCOUNTDISABLE
        self<span class="hl opt">.</span><span class="hl kwd">toggle_userAccountFlags</span><span class="hl opt">(</span>search_filter<span class="hl opt">,</span> flags<span class="hl opt">,</span> on<span class="hl opt">=</span><span class="hl kwa">True</span><span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">enable_account</span><span class="hl opt">(</span>self<span class="hl opt">,</span> search_filter<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Enables an account</span>
<span class="hl str"></span>
<span class="hl str">        :param search_filter: LDAP filter to find the user (eg</span>
<span class="hl str">            samccountname=name)</span>
<span class="hl str">        &quot;&quot;&quot;</span>

        flags <span class="hl opt">=</span> samba<span class="hl opt">.</span>dsdb<span class="hl opt">.</span>UF_ACCOUNTDISABLE | samba<span class="hl opt">.</span>dsdb<span class="hl opt">.</span>UF_PASSWD_NOTREQD
        self<span class="hl opt">.</span><span class="hl kwd">toggle_userAccountFlags</span><span class="hl opt">(</span>search_filter<span class="hl opt">,</span> flags<span class="hl opt">,</span> on<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">toggle_userAccountFlags</span><span class="hl opt">(</span>self<span class="hl opt">,</span> search_filter<span class="hl opt">,</span> flags<span class="hl opt">,</span> flags_str<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                                on<span class="hl opt">=</span><span class="hl kwa">True</span><span class="hl opt">,</span> strict<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;toggle_userAccountFlags</span>
<span class="hl str"></span>
<span class="hl str">        :param search_filter: LDAP filter to find the user (eg</span>
<span class="hl str">            samccountname=name)</span>
<span class="hl str">        :flags: samba.dsdb.UF_* flags</span>
<span class="hl str">        :on: on=True (default) =&gt; set, on=False =&gt; unset</span>
<span class="hl str">        :strict: strict=False (default) ignore if no action is needed</span>
<span class="hl str">                 strict=True raises an Exception if...</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                          expression<span class="hl opt">=</span>search_filter<span class="hl opt">,</span> attrs<span class="hl opt">=[</span><span class="hl str">&quot;userAccountControl&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&quot;Unable to find account where &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39;&quot;</span> <span class="hl opt">%</span> search_filter<span class="hl opt">)</span>
        <span class="hl kwa">assert</span><span class="hl opt">(</span><span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">1</span><span class="hl opt">)</span>
        account_dn <span class="hl opt">=</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn

        old_uac <span class="hl opt">=</span> <span class="hl kwb">int</span><span class="hl opt">(</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;userAccountControl&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">])</span>
        <span class="hl kwa">if</span> on<span class="hl opt">:</span>
            <span class="hl kwa">if</span> strict <span class="hl kwa">and</span> <span class="hl opt">(</span>old_uac <span class="hl opt">&amp;</span> flags<span class="hl opt">):</span>
                error <span class="hl opt">=</span> <span class="hl str">&quot;Account flag(s) &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39; already set&quot;</span> <span class="hl opt">%</span> flags_str
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span>error<span class="hl opt">)</span>

            new_uac <span class="hl opt">=</span> old_uac | flags
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            <span class="hl kwa">if</span> strict <span class="hl kwa">and not</span> <span class="hl opt">(</span>old_uac <span class="hl opt">&amp;</span> flags<span class="hl opt">):</span>
                error <span class="hl opt">=</span> <span class="hl str">&quot;Account flag(s) &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39; already unset&quot;</span> <span class="hl opt">%</span> flags_str
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span>error<span class="hl opt">)</span>

            new_uac <span class="hl opt">=</span> old_uac <span class="hl opt">&amp;</span> ~flags

        <span class="hl kwa">if</span> old_uac <span class="hl opt">==</span> new_uac<span class="hl opt">:</span>
            <span class="hl kwa">return</span>

        mod <span class="hl opt">=</span> <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">dn:</span> <span class="hl ipl">%s</span>
<span class="hl str">changetype: modify</span>
<span class="hl str">delete: userAccountControl</span>
<span class="hl str">userAccountControl:</span> <span class="hl ipl">%u</span>
<span class="hl str">add: userAccountControl</span>
<span class="hl str">userAccountControl:</span> <span class="hl ipl">%u</span>
<span class="hl str">&quot;&quot;&quot;</span> <span class="hl opt">% (</span>account_dn<span class="hl opt">,</span> old_uac<span class="hl opt">,</span> new_uac<span class="hl opt">)</span>
        self<span class="hl opt">.</span><span class="hl kwd">modify_ldif</span><span class="hl opt">(</span>mod<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">force_password_change_at_next_login</span><span class="hl opt">(</span>self<span class="hl opt">,</span> search_filter<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Forces a password change at next login</span>
<span class="hl str"></span>
<span class="hl str">        :param search_filter: LDAP filter to find the user (eg</span>
<span class="hl str">            samccountname=name)</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                          expression<span class="hl opt">=</span>search_filter<span class="hl opt">,</span> attrs<span class="hl opt">=[])</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&#39;Unable to find user &quot;</span><span class="hl ipl">%s</span><span class="hl str">&quot;&#39;</span> <span class="hl opt">%</span> search_filter<span class="hl opt">)</span>
        <span class="hl kwa">assert</span><span class="hl opt">(</span><span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">1</span><span class="hl opt">)</span>
        user_dn <span class="hl opt">=</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn

        mod <span class="hl opt">=</span> <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">dn:</span> <span class="hl ipl">%s</span>
<span class="hl str">changetype: modify</span>
<span class="hl str">replace: pwdLastSet</span>
<span class="hl str">pwdLastSet: 0</span>
<span class="hl str">&quot;&quot;&quot;</span> <span class="hl opt">% (</span>user_dn<span class="hl opt">)</span>
        self<span class="hl opt">.</span><span class="hl kwd">modify_ldif</span><span class="hl opt">(</span>mod<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">newgroup</span><span class="hl opt">(</span>self<span class="hl opt">,</span> groupname<span class="hl opt">,</span> groupou<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> grouptype<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                 description<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> mailaddress<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> notes<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> sd<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Adds a new group with additional parameters</span>
<span class="hl str"></span>
<span class="hl str">        :param groupname: Name of the new group</span>
<span class="hl str">        :param grouptype: Type of the new group</span>
<span class="hl str">        :param description: Description of the new group</span>
<span class="hl str">        :param mailaddress: Email address of the new group</span>
<span class="hl str">        :param notes: Notes of the new group</span>
<span class="hl str">        :param sd: security descriptor of the object</span>
<span class="hl str">        &quot;&quot;&quot;</span>

        group_dn <span class="hl opt">=</span> <span class="hl str">&quot;CN=</span><span class="hl ipl">%s</span><span class="hl str">,</span><span class="hl ipl">%s</span><span class="hl str">,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">% (</span>groupname<span class="hl opt">, (</span>groupou <span class="hl kwa">or</span> <span class="hl str">&quot;CN=Users&quot;</span><span class="hl opt">),</span> self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">())</span>

        <span class="hl slc"># The new user record. Note the reliance on the SAMLDB module which</span>
        <span class="hl slc"># fills in the default informations</span>
        ldbmessage <span class="hl opt">= {</span><span class="hl str">&quot;dn&quot;</span><span class="hl opt">:</span> group_dn<span class="hl opt">,</span>
            <span class="hl str">&quot;sAMAccountName&quot;</span><span class="hl opt">:</span> groupname<span class="hl opt">,</span>
            <span class="hl str">&quot;objectClass&quot;</span><span class="hl opt">:</span> <span class="hl str">&quot;group&quot;</span><span class="hl opt">}</span>

        <span class="hl kwa">if</span> grouptype <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;groupType&quot;</span><span class="hl opt">] =</span> <span class="hl kwd">normalise_int32</span><span class="hl opt">(</span>grouptype<span class="hl opt">)</span>

        <span class="hl kwa">if</span> description <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;description&quot;</span><span class="hl opt">] =</span> description

        <span class="hl kwa">if</span> mailaddress <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;mail&quot;</span><span class="hl opt">] =</span> mailaddress

        <span class="hl kwa">if</span> notes <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;info&quot;</span><span class="hl opt">] =</span> notes

        <span class="hl kwa">if</span> sd <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;nTSecurityDescriptor&quot;</span><span class="hl opt">] =</span> <span class="hl kwd">ndr_pack</span><span class="hl opt">(</span>sd<span class="hl opt">)</span>

        self<span class="hl opt">.</span><span class="hl kwd">add</span><span class="hl opt">(</span>ldbmessage<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">deletegroup</span><span class="hl opt">(</span>self<span class="hl opt">,</span> groupname<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Deletes a group</span>
<span class="hl str"></span>
<span class="hl str">        :param groupname: Name of the target group</span>
<span class="hl str">        &quot;&quot;&quot;</span>

        groupfilter <span class="hl opt">=</span> <span class="hl str">&quot;(&amp;(sAMAccountName=</span><span class="hl ipl">%s</span><span class="hl str">)(objectCategory=</span><span class="hl ipl">%s</span><span class="hl str">,</span><span class="hl ipl">%s</span><span class="hl str">))&quot;</span> <span class="hl opt">% (</span>ldb<span class="hl opt">.</span><span class="hl kwd">binary_encode</span><span class="hl opt">(</span>groupname<span class="hl opt">),</span> <span class="hl str">&quot;CN=Group,CN=Schema,CN=Configuration&quot;</span><span class="hl opt">,</span> self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">())</span>
        self<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            targetgroup <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                               expression<span class="hl opt">=</span>groupfilter<span class="hl opt">,</span> attrs<span class="hl opt">=[])</span>
            <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>targetgroup<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&#39;Unable to find group &quot;</span><span class="hl ipl">%s</span><span class="hl str">&quot;&#39;</span> <span class="hl opt">%</span> groupname<span class="hl opt">)</span>
            <span class="hl kwa">assert</span><span class="hl opt">(</span><span class="hl kwb">len</span><span class="hl opt">(</span>targetgroup<span class="hl opt">) ==</span> <span class="hl num">1</span><span class="hl opt">)</span>
            self<span class="hl opt">.</span><span class="hl kwd">delete</span><span class="hl opt">(</span>targetgroup<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn<span class="hl opt">)</span>
        <span class="hl kwa">except</span> <span class="hl kwc">Exception</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
            <span class="hl kwa">raise</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>

    <span class="hl kwa">def</span> <span class="hl kwd">add_remove_group_members</span><span class="hl opt">(</span>self<span class="hl opt">,</span> groupname<span class="hl opt">,</span> listofmembers<span class="hl opt">,</span>
                                  add_members_operation<span class="hl opt">=</span><span class="hl kwa">True</span><span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Adds or removes group members</span>
<span class="hl str"></span>
<span class="hl str">        :param groupname: Name of the target group</span>
<span class="hl str">        :param listofmembers: Comma-separated list of group members</span>
<span class="hl str">        :param add_members_operation: Defines if its an add or remove</span>
<span class="hl str">            operation</span>
<span class="hl str">        &quot;&quot;&quot;</span>

        groupfilter <span class="hl opt">=</span> <span class="hl str">&quot;(&amp;(sAMAccountName=</span><span class="hl ipl">%s</span><span class="hl str">)(objectCategory=</span><span class="hl ipl">%s</span><span class="hl str">,</span><span class="hl ipl">%s</span><span class="hl str">))&quot;</span> <span class="hl opt">% (</span>
            ldb<span class="hl opt">.</span><span class="hl kwd">binary_encode</span><span class="hl opt">(</span>groupname<span class="hl opt">),</span> <span class="hl str">&quot;CN=Group,CN=Schema,CN=Configuration&quot;</span><span class="hl opt">,</span> self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">())</span>
        groupmembers <span class="hl opt">=</span> listofmembers<span class="hl opt">.</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl str">&#39;,&#39;</span><span class="hl opt">)</span>

        self<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            targetgroup <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                               expression<span class="hl opt">=</span>groupfilter<span class="hl opt">,</span> attrs<span class="hl opt">=[</span><span class="hl str">&#39;member&#39;</span><span class="hl opt">])</span>
            <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>targetgroup<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&#39;Unable to find group &quot;</span><span class="hl ipl">%s</span><span class="hl str">&quot;&#39;</span> <span class="hl opt">%</span> groupname<span class="hl opt">)</span>
            <span class="hl kwa">assert</span><span class="hl opt">(</span><span class="hl kwb">len</span><span class="hl opt">(</span>targetgroup<span class="hl opt">) ==</span> <span class="hl num">1</span><span class="hl opt">)</span>

            modified <span class="hl opt">=</span> <span class="hl kwa">False</span>

            addtargettogroup <span class="hl opt">=</span> <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">dn:</span> <span class="hl ipl">%s</span>
<span class="hl str">changetype: modify</span>
<span class="hl str">&quot;&quot;&quot;</span> <span class="hl opt">% (</span><span class="hl kwb">str</span><span class="hl opt">(</span>targetgroup<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn<span class="hl opt">))</span>

            <span class="hl kwa">for</span> member <span class="hl kwa">in</span> groupmembers<span class="hl opt">:</span>
                targetmember <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                                    expression<span class="hl opt">=</span><span class="hl str">&quot;(|(sAMAccountName=</span><span class="hl ipl">%s</span><span class="hl str">)(CN=</span><span class="hl ipl">%s</span><span class="hl str">))&quot;</span> <span class="hl opt">% (</span>
                    ldb<span class="hl opt">.</span><span class="hl kwd">binary_encode</span><span class="hl opt">(</span>member<span class="hl opt">),</span> ldb<span class="hl opt">.</span><span class="hl kwd">binary_encode</span><span class="hl opt">(</span>member<span class="hl opt">)),</span> attrs<span class="hl opt">=[])</span>

                <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>targetmember<span class="hl opt">) !=</span> <span class="hl num">1</span><span class="hl opt">:</span>
                    <span class="hl kwa">continue</span>

                <span class="hl kwa">if</span> add_members_operation <span class="hl kwa">is True and</span> <span class="hl opt">(</span>targetgroup<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&#39;member&#39;</span><span class="hl opt">)</span> <span class="hl kwa">is None or</span> <span class="hl kwb">str</span><span class="hl opt">(</span>targetmember<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn<span class="hl opt">)</span> <span class="hl kwa">not in</span> targetgroup<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&#39;member&#39;</span><span class="hl opt">]):</span>
                    modified <span class="hl opt">=</span> <span class="hl kwa">True</span>
                    addtargettogroup <span class="hl opt">+=</span> <span class="hl str">&quot;&quot;&quot;add: member</span>
<span class="hl str">member:</span> <span class="hl ipl">%s</span>
<span class="hl str">&quot;&quot;&quot;</span> <span class="hl opt">% (</span><span class="hl kwb">str</span><span class="hl opt">(</span>targetmember<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn<span class="hl opt">))</span>

                <span class="hl kwa">elif</span> add_members_operation <span class="hl kwa">is False and</span> <span class="hl opt">(</span>targetgroup<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&#39;member&#39;</span><span class="hl opt">)</span> <span class="hl kwa">is not None and</span> <span class="hl kwb">str</span><span class="hl opt">(</span>targetmember<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn<span class="hl opt">)</span> <span class="hl kwa">in</span> targetgroup<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&#39;member&#39;</span><span class="hl opt">]):</span>
                    modified <span class="hl opt">=</span> <span class="hl kwa">True</span>
                    addtargettogroup <span class="hl opt">+=</span> <span class="hl str">&quot;&quot;&quot;delete: member</span>
<span class="hl str">member:</span> <span class="hl ipl">%s</span>
<span class="hl str">&quot;&quot;&quot;</span> <span class="hl opt">% (</span><span class="hl kwb">str</span><span class="hl opt">(</span>targetmember<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn<span class="hl opt">))</span>

            <span class="hl kwa">if</span> modified <span class="hl kwa">is True</span><span class="hl opt">:</span>
                self<span class="hl opt">.</span><span class="hl kwd">modify_ldif</span><span class="hl opt">(</span>addtargettogroup<span class="hl opt">)</span>

        <span class="hl kwa">except</span> <span class="hl kwc">Exception</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
            <span class="hl kwa">raise</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>

    <span class="hl kwa">def</span> <span class="hl kwd">newuser</span><span class="hl opt">(</span>self<span class="hl opt">,</span> username<span class="hl opt">,</span> password<span class="hl opt">,</span>
            force_password_change_at_next_login_req<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span>
            useusernameascn<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span> userou<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> surname<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> givenname<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
            initials<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> profilepath<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> scriptpath<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> homedrive<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
            homedirectory<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> jobtitle<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> department<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> company<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
            description<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> mailaddress<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> internetaddress<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
            telephonenumber<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> physicaldeliveryoffice<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> sd<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
            setpassword<span class="hl opt">=</span><span class="hl kwa">True</span><span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Adds a new user with additional parameters</span>
<span class="hl str"></span>
<span class="hl str">        :param username: Name of the new user</span>
<span class="hl str">        :param password: Password for the new user</span>
<span class="hl str">        :param force_password_change_at_next_login_req: Force password change</span>
<span class="hl str">        :param useusernameascn: Use username as cn rather that firstname +</span>
<span class="hl str">            initials + lastname</span>
<span class="hl str">        :param userou: Object container (without domainDN postfix) for new user</span>
<span class="hl str">        :param surname: Surname of the new user</span>
<span class="hl str">        :param givenname: First name of the new user</span>
<span class="hl str">        :param initials: Initials of the new user</span>
<span class="hl str">        :param profilepath: Profile path of the new user</span>
<span class="hl str">        :param scriptpath: Logon script path of the new user</span>
<span class="hl str">        :param homedrive: Home drive of the new user</span>
<span class="hl str">        :param homedirectory: Home directory of the new user</span>
<span class="hl str">        :param jobtitle: Job title of the new user</span>
<span class="hl str">        :param department: Department of the new user</span>
<span class="hl str">        :param company: Company of the new user</span>
<span class="hl str">        :param description: of the new user</span>
<span class="hl str">        :param mailaddress: Email address of the new user</span>
<span class="hl str">        :param internetaddress: Home page of the new user</span>
<span class="hl str">        :param telephonenumber: Phone number of the new user</span>
<span class="hl str">        :param physicaldeliveryoffice: Office location of the new user</span>
<span class="hl str">        :param sd: security descriptor of the object</span>
<span class="hl str">        :param setpassword: optionally disable password reset</span>
<span class="hl str">        &quot;&quot;&quot;</span>

        displayname <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>
        <span class="hl kwa">if</span> givenname <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            displayname <span class="hl opt">+=</span> givenname

        <span class="hl kwa">if</span> initials <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            displayname <span class="hl opt">+=</span> <span class="hl str">&#39;</span> <span class="hl ipl">%s</span><span class="hl str">.&#39;</span> <span class="hl opt">%</span> initials

        <span class="hl kwa">if</span> surname <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            displayname <span class="hl opt">+=</span> <span class="hl str">&#39;</span> <span class="hl ipl">%s</span><span class="hl str">&#39;</span> <span class="hl opt">%</span> surname

        cn <span class="hl opt">=</span> username
        <span class="hl kwa">if</span> useusernameascn <span class="hl kwa">is None and</span> displayname <span class="hl kwa">is not</span> <span class="hl str">&quot;&quot;</span><span class="hl opt">:</span>
            cn <span class="hl opt">=</span> displayname

        user_dn <span class="hl opt">=</span> <span class="hl str">&quot;CN=</span><span class="hl ipl">%s</span><span class="hl str">,</span><span class="hl ipl">%s</span><span class="hl str">,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">% (</span>cn<span class="hl opt">, (</span>userou <span class="hl kwa">or</span> <span class="hl str">&quot;CN=Users&quot;</span><span class="hl opt">),</span> self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">())</span>

        dnsdomain <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>self<span class="hl opt">,</span> self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">()).</span><span class="hl kwd">canonical_str</span><span class="hl opt">().</span><span class="hl kwd">replace</span><span class="hl opt">(</span><span class="hl str">&quot;/&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;&quot;</span><span class="hl opt">)</span>
        user_principal_name <span class="hl opt">=</span> <span class="hl str">&quot;</span><span class="hl ipl">%s</span><span class="hl str">&#64;</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">% (</span>username<span class="hl opt">,</span> dnsdomain<span class="hl opt">)</span>
        <span class="hl slc"># The new user record. Note the reliance on the SAMLDB module which</span>
        <span class="hl slc"># fills in the default informations</span>
        ldbmessage <span class="hl opt">= {</span><span class="hl str">&quot;dn&quot;</span><span class="hl opt">:</span> user_dn<span class="hl opt">,</span>
                      <span class="hl str">&quot;sAMAccountName&quot;</span><span class="hl opt">:</span> username<span class="hl opt">,</span>
                      <span class="hl str">&quot;userPrincipalName&quot;</span><span class="hl opt">:</span> user_principal_name<span class="hl opt">,</span>
                      <span class="hl str">&quot;objectClass&quot;</span><span class="hl opt">:</span> <span class="hl str">&quot;user&quot;</span><span class="hl opt">}</span>

        <span class="hl kwa">if</span> surname <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;sn&quot;</span><span class="hl opt">] =</span> surname

        <span class="hl kwa">if</span> givenname <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;givenName&quot;</span><span class="hl opt">] =</span> givenname

        <span class="hl kwa">if</span> displayname <span class="hl kwa">is not</span> <span class="hl str">&quot;&quot;</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;displayName&quot;</span><span class="hl opt">] =</span> displayname
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;name&quot;</span><span class="hl opt">] =</span> displayname

        <span class="hl kwa">if</span> initials <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;initials&quot;</span><span class="hl opt">] =</span> <span class="hl str">&#39;</span><span class="hl ipl">%s</span><span class="hl str">.&#39;</span> <span class="hl opt">%</span> initials

        <span class="hl kwa">if</span> profilepath <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;profilePath&quot;</span><span class="hl opt">] =</span> profilepath

        <span class="hl kwa">if</span> scriptpath <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;scriptPath&quot;</span><span class="hl opt">] =</span> scriptpath

        <span class="hl kwa">if</span> homedrive <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;homeDrive&quot;</span><span class="hl opt">] =</span> homedrive

        <span class="hl kwa">if</span> homedirectory <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;homeDirectory&quot;</span><span class="hl opt">] =</span> homedirectory

        <span class="hl kwa">if</span> jobtitle <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;title&quot;</span><span class="hl opt">] =</span> jobtitle

        <span class="hl kwa">if</span> department <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;department&quot;</span><span class="hl opt">] =</span> department

        <span class="hl kwa">if</span> company <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;company&quot;</span><span class="hl opt">] =</span> company

        <span class="hl kwa">if</span> description <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;description&quot;</span><span class="hl opt">] =</span> description

        <span class="hl kwa">if</span> mailaddress <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;mail&quot;</span><span class="hl opt">] =</span> mailaddress

        <span class="hl kwa">if</span> internetaddress <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;wWWHomePage&quot;</span><span class="hl opt">] =</span> internetaddress

        <span class="hl kwa">if</span> telephonenumber <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;telephoneNumber&quot;</span><span class="hl opt">] =</span> telephonenumber

        <span class="hl kwa">if</span> physicaldeliveryoffice <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;physicalDeliveryOfficeName&quot;</span><span class="hl opt">] =</span> physicaldeliveryoffice

        <span class="hl kwa">if</span> sd <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            ldbmessage<span class="hl opt">[</span><span class="hl str">&quot;nTSecurityDescriptor&quot;</span><span class="hl opt">] =</span> <span class="hl kwd">ndr_pack</span><span class="hl opt">(</span>sd<span class="hl opt">)</span>

        self<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">add</span><span class="hl opt">(</span>ldbmessage<span class="hl opt">)</span>

            <span class="hl slc"># Sets the password for it</span>
            <span class="hl kwa">if</span> setpassword<span class="hl opt">:</span>
                self<span class="hl opt">.</span><span class="hl kwd">setpassword</span><span class="hl opt">(</span><span class="hl str">&quot;(samAccountName=</span><span class="hl ipl">%s</span><span class="hl str">)&quot;</span> <span class="hl opt">%</span> ldb<span class="hl opt">.</span><span class="hl kwd">binary_encode</span><span class="hl opt">(</span>username<span class="hl opt">),</span> password<span class="hl opt">,</span>
                                 force_password_change_at_next_login_req<span class="hl opt">)</span>
        <span class="hl kwa">except</span> <span class="hl kwc">Exception</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
            <span class="hl kwa">raise</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>


    <span class="hl kwa">def</span> <span class="hl kwd">deleteuser</span><span class="hl opt">(</span>self<span class="hl opt">,</span> username<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Deletes a user</span>
<span class="hl str"></span>
<span class="hl str">        :param username: Name of the target user</span>
<span class="hl str">        &quot;&quot;&quot;</span>

        <span class="hl kwb">filter</span> <span class="hl opt">=</span> <span class="hl str">&quot;(&amp;(sAMAccountName=</span><span class="hl ipl">%s</span><span class="hl str">)(objectCategory=</span><span class="hl ipl">%s</span><span class="hl str">,</span><span class="hl ipl">%s</span><span class="hl str">))&quot;</span> <span class="hl opt">% (</span>ldb<span class="hl opt">.</span><span class="hl kwd">binary_encode</span><span class="hl opt">(</span>username<span class="hl opt">),</span> <span class="hl str">&quot;CN=Person,CN=Schema,CN=Configuration&quot;</span><span class="hl opt">,</span> self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">())</span>
        self<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            target <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                                 expression<span class="hl opt">=</span><span class="hl kwb">filter</span><span class="hl opt">,</span> attrs<span class="hl opt">=[])</span>
            <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>target<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&#39;Unable to find user &quot;</span><span class="hl ipl">%s</span><span class="hl str">&quot;&#39;</span> <span class="hl opt">%</span> username<span class="hl opt">)</span>
            <span class="hl kwa">assert</span><span class="hl opt">(</span><span class="hl kwb">len</span><span class="hl opt">(</span>target<span class="hl opt">) ==</span> <span class="hl num">1</span><span class="hl opt">)</span>
            self<span class="hl opt">.</span><span class="hl kwd">delete</span><span class="hl opt">(</span>target<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn<span class="hl opt">)</span>
        <span class="hl kwa">except</span> <span class="hl kwc">Exception</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
            <span class="hl kwa">raise</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>


    <span class="hl kwa">def</span> <span class="hl kwd">setpassword</span><span class="hl opt">(</span>self<span class="hl opt">,</span> search_filter<span class="hl opt">,</span> password<span class="hl opt">,</span>
            force_change_at_next_login<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span> username<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Sets the password for a user</span>
<span class="hl str"></span>
<span class="hl str">        :param search_filter: LDAP filter to find the user (eg</span>
<span class="hl str">            samccountname=name)</span>
<span class="hl str">        :param password: Password for the user</span>
<span class="hl str">        :param force_change_at_next_login: Force password change</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        self<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                              expression<span class="hl opt">=</span>search_filter<span class="hl opt">,</span> attrs<span class="hl opt">=[])</span>
            <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&#39;Unable to find user &quot;</span><span class="hl ipl">%s</span><span class="hl str">&quot;&#39;</span> <span class="hl opt">% (</span>username <span class="hl kwa">or</span> search_filter<span class="hl opt">))</span>
            <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) &gt;</span> <span class="hl num">1</span><span class="hl opt">:</span>
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&#39;Matched</span> <span class="hl ipl">%u</span> <span class="hl str">multiple users with filter &quot;</span><span class="hl ipl">%s</span><span class="hl str">&quot;&#39;</span> <span class="hl opt">% (</span><span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">),</span> search_filter<span class="hl opt">))</span>
            user_dn <span class="hl opt">=</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn
            setpw <span class="hl opt">=</span> <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">dn:</span> <span class="hl ipl">%s</span>
<span class="hl str">changetype: modify</span>
<span class="hl str">replace: unicodePwd</span>
<span class="hl str">unicodePwd::</span> <span class="hl ipl">%s</span>
<span class="hl str">&quot;&quot;&quot;</span> <span class="hl opt">% (</span>user_dn<span class="hl opt">,</span> base64<span class="hl opt">.</span><span class="hl kwd">b64encode</span><span class="hl opt">((</span><span class="hl str">&quot;</span><span class="hl esc">\&quot;</span><span class="hl str">&quot;</span> <span class="hl opt">+</span> password <span class="hl opt">+</span> <span class="hl str">&quot;</span><span class="hl esc">\&quot;</span><span class="hl str">&quot;</span><span class="hl opt">).</span><span class="hl kwd">encode</span><span class="hl opt">(</span><span class="hl str">&#39;utf-16-le&#39;</span><span class="hl opt">)))</span>

            self<span class="hl opt">.</span><span class="hl kwd">modify_ldif</span><span class="hl opt">(</span>setpw<span class="hl opt">)</span>

            <span class="hl kwa">if</span> force_change_at_next_login<span class="hl opt">:</span>
                self<span class="hl opt">.</span><span class="hl kwd">force_password_change_at_next_login</span><span class="hl opt">(</span>
                  <span class="hl str">&quot;(dn=&quot;</span> <span class="hl opt">+</span> <span class="hl kwb">str</span><span class="hl opt">(</span>user_dn<span class="hl opt">) +</span> <span class="hl str">&quot;)&quot;</span><span class="hl opt">)</span>

            <span class="hl slc">#  modify the userAccountControl to remove the disabled bit</span>
            self<span class="hl opt">.</span><span class="hl kwd">enable_account</span><span class="hl opt">(</span>search_filter<span class="hl opt">)</span>
        <span class="hl kwa">except</span> <span class="hl kwc">Exception</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
            <span class="hl kwa">raise</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>

    <span class="hl kwa">def</span> <span class="hl kwd">setexpiry</span><span class="hl opt">(</span>self<span class="hl opt">,</span> search_filter<span class="hl opt">,</span> expiry_seconds<span class="hl opt">,</span> no_expiry_req<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Sets the account expiry for a user</span>
<span class="hl str"></span>
<span class="hl str">        :param search_filter: LDAP filter to find the user (eg</span>
<span class="hl str">            samaccountname=name)</span>
<span class="hl str">        :param expiry_seconds: expiry time from now in seconds</span>
<span class="hl str">        :param no_expiry_req: if set, then don&#39;t expire password</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        self<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                          expression<span class="hl opt">=</span>search_filter<span class="hl opt">,</span>
                          attrs<span class="hl opt">=[</span><span class="hl str">&quot;userAccountControl&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;accountExpires&quot;</span><span class="hl opt">])</span>
            <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
                <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&#39;Unable to find user &quot;</span><span class="hl ipl">%s</span><span class="hl str">&quot;&#39;</span> <span class="hl opt">%</span> search_filter<span class="hl opt">)</span>
            <span class="hl kwa">assert</span><span class="hl opt">(</span><span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">1</span><span class="hl opt">)</span>
            user_dn <span class="hl opt">=</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn

            userAccountControl <span class="hl opt">=</span> <span class="hl kwb">int</span><span class="hl opt">(</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;userAccountControl&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">])</span>
            accountExpires     <span class="hl opt">=</span> <span class="hl kwb">int</span><span class="hl opt">(</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;accountExpires&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">])</span>
            <span class="hl kwa">if</span> no_expiry_req<span class="hl opt">:</span>
                userAccountControl <span class="hl opt">=</span> userAccountControl | <span class="hl num">0x10000</span>
                accountExpires <span class="hl opt">=</span> <span class="hl num">0</span>
            <span class="hl kwa">else</span><span class="hl opt">:</span>
                userAccountControl <span class="hl opt">=</span> userAccountControl <span class="hl opt">&amp;</span> ~<span class="hl num">0x10000</span>
                accountExpires <span class="hl opt">=</span> samba<span class="hl opt">.</span><span class="hl kwd">unix2nttime</span><span class="hl opt">(</span>expiry_seconds <span class="hl opt">+</span> <span class="hl kwb">int</span><span class="hl opt">(</span>time<span class="hl opt">.</span><span class="hl kwd">time</span><span class="hl opt">()))</span>

            setexp <span class="hl opt">=</span> <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">dn:</span> <span class="hl ipl">%s</span>
<span class="hl str">changetype: modify</span>
<span class="hl str">replace: userAccountControl</span>
<span class="hl str">userAccountControl:</span> <span class="hl ipl">%u</span>
<span class="hl str">replace: accountExpires</span>
<span class="hl str">accountExpires:</span> <span class="hl ipl">%u</span>
<span class="hl str">&quot;&quot;&quot;</span> <span class="hl opt">% (</span>user_dn<span class="hl opt">,</span> userAccountControl<span class="hl opt">,</span> accountExpires<span class="hl opt">)</span>

            self<span class="hl opt">.</span><span class="hl kwd">modify_ldif</span><span class="hl opt">(</span>setexp<span class="hl opt">)</span>
        <span class="hl kwa">except</span> <span class="hl kwc">Exception</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
            <span class="hl kwa">raise</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_domain_sid</span><span class="hl opt">(</span>self<span class="hl opt">,</span> sid<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Change the domain SID used by this LDB.</span>
<span class="hl str"></span>
<span class="hl str">        :param sid: The new domain sid to use.</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        dsdb<span class="hl num">._</span>samdb<span class="hl num">_</span>set<span class="hl num">_</span>domain<span class="hl num">_</span>sid<span class="hl opt">(</span>self<span class="hl opt">,</span> sid<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_domain_sid</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Read the domain SID used by this LDB. &quot;&quot;&quot;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>samdb<span class="hl num">_</span>get<span class="hl num">_</span>domain<span class="hl num">_</span>sid<span class="hl opt">(</span>self<span class="hl opt">)</span>

    domain_sid <span class="hl opt">=</span> <span class="hl kwb">property</span><span class="hl opt">(</span>get_domain_sid<span class="hl opt">,</span> set_domain_sid<span class="hl opt">,</span>
        <span class="hl str">&quot;SID for the domain&quot;</span><span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_invocation_id</span><span class="hl opt">(</span>self<span class="hl opt">,</span> invocation_id<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Set the invocation id for this SamDB handle.</span>
<span class="hl str"></span>
<span class="hl str">        :param invocation_id: GUID of the invocation id.</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>set<span class="hl num">_</span>ntds<span class="hl num">_</span>invocation<span class="hl num">_</span>id<span class="hl opt">(</span>self<span class="hl opt">,</span> invocation_id<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_invocation_id</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Get the invocation_id id&quot;&quot;&quot;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>samdb<span class="hl num">_</span>ntds<span class="hl num">_</span>invocation<span class="hl num">_</span>id<span class="hl opt">(</span>self<span class="hl opt">)</span>

    invocation_id <span class="hl opt">=</span> <span class="hl kwb">property</span><span class="hl opt">(</span>get_invocation_id<span class="hl opt">,</span> set_invocation_id<span class="hl opt">,</span>
        <span class="hl str">&quot;Invocation ID GUID&quot;</span><span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_oid_from_attid</span><span class="hl opt">(</span>self<span class="hl opt">,</span> attid<span class="hl opt">):</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>get<span class="hl num">_</span>oid<span class="hl num">_</span>from<span class="hl num">_</span>attid<span class="hl opt">(</span>self<span class="hl opt">,</span> attid<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_attid_from_lDAPDisplayName</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ldap_display_name<span class="hl opt">,</span>
            is_schema_nc<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;return the attribute ID for a LDAP attribute as an integer as found in DRSUAPI&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>get<span class="hl num">_</span>attid<span class="hl num">_</span>from<span class="hl num">_l</span>DAPDisplayName<span class="hl opt">(</span>self<span class="hl opt">,</span>
            ldap_display_name<span class="hl opt">,</span> is_schema_nc<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_syntax_oid_from_lDAPDisplayName</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ldap_display_name<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;return the syntax OID for a LDAP attribute as a string&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>get<span class="hl num">_</span>syntax<span class="hl num">_</span>oid<span class="hl num">_</span>from<span class="hl num">_l</span>DAPDisplayName<span class="hl opt">(</span>self<span class="hl opt">,</span> ldap_display_name<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_systemFlags_from_lDAPDisplayName</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ldap_display_name<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;return the systemFlags for a LDAP attribute as a integer&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>get<span class="hl num">_</span>systemFlags<span class="hl num">_</span>from<span class="hl num">_l</span>DAPDisplayName<span class="hl opt">(</span>self<span class="hl opt">,</span> ldap_display_name<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_linkId_from_lDAPDisplayName</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ldap_display_name<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;return the linkID for a LDAP attribute as a integer&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>get<span class="hl num">_l</span>inkId<span class="hl num">_</span>from<span class="hl num">_l</span>DAPDisplayName<span class="hl opt">(</span>self<span class="hl opt">,</span> ldap_display_name<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_lDAPDisplayName_by_attid</span><span class="hl opt">(</span>self<span class="hl opt">,</span> attid<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;return the lDAPDisplayName from an integer DRS attribute ID&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>get<span class="hl num">_l</span>DAPDisplayName<span class="hl num">_</span>by<span class="hl num">_</span>attid<span class="hl opt">(</span>self<span class="hl opt">,</span> attid<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_backlink_from_lDAPDisplayName</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ldap_display_name<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;return the attribute name of the corresponding backlink from the name</span>
<span class="hl str">        of a forward link attribute. If there is no backlink return None&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>get<span class="hl num">_</span>backlink<span class="hl num">_</span>from<span class="hl num">_l</span>DAPDisplayName<span class="hl opt">(</span>self<span class="hl opt">,</span> ldap_display_name<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_ntds_settings_dn</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ntds_settings_dn<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Set the NTDS Settings DN, as would be returned on the dsServiceName</span>
<span class="hl str">        rootDSE attribute.</span>
<span class="hl str"></span>
<span class="hl str">        This allows the DN to be set before the database fully exists</span>
<span class="hl str"></span>
<span class="hl str">        :param ntds_settings_dn: The new DN to use</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        dsdb<span class="hl num">._</span>samdb<span class="hl num">_</span>set<span class="hl num">_</span>ntds<span class="hl num">_</span>settings<span class="hl num">_</span>dn<span class="hl opt">(</span>self<span class="hl opt">,</span> ntds_settings_dn<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_ntds_GUID</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Get the NTDS objectGUID&quot;&quot;&quot;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>samdb<span class="hl num">_</span>ntds<span class="hl num">_</span>objectGUID<span class="hl opt">(</span>self<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">server_site_name</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Get the server site name&quot;&quot;&quot;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>samdb<span class="hl num">_</span>server<span class="hl num">_</span>site<span class="hl num">_</span>name<span class="hl opt">(</span>self<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">host_dns_name</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;return the DNS name of this host&quot;&quot;&quot;</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span><span class="hl str">&#39;&#39;</span><span class="hl opt">,</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">,</span> attrs<span class="hl opt">=[</span><span class="hl str">&#39;dNSHostName&#39;</span><span class="hl opt">])</span>
        <span class="hl kwa">return</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&#39;dNSHostName&#39;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]</span>

    <span class="hl kwa">def</span> <span class="hl kwd">domain_dns_name</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;return the DNS name of the domain root&quot;&quot;&quot;</span>
        domain_dn <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">get_default_basedn</span><span class="hl opt">()</span>
        <span class="hl kwa">return</span> domain_dn<span class="hl opt">.</span><span class="hl kwd">canonical_str</span><span class="hl opt">().</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl str">&#39;/&#39;</span><span class="hl opt">)[</span><span class="hl num">0</span><span class="hl opt">]</span>

    <span class="hl kwa">def</span> <span class="hl kwd">forest_dns_name</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;return the DNS name of the forest root&quot;&quot;&quot;</span>
        forest_dn <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">get_root_basedn</span><span class="hl opt">()</span>
        <span class="hl kwa">return</span> forest_dn<span class="hl opt">.</span><span class="hl kwd">canonical_str</span><span class="hl opt">().</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl str">&#39;/&#39;</span><span class="hl opt">)[</span><span class="hl num">0</span><span class="hl opt">]</span>

    <span class="hl kwa">def</span> <span class="hl kwd">load_partition_usn</span><span class="hl opt">(</span>self<span class="hl opt">,</span> base_dn<span class="hl opt">):</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_l</span>oad<span class="hl num">_</span>partition<span class="hl num">_u</span>sn<span class="hl opt">(</span>self<span class="hl opt">,</span> base_dn<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_schema</span><span class="hl opt">(</span>self<span class="hl opt">,</span> schema<span class="hl opt">):</span>
        self<span class="hl opt">.</span><span class="hl kwd">set_schema_from_ldb</span><span class="hl opt">(</span>schema<span class="hl opt">.</span>ldb<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_schema_from_ldb</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ldb_conn<span class="hl opt">):</span>
        dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>set<span class="hl num">_</span>schema<span class="hl num">_</span>from<span class="hl num">_l</span>db<span class="hl opt">(</span>self<span class="hl opt">,</span> ldb_conn<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">dsdb_DsReplicaAttribute</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ldb<span class="hl opt">,</span> ldap_display_name<span class="hl opt">,</span> ldif_elements<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;convert a list of attribute values to a DRSUAPI DsReplicaAttribute&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>DsReplicaAttribute<span class="hl opt">(</span>ldb<span class="hl opt">,</span> ldap_display_name<span class="hl opt">,</span> ldif_elements<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">dsdb_normalise_attributes</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ldb<span class="hl opt">,</span> ldap_display_name<span class="hl opt">,</span> ldif_elements<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;normalise a list of attribute values&#39;&#39;&#39;</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>normalise<span class="hl num">_</span>attributes<span class="hl opt">(</span>ldb<span class="hl opt">,</span> ldap_display_name<span class="hl opt">,</span> ldif_elements<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_attribute_from_attid</span><span class="hl opt">(</span>self<span class="hl opt">,</span> attid<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot; Get from an attid the associated attribute</span>
<span class="hl str"></span>
<span class="hl str">        :param attid: The attribute id for searched attribute</span>
<span class="hl str">        :return: The name of the attribute associated with this id</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">.</span><span class="hl kwd">keys</span><span class="hl opt">()) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            self<span class="hl num">._</span>populate<span class="hl num">_</span>oid<span class="hl num">_</span>attid<span class="hl opt">()</span>
        <span class="hl kwa">if</span> self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">.</span><span class="hl kwd">has_key</span><span class="hl opt">(</span>self<span class="hl opt">.</span><span class="hl kwd">get_oid_from_attid</span><span class="hl opt">(</span>attid<span class="hl opt">)):</span>
            <span class="hl kwa">return</span> self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">[</span>self<span class="hl opt">.</span><span class="hl kwd">get_oid_from_attid</span><span class="hl opt">(</span>attid<span class="hl opt">)]</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            <span class="hl kwa">return None</span>

    <span class="hl kwa">def</span> <span class="hl kwd">_populate_oid_attid</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Populate the hash hash_oid_name.</span>
<span class="hl str"></span>
<span class="hl str">        This hash contains the oid of the attribute as a key and</span>
<span class="hl str">        its display name as a value</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        self<span class="hl opt">.</span>hash_oid_name <span class="hl opt">= {}</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>expression<span class="hl opt">=</span><span class="hl str">&quot;objectClass=attributeSchema&quot;</span><span class="hl opt">,</span>
                           controls<span class="hl opt">=[</span><span class="hl str">&quot;search_options:1:2&quot;</span><span class="hl opt">],</span>
                           attrs<span class="hl opt">=[</span><span class="hl str">&quot;attributeID&quot;</span><span class="hl opt">,</span>
                           <span class="hl str">&quot;lDAPDisplayName&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) &gt;</span> <span class="hl num">0</span><span class="hl opt">:</span>
            <span class="hl kwa">for</span> e <span class="hl kwa">in</span> res<span class="hl opt">:</span>
                strDisplay <span class="hl opt">=</span> <span class="hl kwb">str</span><span class="hl opt">(</span>e<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;lDAPDisplayName&quot;</span><span class="hl opt">))</span>
                self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">[</span><span class="hl kwb">str</span><span class="hl opt">(</span>e<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;attributeID&quot;</span><span class="hl opt">))] =</span> strDisplay

    <span class="hl kwa">def</span> <span class="hl kwd">get_attribute_replmetadata_version</span><span class="hl opt">(</span>self<span class="hl opt">,</span> dn<span class="hl opt">,</span> att<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Get the version field trom the replPropertyMetaData for</span>
<span class="hl str">        the given field</span>
<span class="hl str"></span>
<span class="hl str">        :param dn: The on which we want to get the version</span>
<span class="hl str">        :param att: The name of the attribute</span>
<span class="hl str">        :return: The value of the version field in the replPropertyMetaData</span>
<span class="hl str">            for the given attribute. None if the attribute is not replicated</span>
<span class="hl str">        &quot;&quot;&quot;</span>

        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>expression<span class="hl opt">=</span><span class="hl str">&quot;dn=</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> dn<span class="hl opt">,</span>
                            scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                            controls<span class="hl opt">=[</span><span class="hl str">&quot;search_options:1:2&quot;</span><span class="hl opt">],</span>
                            attrs<span class="hl opt">=[</span><span class="hl str">&quot;replPropertyMetaData&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            <span class="hl kwa">return None</span>

        repl <span class="hl opt">=</span> <span class="hl kwd">ndr_unpack</span><span class="hl opt">(</span>drsblobs<span class="hl opt">.</span>replPropertyMetaDataBlob<span class="hl opt">,</span>
                            <span class="hl kwb">str</span><span class="hl opt">(</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;replPropertyMetaData&quot;</span><span class="hl opt">]))</span>
        ctr <span class="hl opt">=</span> repl<span class="hl opt">.</span>ctr
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">.</span><span class="hl kwd">keys</span><span class="hl opt">()) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            self<span class="hl num">._</span>populate<span class="hl num">_</span>oid<span class="hl num">_</span>attid<span class="hl opt">()</span>
        <span class="hl kwa">for</span> o <span class="hl kwa">in</span> ctr<span class="hl opt">.</span>array<span class="hl opt">:</span>
            <span class="hl slc"># Search for Description</span>
            att_oid <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">get_oid_from_attid</span><span class="hl opt">(</span>o<span class="hl opt">.</span>attid<span class="hl opt">)</span>
            <span class="hl kwa">if</span> self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">.</span><span class="hl kwd">has_key</span><span class="hl opt">(</span>att_oid<span class="hl opt">)</span> <span class="hl kwa">and</span>\
               att<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">() ==</span> self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">[</span>att_oid<span class="hl opt">].</span><span class="hl kwd">lower</span><span class="hl opt">():</span>
                <span class="hl kwa">return</span> o<span class="hl opt">.</span>version
        <span class="hl kwa">return None</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_attribute_replmetadata_version</span><span class="hl opt">(</span>self<span class="hl opt">,</span> dn<span class="hl opt">,</span> att<span class="hl opt">,</span> value<span class="hl opt">,</span>
            addifnotexist<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>expression<span class="hl opt">=</span><span class="hl str">&quot;dn=</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> dn<span class="hl opt">,</span>
                            scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                            controls<span class="hl opt">=[</span><span class="hl str">&quot;search_options:1:2&quot;</span><span class="hl opt">],</span>
                            attrs<span class="hl opt">=[</span><span class="hl str">&quot;replPropertyMetaData&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            <span class="hl kwa">return None</span>

        repl <span class="hl opt">=</span> <span class="hl kwd">ndr_unpack</span><span class="hl opt">(</span>drsblobs<span class="hl opt">.</span>replPropertyMetaDataBlob<span class="hl opt">,</span>
                            <span class="hl kwb">str</span><span class="hl opt">(</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;replPropertyMetaData&quot;</span><span class="hl opt">]))</span>
        ctr <span class="hl opt">=</span> repl<span class="hl opt">.</span>ctr
        now <span class="hl opt">=</span> samba<span class="hl opt">.</span><span class="hl kwd">unix2nttime</span><span class="hl opt">(</span><span class="hl kwb">int</span><span class="hl opt">(</span>time<span class="hl opt">.</span><span class="hl kwd">time</span><span class="hl opt">()))</span>
        found <span class="hl opt">=</span> <span class="hl kwa">False</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">.</span><span class="hl kwd">keys</span><span class="hl opt">()) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            self<span class="hl num">._</span>populate<span class="hl num">_</span>oid<span class="hl num">_</span>attid<span class="hl opt">()</span>
        <span class="hl kwa">for</span> o <span class="hl kwa">in</span> ctr<span class="hl opt">.</span>array<span class="hl opt">:</span>
            <span class="hl slc"># Search for Description</span>
            att_oid <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">get_oid_from_attid</span><span class="hl opt">(</span>o<span class="hl opt">.</span>attid<span class="hl opt">)</span>
            <span class="hl kwa">if</span> self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">.</span><span class="hl kwd">has_key</span><span class="hl opt">(</span>att_oid<span class="hl opt">)</span> <span class="hl kwa">and</span>\
               att<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">() ==</span> self<span class="hl opt">.</span>hash_oid_name<span class="hl opt">[</span>att_oid<span class="hl opt">].</span><span class="hl kwd">lower</span><span class="hl opt">():</span>
                found <span class="hl opt">=</span> <span class="hl kwa">True</span>
                seq <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">sequence_number</span><span class="hl opt">(</span>ldb<span class="hl opt">.</span>SEQ_NEXT<span class="hl opt">)</span>
                o<span class="hl opt">.</span>version <span class="hl opt">=</span> value
                o<span class="hl opt">.</span>originating_change_time <span class="hl opt">=</span> now
                o<span class="hl opt">.</span>originating_invocation_id <span class="hl opt">=</span> misc<span class="hl opt">.</span><span class="hl kwd">GUID</span><span class="hl opt">(</span>self<span class="hl opt">.</span><span class="hl kwd">get_invocation_id</span><span class="hl opt">())</span>
                o<span class="hl opt">.</span>originating_usn <span class="hl opt">=</span> seq
                o<span class="hl opt">.</span>local_usn <span class="hl opt">=</span> seq

        <span class="hl kwa">if not</span> found <span class="hl kwa">and</span> addifnotexist <span class="hl kwa">and</span> <span class="hl kwb">len</span><span class="hl opt">(</span>ctr<span class="hl opt">.</span>array<span class="hl opt">) &gt;</span><span class="hl num">0</span><span class="hl opt">:</span>
            o2 <span class="hl opt">=</span> drsblobs<span class="hl opt">.</span><span class="hl kwd">replPropertyMetaData1</span><span class="hl opt">()</span>
            o2<span class="hl opt">.</span>attid <span class="hl opt">=</span> <span class="hl num">589914</span>
            att_oid <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">get_oid_from_attid</span><span class="hl opt">(</span>o2<span class="hl opt">.</span>attid<span class="hl opt">)</span>
            seq <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">sequence_number</span><span class="hl opt">(</span>ldb<span class="hl opt">.</span>SEQ_NEXT<span class="hl opt">)</span>
            o2<span class="hl opt">.</span>version <span class="hl opt">=</span> value
            o2<span class="hl opt">.</span>originating_change_time <span class="hl opt">=</span> now
            o2<span class="hl opt">.</span>originating_invocation_id <span class="hl opt">=</span> misc<span class="hl opt">.</span><span class="hl kwd">GUID</span><span class="hl opt">(</span>self<span class="hl opt">.</span><span class="hl kwd">get_invocation_id</span><span class="hl opt">())</span>
            o2<span class="hl opt">.</span>originating_usn <span class="hl opt">=</span> seq
            o2<span class="hl opt">.</span>local_usn <span class="hl opt">=</span> seq
            found <span class="hl opt">=</span> <span class="hl kwa">True</span>
            tab <span class="hl opt">=</span> ctr<span class="hl opt">.</span>array
            tab<span class="hl opt">.</span><span class="hl kwd">append</span><span class="hl opt">(</span>o2<span class="hl opt">)</span>
            ctr<span class="hl opt">.</span>count <span class="hl opt">=</span> ctr<span class="hl opt">.</span>count <span class="hl opt">+</span> <span class="hl num">1</span>
            ctr<span class="hl opt">.</span>array <span class="hl opt">=</span> tab

        <span class="hl kwa">if</span> found <span class="hl opt">:</span>
            replBlob <span class="hl opt">=</span> <span class="hl kwd">ndr_pack</span><span class="hl opt">(</span>repl<span class="hl opt">)</span>
            msg <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Message</span><span class="hl opt">()</span>
            msg<span class="hl opt">.</span>dn <span class="hl opt">=</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn
            msg<span class="hl opt">[</span><span class="hl str">&quot;replPropertyMetaData&quot;</span><span class="hl opt">] =</span> ldb<span class="hl opt">.</span><span class="hl kwd">MessageElement</span><span class="hl opt">(</span>replBlob<span class="hl opt">,</span>
                                                ldb<span class="hl opt">.</span>FLAG_MOD_REPLACE<span class="hl opt">,</span>
                                                <span class="hl str">&quot;replPropertyMetaData&quot;</span><span class="hl opt">)</span>
            self<span class="hl opt">.</span><span class="hl kwd">modify</span><span class="hl opt">(</span>msg<span class="hl opt">, [</span><span class="hl str">&quot;local_oid:1.3.6.1.4.1.7165.4.3.14:0&quot;</span><span class="hl opt">])</span>

    <span class="hl kwa">def</span> <span class="hl kwd">write_prefixes_from_schema</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>write<span class="hl num">_</span>prefixes<span class="hl num">_</span>from<span class="hl num">_</span>schema<span class="hl num">_</span>to<span class="hl num">_l</span>db<span class="hl opt">(</span>self<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_partitions_dn</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl kwa">return</span> dsdb<span class="hl num">._</span>dsdb<span class="hl num">_</span>get<span class="hl num">_</span>partitions<span class="hl num">_</span>dn<span class="hl opt">(</span>self<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_minPwdAge</span><span class="hl opt">(</span>self<span class="hl opt">,</span> value<span class="hl opt">):</span>
        m <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Message</span><span class="hl opt">()</span>
        m<span class="hl opt">.</span>dn <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>self<span class="hl opt">,</span> self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">())</span>
        m<span class="hl opt">[</span><span class="hl str">&quot;minPwdAge&quot;</span><span class="hl opt">] =</span> ldb<span class="hl opt">.</span><span class="hl kwd">MessageElement</span><span class="hl opt">(</span>value<span class="hl opt">,</span> ldb<span class="hl opt">.</span>FLAG_MOD_REPLACE<span class="hl opt">,</span> <span class="hl str">&quot;minPwdAge&quot;</span><span class="hl opt">)</span>
        self<span class="hl opt">.</span><span class="hl kwd">modify</span><span class="hl opt">(</span>m<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_minPwdAge</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">,</span> attrs<span class="hl opt">=[</span><span class="hl str">&quot;minPwdAge&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            <span class="hl kwa">return None</span>
        <span class="hl kwa">elif not</span> <span class="hl str">&quot;minPwdAge&quot;</span> <span class="hl kwa">in</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]:</span>
            <span class="hl kwa">return None</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            <span class="hl kwa">return</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;minPwdAge&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_minPwdLength</span><span class="hl opt">(</span>self<span class="hl opt">,</span> value<span class="hl opt">):</span>
        m <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Message</span><span class="hl opt">()</span>
        m<span class="hl opt">.</span>dn <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>self<span class="hl opt">,</span> self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">())</span>
        m<span class="hl opt">[</span><span class="hl str">&quot;minPwdLength&quot;</span><span class="hl opt">] =</span> ldb<span class="hl opt">.</span><span class="hl kwd">MessageElement</span><span class="hl opt">(</span>value<span class="hl opt">,</span> ldb<span class="hl opt">.</span>FLAG_MOD_REPLACE<span class="hl opt">,</span> <span class="hl str">&quot;minPwdLength&quot;</span><span class="hl opt">)</span>
        self<span class="hl opt">.</span><span class="hl kwd">modify</span><span class="hl opt">(</span>m<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_minPwdLength</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">,</span> attrs<span class="hl opt">=[</span><span class="hl str">&quot;minPwdLength&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            <span class="hl kwa">return None</span>
        <span class="hl kwa">elif not</span> <span class="hl str">&quot;minPwdLength&quot;</span> <span class="hl kwa">in</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]:</span>
            <span class="hl kwa">return None</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            <span class="hl kwa">return</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;minPwdLength&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_pwdProperties</span><span class="hl opt">(</span>self<span class="hl opt">,</span> value<span class="hl opt">):</span>
        m <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Message</span><span class="hl opt">()</span>
        m<span class="hl opt">.</span>dn <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>self<span class="hl opt">,</span> self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">())</span>
        m<span class="hl opt">[</span><span class="hl str">&quot;pwdProperties&quot;</span><span class="hl opt">] =</span> ldb<span class="hl opt">.</span><span class="hl kwd">MessageElement</span><span class="hl opt">(</span>value<span class="hl opt">,</span> ldb<span class="hl opt">.</span>FLAG_MOD_REPLACE<span class="hl opt">,</span> <span class="hl str">&quot;pwdProperties&quot;</span><span class="hl opt">)</span>
        self<span class="hl opt">.</span><span class="hl kwd">modify</span><span class="hl opt">(</span>m<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_pwdProperties</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>self<span class="hl opt">.</span><span class="hl kwd">domain_dn</span><span class="hl opt">(),</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">,</span> attrs<span class="hl opt">=[</span><span class="hl str">&quot;pwdProperties&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            <span class="hl kwa">return None</span>
        <span class="hl kwa">elif not</span> <span class="hl str">&quot;pwdProperties&quot;</span> <span class="hl kwa">in</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]:</span>
            <span class="hl kwa">return None</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            <span class="hl kwa">return</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;pwdProperties&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]</span>

    <span class="hl kwa">def</span> <span class="hl kwd">set_dsheuristics</span><span class="hl opt">(</span>self<span class="hl opt">,</span> dsheuristics<span class="hl opt">):</span>
        m <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Message</span><span class="hl opt">()</span>
        m<span class="hl opt">.</span>dn <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>self<span class="hl opt">,</span> <span class="hl str">&quot;CN=Directory Service,CN=Windows NT,CN=Services,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span>
                      <span class="hl opt">%</span> self<span class="hl opt">.</span><span class="hl kwd">get_config_basedn</span><span class="hl opt">().</span><span class="hl kwd">get_linearized</span><span class="hl opt">())</span>
        <span class="hl kwa">if</span> dsheuristics <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            m<span class="hl opt">[</span><span class="hl str">&quot;dSHeuristics&quot;</span><span class="hl opt">] =</span> ldb<span class="hl opt">.</span><span class="hl kwd">MessageElement</span><span class="hl opt">(</span>dsheuristics<span class="hl opt">,</span>
                ldb<span class="hl opt">.</span>FLAG_MOD_REPLACE<span class="hl opt">,</span> <span class="hl str">&quot;dSHeuristics&quot;</span><span class="hl opt">)</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            m<span class="hl opt">[</span><span class="hl str">&quot;dSHeuristics&quot;</span><span class="hl opt">] =</span> ldb<span class="hl opt">.</span><span class="hl kwd">MessageElement</span><span class="hl opt">([],</span> ldb<span class="hl opt">.</span>FLAG_MOD_DELETE<span class="hl opt">,</span>
                <span class="hl str">&quot;dSHeuristics&quot;</span><span class="hl opt">)</span>
        self<span class="hl opt">.</span><span class="hl kwd">modify</span><span class="hl opt">(</span>m<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_dsheuristics</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span><span class="hl str">&quot;CN=Directory Service,CN=Windows NT,CN=Services,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span>
                          <span class="hl opt">%</span> self<span class="hl opt">.</span><span class="hl kwd">get_config_basedn</span><span class="hl opt">().</span><span class="hl kwd">get_linearized</span><span class="hl opt">(),</span>
                          scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">,</span> attrs<span class="hl opt">=[</span><span class="hl str">&quot;dSHeuristics&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            dsheuristics <span class="hl opt">=</span> <span class="hl kwa">None</span>
        <span class="hl kwa">elif</span> <span class="hl str">&quot;dSHeuristics&quot;</span> <span class="hl kwa">in</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]:</span>
            dsheuristics <span class="hl opt">=</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;dSHeuristics&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            dsheuristics <span class="hl opt">=</span> <span class="hl kwa">None</span>

        <span class="hl kwa">return</span> dsheuristics

    <span class="hl kwa">def</span> <span class="hl kwd">create_ou</span><span class="hl opt">(</span>self<span class="hl opt">,</span> ou_dn<span class="hl opt">,</span> description<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> name<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> sd<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Creates an organizationalUnit object</span>
<span class="hl str">        :param ou_dn: dn of the new object</span>
<span class="hl str">        :param description: description attribute</span>
<span class="hl str">        :param name: name atttribute</span>
<span class="hl str">        :param sd: security descriptor of the object, can be</span>
<span class="hl str">        an SDDL string or security.descriptor type</span>
<span class="hl str">        &quot;&quot;&quot;</span>
        m <span class="hl opt">= {</span><span class="hl str">&quot;dn&quot;</span><span class="hl opt">:</span> ou_dn<span class="hl opt">,</span>
             <span class="hl str">&quot;objectClass&quot;</span><span class="hl opt">:</span> <span class="hl str">&quot;organizationalUnit&quot;</span><span class="hl opt">}</span>

        <span class="hl kwa">if</span> description<span class="hl opt">:</span>
            m<span class="hl opt">[</span><span class="hl str">&quot;description&quot;</span><span class="hl opt">] =</span> description
        <span class="hl kwa">if</span> name<span class="hl opt">:</span>
            m<span class="hl opt">[</span><span class="hl str">&quot;name&quot;</span><span class="hl opt">] =</span> name

        <span class="hl kwa">if</span> sd<span class="hl opt">:</span>
            m<span class="hl opt">[</span><span class="hl str">&quot;nTSecurityDescriptor&quot;</span><span class="hl opt">] =</span> <span class="hl kwd">ndr_pack</span><span class="hl opt">(</span>sd<span class="hl opt">)</span>
        self<span class="hl opt">.</span><span class="hl kwd">add</span><span class="hl opt">(</span>m<span class="hl opt">)</span>

    <span class="hl kwa">def</span> <span class="hl kwd">sequence_number</span><span class="hl opt">(</span>self<span class="hl opt">,</span> seq_type<span class="hl opt">):</span>
        <span class="hl str">&quot;&quot;&quot;Returns the value of the sequence number according to the requested type</span>
<span class="hl str">        :param seq_type: type of sequence number</span>
<span class="hl str">         &quot;&quot;&quot;</span>
        self<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            seq <span class="hl opt">=</span> <span class="hl kwb">super</span><span class="hl opt">(</span>SamDB<span class="hl opt">,</span> self<span class="hl opt">).</span><span class="hl kwd">sequence_number</span><span class="hl opt">(</span>seq_type<span class="hl opt">)</span>
        <span class="hl kwa">except</span> <span class="hl kwc">Exception</span><span class="hl opt">:</span>
             self<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
             <span class="hl kwa">raise</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            self<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>
        <span class="hl kwa">return</span> seq

    <span class="hl kwa">def</span> <span class="hl kwd">get_dsServiceName</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;get the NTDS DN from the rootDSE&#39;&#39;&#39;</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span><span class="hl str">&quot;&quot;</span><span class="hl opt">,</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">,</span> attrs<span class="hl opt">=[</span><span class="hl str">&quot;dsServiceName&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">return</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;dsServiceName&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]</span>

    <span class="hl kwa">def</span> <span class="hl kwd">get_serverName</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl str">&#39;&#39;&#39;get the server DN from the rootDSE&#39;&#39;&#39;</span>
        res <span class="hl opt">=</span> self<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span><span class="hl str">&quot;&quot;</span><span class="hl opt">,</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">,</span> attrs<span class="hl opt">=[</span><span class="hl str">&quot;serverName&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">return</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;serverName&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]</span>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit </a> (<a href='https://git-scm.com/'>git 2.34.1</a>) at 2025-07-07 04:09:54 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>