a

�.ds��@s�dZd
dl
mZ
d
dlmZmZmZ
gd�
Zd
dl	Z	d
dl
Z
d
dlZd
dlZd
dl
Z
d
dlZ
d
dlZ
d
dlZd
dlmZ
d
dlmZmZmZ
d
dlmZmZmZ
d
d	l
mZ
Gd
d�de�ZGdd
�d
e
j�ZGdd�d�Z Gdd�de �Z!e Z"dS)z]
ldapobject.py - wraps class _ldap.LDAPObject

See https://www.python-ldap.org/ for details.
�)
�strerror)�__version__�
__author__�__license__)�
LDAPObject�SimpleLDAPObject�ReconnectLDAPObject�LDAPBytesWarningN)
�SCHEMA_ATTRS)�LDAPControl�DecodeControlTuples�RequestControlTuples)�ExtendedRequest�ExtendedResponse�PasswordModifyResponse)
�	LDAPErrorcs eZ
dZd
Z�f
dd�Z�ZS)r	zPython 2 bytes mode warningc
s"t�
d
t�
t�j|
i|�
�

dS)Nz@LDAPBytesWarning is deprecated and will be removed in the future)�warnings�warn�DeprecationWarning�super�__init__��self�args�kwargs�
�	__class__��5/usr/lib64/python3.9/site-packages/ldap/ldapobject.pyr#s



�zLDAPBytesWarning.__init__)�__name__�
__module__�__qualname__�__doc__r�
__classcell__rrrrr	 s
r	c
@seZ
dZd
ZdS)�NO_UNIQUE_ENTRYz�
  Exception raised if a LDAP search returned more than entry entry
  although assumed to return a unique single search result.
  N)rr r!r"rrrrr$+s
r$c
@s:eZ
dZd
Zejejejejej	ej
ejejej
d�	Zd�dd�
Zedd	��
Zed
d��
Zd�d
d�
Zdd�Zdd�Zdd�Zdd�Zd�dd�
Zdd�Zd�dd�
Zd�dd�
Zd�dd �
Zd�d!d"�
Zd#d$�Zd%d&�Zd�d'd(�
Z d�d)d*�
Z!ej"f
d+d,�
Z#ej"f
d-d.�
Z$ddej%fd/d0�
Z&ddej%dfd1d2�
Z'ddej%dfd3d4�
Z(ddej%dfd5d6�
Z)d�d7d8�
Z*d�d9d:�
Z+d�d;d<�
Z,d=d>�Z-d?d@�Z.d�dAdB�
Z/d�dCdD�
Z0dEdF�Z1dGdH�Z2d�dIdJ�
Z3ej4dKdfdLdM�
Z5d�dNdO�
Z6d�dPdQ�
Z7d�dRdS�
Z8dTdU�Z9dVdW�Z:d�dXdY�
Z;d�dZd[�
Z<d�d\d]�
Z=d�d_d`�
Z>d�dadb�
Z?d�dcdd�
Z@ej4dKdfdedf�
ZAej4dKdfdgdh�
ZBej4dKddfdidj�
ZCej4dKdddddfdkdl�
ZDd�dndo�
ZEd�dpdq�
ZFd�drds�
ZGd�dtdu�
ZHd�dvdw�
ZIdxdy�ZJd�dzd{�
ZKd�d|d}�
ZLd~d�ZMd�d��ZNd�d�d��
ZOd�d��ZPd�d��ZQd�d�d��
ZRd�d�d��
ZSd�d�d��
ZTejUddddddmfd�d��
ZVd�d�d��
ZWd�d��ZXdS)�rz�
  This basic class wraps all methods of the underlying C API object.

  The arguments are same as for the :func:`~ldap.initialize()` function.
  )	�protocol_versionZderefZ	referralsZ	timelimit�	sizelimitZnetwork_timeoutZerror_numberZerror_stringZ
matched_dnr
N�cCs�|ptj
|_
|ptj|_||_|
|_|�d
�
|_|du
rvttd�sJt	d�
�
t|d�r\|�
�}tj�tj
tj||
�|_ntj�tj
tj|
�|_d|_tj|_|r�t	d�
�
dS)NZopcall�
initialize_fdz&libldap does not support initialize_fd�fileno���z-bytes_mode is *not* supported under Python 3.)�ldap�_trace_level�_trace_fileZ_trace_stack_limit�_uri�
_ldap_lock�_ldap_object_lock�hasattr�_ldap�
ValueErrorr)�	functions�_ldap_function_call�_ldap_module_lockr(�_l�
initialize�timeoutZVERSION3r%)r�uri�trace_level�
trace_file�trace_stack_limit�
bytes_mode�bytes_strictnessr)rrrrEs$












�


zSimpleLDAPObject.__init__c


Csd
S)NFr�
rrrrr>_szSimpleLDAPObject.bytes_modec


Csd
S)N�errorrr@rrrr?csz!SimpleLDAPObject.bytes_strictness�cCs(tj
rtjd
|
t|�
fd�
StjSdS)Nz%s within %s�
�desc)r+Z	LIBLDAP_R�LDAPLock�reprr6)rrDrrrr/gs

zSimpleLDAPObject._ldap_lockcOsP
|j�
�
d
}zTzB|
|i|�
�
}drF|jdkrF|
jdkrF|j�t	j
�
}W|j��
n|j��
0Wn�t�
y
}
z�z<d|j
dv
r�d|j
dvr�t|j
dd�
|j
dd<Wnty�


Yn0dr�|jdkr�|j�d�|jjt|�
��

�WYd
}~nPd
}~00d�
rL|jdk�
rL|d
u
�
r6|j�d	t|�
�

|j�d
t�|�
�

|S)z[
    Wrapper method mainly for serializing calls into OpenLDAP libs
    and trace logs
    NF��
unbind_ext�infor
�errnoz=> LDAPError - {}: {}
z=> diagnosticMessage: %s
z=> result:
%s
)r0�acquirerF�pprint�	tracebackr,rr7�
get_optionr+ZOPT_DIAGNOSTIC_MESSAGE�releaserrr�
IndexErrorr-�write�formatr�strZpformat)r�funcrrZdiagnostic_message_success�result�
errr�
_ldap_callms.











 









zSimpleLDAPObject._ldap_callcCs,|
|jvr|�
|j|
|�
n
||j|
<dS�
N)�CLASSATTR_OPTION_MAPPING�
set_option�__dict__)r�name�valuerrr�__setattr__�s


zSimpleLDAPObject.__setattr__cCsJ|
|jvr|�
|j|
�
S|
|jvr.|j|
Std
�|jjt|
�
��
�
dS)Nz{} has no attribute {})rYrNr[�AttributeErrorrRrrrF�rr\rrr�__getattr__�s







�zSimpleLDAPObject.__getattr__c

Cs|�t
j�
S)
z
    Returns file description of LDAP connection.

    Just a convenience wrapper for LDAPObject.get_option(ldap.OPT_DESC)
    )rNr+ZOPT_DESCr@rrrr)�szSimpleLDAPObject.filenocCs|�|j
j|
t|�
t|�
�S)
a�

    abandon_ext(msgid[,serverctrls=None[,clientctrls=None]]) -> None
    abandon(msgid) -> None
        Abandons or cancels an LDAP operation in progress. The msgid should
        be the message id of an outstanding LDAP operation as returned
        by the asynchronous methods search(), modify() etc.  The caller
        can expect that the result of an abandoned operation will not be
        returned from a future call to result().
    )rWr7�abandon_extr
)r�msgid�serverctrls�clientctrlsrrrrb�s
zSimpleLDAPObject.abandon_extcCs|�|
dd�SrX)
rb)rrcrrr�abandon�s
zSimpleLDAPObject.abandoncCs|�|j
j|
t|�
t|�
�S)
aQ
    cancel(cancelid[,serverctrls=None[,clientctrls=None]]) -> int
        Send cancels extended operation for an LDAP operation specified by cancelid.
        The cancelid should be the message id of an outstanding LDAP operation as returned
        by the asynchronous methods search(), modify() etc.  The caller
        can expect that the result of an abandoned operation will not be
        returned from a future call to result().
        In opposite to abandon() this extended operation gets an result from
        the server and thus should be preferred if the server supports it.
    )rWr7�cancelr
)r�cancelidrdrerrrrg�szSimpleLDAPObject.cancelc	CsH|�|
||�}z|j
|d
|jd�}WntjtjfyB


d}Yn0|S�N�
��allr9)rgrUr9r+Z	CANCELLED�SUCCESS)rrhrdrerc�resrrr�cancel_s�s






zSimpleLDAPObject.cancel_scCs|�|j
j|
|t|�
t|�
�S)
a\

    add_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int
        This function adds a new entry with a distinguished name
        specified by dn which means it must not already exist.
        The parameter modlist is similar to the one passed to modify(),
        except that no operation integer need be included in the tuples.
    )rWr7�add_extr
�r�dn�modlistrdrerrrrp�szSimpleLDAPObject.add_extc
Cs6|�|
|||�}|j
|d
|jd�\}}}}	||||	fSri)rp�result3r9�
rrrrsrdrerc�	resp_type�	resp_data�
resp_msgid�
resp_ctrlsrrr�	add_ext_s�s


zSimpleLDAPObject.add_ext_scCs|�|
|d
d
�S)a2

    add(dn, modlist) -> int
        This function adds a new entry with a distinguished name
        specified by dn which means it must not already exist.
        The parameter modlist is similar to the one passed to modify(),
        except that no operation integer need be included in the tuples.
    N)
rp�rrrrsrrr�add�szSimpleLDAPObject.addcCs|�|
|dd�SrX)
rzr{rrr�add_s�s
zSimpleLDAPObject.add_scCs|�|j
j|
|t|�
t|�
�S)
z1
    simple_bind([who='' [,cred='']]) -> int
    )rWr7�simple_bindr
)r�who�credrdrerrrr~�szSimpleLDAPObject.simple_bindc
Cs6|�|
|||�}|j
|d
|jd�\}}}}	||||	fS)z7
    simple_bind_s([who='' [,cred='']]) -> 4-tuple
    rjrk)r~rtr9)
rrr�rdrercrvrwrxryrrr�
simple_bind_s�s

zSimpleLDAPObject.simple_bind_scCs|�|
|�S)
z(
    bind(who, cred, method) -> int
    )
r~)rrr��methodrrr�bind�szSimpleLDAPObject.bindcCs |�|
||�}|j
|d
|jd�S)z+
    bind_s(who, cred, method) -> None
    rjrk)r�rUr9)rrr�r�rcrrr�bind_s
s
zSimpleLDAPObject.bind_scCs |�|j
j|
|t|�
t|�
|�S)
zx
    sasl_interactive_bind_s(who, auth [,serverctrls=None[,clientctrls=None[,sasl_flags=ldap.SASL_QUIET]]]) -> None
    )rWr7�sasl_interactive_bind_sr
)rr�authrdre�
sasl_flagsrrrr�

sz(SimpleLDAPObject.sasl_interactive_bind_scCs,tj
�
tj
j|i
|
�}|�d
||||�
dS)z^
    Send a SASL bind request using a non-interactive SASL method (e.g. GSSAPI, EXTERNAL)
    rBN)r+ZsaslZCB_USERr�)rZ	sasl_mechrdrer��authz_idr�rrr�sasl_non_interactive_bind_s
s



�z,SimpleLDAPObject.sasl_non_interactive_bind_scCs|�d
|
|||�
dS)z9
    Send SASL bind request using SASL mech EXTERNAL
    ZEXTERNALN�
r��rrdrer�r�rrr�sasl_external_bind_s
sz%SimpleLDAPObject.sasl_external_bind_scCs|�d
|
|||�
dS)z7
    Send SASL bind request using SASL mech GSSAPI
    ZGSSAPINr�r�rrr�sasl_gssapi_bind_s 
sz#SimpleLDAPObject.sasl_gssapi_bind_sc	Cs |�|j
j|
||t|�
t|�
�S)
z\
    sasl_bind_s(dn, mechanism, cred [,serverctrls=None[,clientctrls=None]]) -> int|str
    )rWr7�sasl_bind_sr
)rrrZ	mechanismr�rdrerrrr�&
szSimpleLDAPObject.sasl_bind_sc	Cs |�|j
j|
||t|�
t|�
�S)
a
    compare_ext(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> int
    compare_ext_s(dn, attr, value [,serverctrls=None[,clientctrls=None]]) -> bool
    compare(dn, attr, value) -> int
    compare_s(dn, attr, value) -> bool
        Perform an LDAP comparison between the attribute named attr of entry
        dn, and the value value. The synchronous form returns True or False.
        The asynchronous form returns the message id of the initiates request,
        and the result of the asynchronous compare can be obtained using
        result().

        Note that this latter technique yields the answer by raising
        the exception objects COMPARE_TRUE or COMPARE_FALSE.

        A design bug in the library prevents value from containing
        nul characters.
    )rWr7�compare_extr
)rrr�attrr]rdrerrrr�,
szSimpleLDAPObject.compare_extcCsh|�|
||||�}z|j
|d
|jd�}Wn*tjy>


YdStjyR


YdS0t�d|���
�
dS)NrjrkTFz)Compare operation returned wrong result: )r�rtr9r+ZCOMPARE_TRUEZ
COMPARE_FALSE�PROTOCOL_ERROR)rrrr�r]rdrercZldap_resrrr�
compare_ext_s@
s








�zSimpleLDAPObject.compare_ext_scCs|�|
||dd�SrX)
r��rrrr�r]rrr�compareL
s
zSimpleLDAPObject.comparecCs|�|
||dd�SrX)
r�r�rrr�	compare_sO
s
zSimpleLDAPObject.compare_scCs|�|j
j|
t|�
t|�
�S)
a�

    delete(dn) -> int
    delete_s(dn) -> None
    delete_ext(dn[,serverctrls=None[,clientctrls=None]]) -> int
    delete_ext_s(dn[,serverctrls=None[,clientctrls=None]]) -> tuple
        Performs an LDAP delete operation on dn. The asynchronous
        form returns the message id of the initiated request, and the
        result can be obtained from a subsequent call to result().
    )rWr7�
delete_extr
)rrrrdrerrrr�R
s
zSimpleLDAPObject.delete_extc	Cs4|�|
||�}|j
|d
|jd�\}}}}||||fSri)r�rtr9)	rrrrdrercrvrwrxryrrr�delete_ext_s^
s


zSimpleLDAPObject.delete_ext_scCs|�|
dd�SrX)
r��rrrrrr�deletec
s
zSimpleLDAPObject.deletecCs|�|
dd�SrX)
r�r�rrr�delete_sf
s
zSimpleLDAPObject.delete_scCs$|�|j
j|
j|
��t|�
t|�
�S)
a�
    extop(extreq[,serverctrls=None[,clientctrls=None]]]) -> int
    extop_s(extreq[,serverctrls=None[,clientctrls=None[,extop_resp_class=None]]]]) ->
        (respoid,respvalue)
        Performs an LDAP extended operation. The asynchronous
        form returns the message id of the initiated request, and the
        result can be obtained from a subsequent call to extop_result().
        The extreq is an instance of class ldap.extop.ExtendedRequest.

        If argument extop_resp_class is set to a sub-class of
        ldap.extop.ExtendedResponse this class is used to return an
        object of this class instead of a raw BER value in respvalue.
    )rWr7�extopZrequestNameZencodedRequestValuer
)r�extreqrdrerrrr�i
szSimpleLDAPObject.extoprjc	Cs,|j|
d
|j
d
d
d
d�\}}}
}}}||fS)Nrj)rlr9�	add_ctrls�add_intermediates�	add_extop)�result4r9)	rrcrlr9Z
resulttype�msgZ	respctrls�respoid�	respvaluerrr�extop_resulty
s
$
zSimpleLDAPObject.extop_resultc	Csb|�|
||�}|j
|d
|jd�}|rZ|\}}|j|krNt�d|j�d|���
�
||j|�S|SdS)Nrjrkz)Wrong OID in extended response! Expected z, got )r�r�r9�responseNamer+r�)	rr�rdreZextop_resp_classrcrnr�r�rrr�extop_s}
s







zSimpleLDAPObject.extop_scCs|�|j
j|
|t|�
t|�
�S)
zN
    modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int
    )rWr7�
modify_extr
rqrrrr��
szSimpleLDAPObject.modify_extc
Cs6|�|
|||�}|j
|d
|jd�\}}}}	||||	fSri)r�rtr9rurrr�modify_ext_s�
s


zSimpleLDAPObject.modify_ext_scCs|�|
|d
d
�S)a�
    modify(dn, modlist) -> int
    modify_s(dn, modlist) -> None
    modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int
    modify_ext_s(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> tuple
        Performs an LDAP modify operation on an entry's attributes.
        dn is the DN of the entry to modify, and modlist is the list
        of modifications to make to the entry.

        Each element of the list modlist should be a tuple of the form
        (mod_op,mod_type,mod_vals), where mod_op is the operation (one of
        MOD_ADD, MOD_DELETE, MOD_INCREMENT or MOD_REPLACE), mod_type is a
        string indicating the attribute type name, and mod_vals is either a
        string value or a list of string values to add, delete, increment by or
        replace respectively.  For the delete operation, mod_vals may be None
        indicating that all attributes are to be deleted.

        The asynchronous modify() returns the message id of the
        initiated request.
    N)
r�r{rrr�modify�
szSimpleLDAPObject.modifycCs|�|
|dd�SrX)
r�r{rrr�modify_s�
s
zSimpleLDAPObject.modify_scCs|�|
|d
|�S)ac
    modrdn(dn, newrdn [,delold=1]) -> int
    modrdn_s(dn, newrdn [,delold=1]) -> None
        Perform a modify RDN operation. These routines take dn, the
        DN of the entry whose RDN is to be changed, and newrdn, the
        new RDN to give to the entry. The optional parameter delold
        is used to specify whether the old RDN should be kept as
        an attribute of the entry or not.  The asynchronous version
        returns the initiated message id.

        This operation is emulated by rename() and rename_s() methods
        since the modrdn2* routines in the C library are deprecated.
    N)
�rename�rrr�newrdn�deloldrrr�modrdn�
szSimpleLDAPObject.modrdncCs|�|
|d|�SrX)
�rename_sr�rrr�modrdn_s�
s
zSimpleLDAPObject.modrdn_sc	Cs |�|j
j|
||t|�
t|�
�SrX)rWr7�passwdr
)r�user�oldpw�newpwrdrerrrr��
s
zSimpleLDAPObject.passwdFc
Cs\|�|
||||�}|j
|d
|jd�\}}	|tjkr@t�d|�
�
|rT|	rTttj|	�}	||	fS)Nrjrkz'Unexpected OID %s in extended response!)r�r�r9rr�r+r�)
rr�r�r�rdreZ
extract_newpwrcr�r�rrr�passwd_s�
s





zSimpleLDAPObject.passwd_sc
Cs"|�|j
j|
|||t|�
t|�
�S)
a
    rename(dn, newrdn [, newsuperior=None [,delold=1][,serverctrls=None[,clientctrls=None]]]) -> int
    rename_s(dn, newrdn [, newsuperior=None] [,delold=1][,serverctrls=None[,clientctrls=None]]) -> None
        Perform a rename entry operation. These routines take dn, the
        DN of the entry whose RDN is to be changed, newrdn, the
        new RDN, and newsuperior, the new parent DN, to give to the entry.
        If newsuperior is None then only the RDN is modified.
        The optional parameter delold is used to specify whether the
        old RDN should be kept as an attribute of the entry or not.
        The asynchronous version returns the initiated message id.

        This actually corresponds to the rename* routines in the
        LDAP-EXT C API library.
    )rWr7r�r
)rrrr��newsuperiorr�rdrerrrr��
szSimpleLDAPObject.renamecCs:|�|
|||||�}|j
|d
|jd�\}}	}
}||	|
|fSri)r�rtr9)rrrr�r�r�rdrercrvrwrxryrrrr��
s


zSimpleLDAPObject.rename_scCs|�|
||�\}}}||fS)
a�	
    result([msgid=RES_ANY [,all=1 [,timeout=None]]]) -> (result_type, result_data)

        This method is used to wait for and return the result of an
        operation previously initiated by one of the LDAP asynchronous
        operation routines (e.g. search(), modify(), etc.) They all
        returned an invocation identifier (a message id) upon successful
        initiation of their operation. This id is guaranteed to be
        unique across an LDAP session, and can be used to request the
        result of a specific operation via the msgid parameter of the
        result() method.

        If the result of a specific operation is required, msgid should
        be set to the invocation message id returned when the operation
        was initiated; otherwise RES_ANY should be supplied.

        The all parameter only has meaning for search() responses
        and is used to select whether a single entry of the search
        response should be returned, or to wait for all the results
        of the search before returning.

        A search response is made up of zero or more search entries
        followed by a search result. If all is 0, search entries will
        be returned one at a time as they come in, via separate calls
        to result(). If all is 1, the search response will be returned
        in its entirety, i.e. after all entries and the final search
        result have been received.

        For all set to 0, result tuples
        trickle in (with the same message id), and with the result type
        RES_SEARCH_ENTRY, until the final result which has a result
        type of RES_SEARCH_RESULT and a (usually) empty data field.
        When all is set to 1, only one result is returned, with a
        result type of RES_SEARCH_RESULT, and all the result tuples
        listed in the data field.

        The method returns a tuple of the form (result_type,
        result_data).  The result_type is one of the constants RES_*.

        See search() for a description of the search result's
        result_data, otherwise the result_data is normally meaningless.

        The result() method will block for timeout seconds, or
        indefinitely if timeout is negative.  A timeout of 0 will effect
        a poll. The timeout can be expressed as a floating-point value.
        If timeout is None the default in self.timeout is used.

        If a timeout occurs, a TIMEOUT exception is raised, unless
        polling (timeout = 0), in which case (None, None) is returned.
    )
�result2)rrcrlr9rvrwrxrrrrU�
s3
zSimpleLDAPObject.resultcCs |�|
||�\}}}}|||fSrX)
rt)rrcrlr9rvrwrxryrrrr�s

zSimpleLDAPObject.result2c	Cs0|j|
||d
d
d
|d�\}}}}}	}
||||fS)Nr
)r�r�r��resp_ctrl_classes)
r�)rrcrlr9r�rvrwrx�decoded_resp_ctrlsZretoidZretvalrrrrts



�zSimpleLDAPObject.result3c	s�|dur|j}|�
|jj|
|||||�}|durBd
\}	}
}}}
}nHt|�
dkrd|\}	}
}}d\}
}n|\}	}
}}}
}|r��f
dd�|
D�
}
t|��}|	|
|||
|fS)N)NNNNNN�)NNc
s"g|]\}
}}|
|t|��f�qSr)
r)�.0�
t�
r�
c�
r�rr�
<listcomp>3�z,SimpleLDAPObject.result4.<locals>.<listcomp>)r9rWr7r��lenr)rrcrlr9r�r�r�r�Zldap_resultrvrwrxryZ	resp_nameZ
resp_valuer�rr�rr�&s












zSimpleLDAPObject.result4r*c

Cs4|d
urd}|�|j
j|
||||t|�
t|�
||	�
S)a�
    search(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) -> int
    search_s(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]])
    search_st(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,timeout=-1]]]])
    search_ext(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]])
    search_ext_s(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]])

        Perform an LDAP search operation, with base as the DN of
        the entry at which to start the search, scope being one of
        SCOPE_BASE (to search the object itself), SCOPE_ONELEVEL
        (to search the object's immediate children), or SCOPE_SUBTREE
        (to search the object and all its descendants).

        filter is a string representation of the filter to
        apply in the search (see RFC 4515).

        Each result tuple is of the form (dn,entry), where dn is a
        string containing the DN (distinguished name) of the entry, and
        entry is a dictionary containing the attributes.
        Attributes types are used as string dictionary keys and attribute
        values are stored in a list as dictionary value.

        The DN in dn is extracted using the underlying ldap_get_dn(),
        which may raise an exception of the DN is malformed.

        If attrsonly is non-zero, the values of attrs will be
        meaningless (they are not transmitted in the result).

        The retrieved attributes can be limited with the attrlist
        parameter.  If attrlist is None, all the attributes of each
        entry are returned.

        serverctrls=None

        clientctrls=None

        The synchronous form with timeout, search_st() or search_ext_s(),
        will block for at most timeout seconds (or indefinitely if
        timeout is negative). A TIMEOUT exception is raised if no result is
        received within the time.

        The amount of search results retrieved can be limited with the
        sizelimit parameter if non-zero.
    Nz(objectClass=*))rWr7�
search_extr
)
r�base�scope�	filterstr�attrlist�	attrsonlyrdrer9r&rrrr�7s-







�zSimpleLDAPObject.search_extc
Cs.|�|
||||||||	�	}
|j
|
d
|d�d
Sri)r�rU)rr�r�r�r�r�rdrer9r&rcrrr�search_ext_sos

zSimpleLDAPObject.search_ext_sc	Cs|�|
||||dd�SrX)
r��rr�r�r�r�r�rrr�searchss
zSimpleLDAPObject.searchc
Cs|j|
||||dd|j
d
�S)N)
r9)r�r9r�rrr�search_svs
zSimpleLDAPObject.search_sc
Cs|�|
||||dd|�SrX)
r�)rr�r�r�r�r�r9rrr�	search_stys
zSimpleLDAPObject.search_stc

Cs|�|j
j�
S)
z�
    start_tls_s() -> None
    Negotiate TLS with server. The `version' attribute must have been
    set to VERSION3 before calling start_tls_s.
    If TLS could not be started an exception will be raised.
    )rWr7�start_tls_sr@rrrr�|szSimpleLDAPObject.start_tls_scCs:|�|j
jt|
�
t|�
�}z|`
Wnty4


Yn0|S)
a�

    unbind() -> int
    unbind_s() -> None
    unbind_ext() -> int
    unbind_ext_s() -> None
        This call is used to unbind from the directory, terminate
        the current association, and free resources. Once called, the
        connection to the LDAP server is closed and the LDAP object
        is invalid. Further invocation of methods on the object will
        yield an exception.

        The unbind and unbind_s methods are identical, and are
        synchronous in nature
    )rWr7rHr
r_)rrdrernrrrrH�s




zSimpleLDAPObject.unbind_extcCs`|�|
|�}|dkr(|j
|d
|jd�}nd}dr\|jd
kr\z|j��
WntyZ


Yn0|S)NrjrkF)rHrtr9r,r-�flushr_)rrdrercrUrrr�unbind_ext_s�s








zSimpleLDAPObject.unbind_ext_sc

Cs|�dd�SrX)
rHr@rrr�unbind�s
zSimpleLDAPObject.unbindc

Cs|�dd�SrX)
r�r@rrr�unbind_s�s
zSimpleLDAPObject.unbind_scCs|�|j
j|
|�SrX)rWr7�whoami_s)rrdrerrrr��s
zSimpleLDAPObject.whoami_scCs0|�|j
j|
�}|
tjks$|
tjkr,t|�
}|SrX)rWr7rNr+�OPT_SERVER_CONTROLS�OPT_CLIENT_CONTROLSr)r�optionrUrrrrN�s



zSimpleLDAPObject.get_optioncCs.|
tj
ks|
tjkrt|�
}|�|jj|
|�SrX)r+r�r�r
rWr7rZ�rr�ZinvaluerrrrZ�s


zSimpleLDAPObject.set_optionc
Cs�d
}d}|
dur|}
z|�|
t
jd|g
�}Wn6t
jt
jt
jfyN


g}Ynt
jyb


YdS0zd|r�t
j�|dd�
}|�|dg
�d}|dur�|
r�|j	|d�
WSWdSn|du
r�|�
d�
WSWnty�


YdS0dS)a


    Returns the distinguished name of the sub schema sub entry
    for a part of a DIT specified by dn.

    None as result indicates that the DN of the sub schema sub entry could
    not be determined.

    Returns: None or text/bytes depending on bytes_mode.
    rBZsubschemaSubentryNr
rj)
rrzutf-8)r�r+�
SCOPE_BASE�NO_SUCH_OBJECTZNO_SUCH_ATTRIBUTEZINSUFFICIENT_ACCESSZUNDEFINED_TYPEZcidict�get�search_subschemasubentry_s�decoderP)rrrZempty_dn�attrnamer�rVZsearch_subschemasubentry_dnrrrr��s0






�











z+SimpleLDAPObject.search_subschemasubentry_sc	Cs2|j|
t
j|||||d
�}|r*|ddSdSdS)z~
    Reads and returns a single entry specified by `dn'.

    Other attributes just like those passed to `search_ext_s()'
    )r�rdrer9r
rjN)r�r+r�)rrrr�r�rdrer9r�rrr�read_s�s






�	
zSimpleLDAPObject.read_scCsDd
}|durt}z|j
|
||d�}Wntjy:


YdS0|SdS)z1
    Returns the sub schema sub entry's data
    z(objectClass=subschema)N�r�r�)r
r�r+r�)rZsubschemasubentry_dn�attrsr�Zsubschemasubentryrrr�read_subschemasubentry_s�s






�

z)SimpleLDAPObject.read_subschemasubentry_sc	
Cs@|j|
|||||||d
d�	}	t
|	�
dkr8tdt|�
�
�
|	dS)z@
    Returns a unique entry, raises exception if not unique
    rG)r�r�rdrer9r&rjz%No or non-unique search result for %sr
)r�r�r$rF)
rr�r�r�r�r�rdrer9r�rrr�find_unique_entry	s








�

z"SimpleLDAPObject.find_unique_entrycCs$d
}|pddg}|j||
|d�}|S)zA
    convenience wrapper around read_s() for reading rootDSE
    rB�
*�
+r�)
r�)rr�r�r�Zldap_rootdserrr�read_rootdse_ss




�zSimpleLDAPObject.read_rootdse_sc
Csd
}
|j|
g
d�
�
|
g�S)z�
    returns all attribute values of namingContexts in rootDSE
    if namingContexts is not present (not readable) then empty list is returned
    ZnamingContexts)
r�)r�r�r`rrr�get_naming_contexts)s

��z$SimpleLDAPObject.get_naming_contexts)r
Nr'NNN)
rB)NN)NN)NN)NN)NN)NNNN)NNNN)NN)NN)NN)NN)NN)NN)NNN)NN)NN)
rj)
rj)NN)NNF)NrjNN)NrjNN)NNr
NNr*r
)NNr
NNr*r
)NNr
)NNr
)NNr
r*)NN)NN)NN)
N)NNNNr*)
N)NN)Yrr r!r"r+ZOPT_PROTOCOL_VERSIONZ	OPT_DEREFZ
OPT_REFERRALSZ
OPT_TIMELIMITZ
OPT_SIZELIMITZOPT_NETWORK_TIMEOUTZOPT_ERROR_NUMBERZOPT_ERROR_STRINGZOPT_MATCHED_DNrYr�propertyr>r?r/rWr^rar)rbrfrgrorprzr|r}r~r�ZAUTH_SIMPLEr�r�Z
SASL_QUIETr�r�r�r�r�r�r�r�r�r�r�r�r�r�ZRES_ANYr�r�r�r�r�r�r�r�r�r�r�r�rUr�rtr�r�r�r�r�r�r�rHr�r�r�r�rNrZr�r�r�Z
SCOPE_SUBTREEr�r�r�rrrrr2s�








�
�





)

























6
8



	




'



rc@s�eZ
dZd
Zhd�
Zd8dd	�
Zd
d�Zdd
�Zdd�Zdd�Z	dd�Z
dd�Zd9dd�
Zdd�Z
dd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0d1�Zd2d3�Zd4d5�Zd6d7�ZdS):ra0
  :py:class:`SimpleLDAPObject` subclass whose synchronous request methods
  automatically reconnect and re-try in case of server failure
  (:exc:`ldap.SERVER_DOWN`).

  The first arguments are same as for the :py:func:`~ldap.initialize()`
  function.
  For automatic reconnects it has additional arguments:

  * retry_max: specifies the number of reconnect attempts before
    re-raising the :py:exc:`ldap.SERVER_DOWN` exception.

  * retry_delay: specifies the time in seconds between reconnect attempts.

  This class also implements the pickle protocol.
  >r0r-�
_last_bind�_reconnect_lockr7r
Nr'rj�N@c


Cs^|
|_g|_
d
|_tj||
||||||	d�
tjdt|�
d�
|_||_	||_
d|_d|_d
S)z�
    Parameters like SimpleLDAPObject.__init__() with these
    additional arguments:

    retry_max
        Maximum count of reconnect trials
    retry_delay
        Time span to wait between two reconnect trials
    N)r?r)�reconnect lock within %srCr
)
r.�_optionsr�rrr+rErFr��
_retry_max�_retry_delay�
_start_tls�_reconnects_done)
rr:r;r<r=r>r?�	retry_max�retry_delayr)rrrrNs





�



zReconnectLDAPObject.__init__c
s>�f
d
d��j�
�D�
}
�jdj�jd�jdf|
d<|
S)z-return data representation for pickled objectc
s i|]\}
}|
�jv
r|
|�qSr)
�__transient_attrs__)r��
k�
vr@rr�
<dictcomp>ks

�z4ReconnectLDAPObject.__getstate__.<locals>.<dictcomp>r
rjrGr�)r[�itemsr�r)r�staterr@r�__getstate__is

�"
z ReconnectLDAPObject.__getstate__cCs�|
�d
�
}|r|
�
dd�
n|
�
dd�
|j�|
�

tt|jd�|jd|jdf|_|��|_t	j
dt|�
d	�
|_t	j
|_
|�|j�

d
S)z#set up the object from pickled dataZbytes_mode_hardfailr?rArr
rjrGr�rCN)r��
setdefaultr[�update�getattrrr�r/r0r+rErFr�r-�	reconnectr.)r�
dZhardfailrrr�__setstate__ss




$



z ReconnectLDAPObject.__setstate__cOs|
||f|_dSrX)
r�)r�_methodrrrrr�_store_last_bind�s
z$ReconnectLDAPObject._store_last_bindc
Cs@|jdkr.|j\}
}}|
|g
|�
Ri|�
�

nt
�|dd�
dSrX)r�rr��rrTrrrrr�_apply_last_bind�s



z$ReconnectLDAPObject._apply_last_bindc
Cs"|jD]\}
}t
�||
|�
qd
S)zRestore all recorded optionsN)r�rrZ)rr�r�rrr�_restore_options�s
z$ReconnectLDAPObject._restore_optionsc
Os|jt
jg
|
�
Ri|�
�
SrX)�_apply_method_srr�rrrrr��s
zReconnectLDAPObject.passwd_sc	Cs~
|j�
�
�
z`|}|�
r`d
||d|f}drN|jdkrN|j�d�||
��

z`z:tj�tj	t
j|
�|_|�
�
|jr�t�|�

|��
Wn tjy�


t�|�

�Yn0Wnxtjtjf�
y&


dr�|jdkr�|j�d�||
��

|d}|s��d�
r|jdk�
r|j�d|�

t�|�

Yq0d�
rN|jdk�
rN|j�d�||
��

|jd|_�
q`qW|j��
n|j��
0dS)Nz%d. (of %d)rjFz!*** Trying {} reconnect to {}...
z*** {} reconnect to {} failed
z=> delay %s...
z;*** {} reconnect to {} successful => repeat last operation
)r�rKr,r-rQrRr+r4r5r6r2r8r7r
r�rr�r
rr��SERVER_DOWNZTIMEOUT�time�sleepr�rO)rr:r�r�Zreconnect_counterZcounter_textrrrr��sL








�












�







�

zReconnectLDAPObject.reconnectcOs�t|d
�s |j
|j|j|jd�
z|
|g
|�
Ri|�
�
WStjy�


t�|�

|j
|j|j|jd�
|
|g
|�
Ri|�
�
YS0dS)Nr7)r�r�)	r1r�r.r�r�r+r
rr�r
rrrr
�s







z#ReconnectLDAPObject._apply_method_scCs|j�
|
|f�

t�||
|�SrX)r��appendrrZr�rrrrZ�s

zReconnectLDAPObject.set_optionc
Os8|jt
jg
|
�
Ri|�
�
}|jt
jg
|
�
Ri|�
�

|SrX)r
rr�r
�rrrrnrrrr��s


zReconnectLDAPObject.bind_sc
Os8|jt
jg
|
�
Ri|�
�
}|jt
jg
|
�
Ri|�
�

|SrX)r
rr�r
r
rrrr��s


z!ReconnectLDAPObject.simple_bind_sc
Os$|jt
jg
|
�
Ri|�
�
}d
|_|S)Nrj)r
rr�r�r
rrrr��s


zReconnectLDAPObject.start_tls_sc
Os8|jt
jg
|
�
Ri|�
�
}|jt
jg
|
�
Ri|�
�

|S)
z4
    sasl_interactive_bind_s(who, auth) -> None
    )r
rr�r
r
rrrr��s

z+ReconnectLDAPObject.sasl_interactive_bind_sc
Os8|jt
jg
|
�
Ri|�
�
}|jt
jg
|
�
Ri|�
�

|SrX)r
rr�r
r
rrrr��s


zReconnectLDAPObject.sasl_bind_sc
Os|jt
jg
|
�
Ri|�
�
SrX)r
rrzrrrrrz�s
zReconnectLDAPObject.add_ext_sc
Os|jt
jg
|
�
Ri|�
�
SrX)r
rrorrrrro�s
zReconnectLDAPObject.cancel_sc
Os|jt
jg
|
�
Ri|�
�
SrX)r
rr�rrrrr��s
z!ReconnectLDAPObject.compare_ext_sc
Os|jt
jg
|
�
Ri|�
�
SrX)r
rr�rrrrr��s
z ReconnectLDAPObject.delete_ext_sc
Os|jt
jg
|
�
Ri|�
�
SrX)r
rr�rrrrr��s
zReconnectLDAPObject.extop_sc
Os|jt
jg
|
�
Ri|�
�
SrX)r
rr�rrrrr��s
z ReconnectLDAPObject.modify_ext_sc
Os|jt
jg
|
�
Ri|�
�
SrX)r
rr�rrrrr�s
zReconnectLDAPObject.rename_sc
Os|jt
jg
|
�
Ri|�
�
SrX)r
rr�rrrrr�s
z ReconnectLDAPObject.search_ext_sc
Os|jt
jg
|
�
Ri|�
�
SrX)r
rr�rrrrr�s
zReconnectLDAPObject.whoami_s)r
Nr'NNrjr�N)rjr�)rr r!r"r�rr�r
r
r
r
r�r�r
rZr�r�r�r�r�rzror�r�r�r�r�r�r�rrrrr4s8


�


/r)#r"�osrZldap.pkginforrr�__all__rM�sysr
rLr2r+Z	ldap.saslZldap.functionsrZldap.schemar
Z
ldap.controlsrrr
Z
ldap.extoprrrr�BytesWarningr	r�r$rrrrrrr�<module>
s*8


[