"""
"""
# Created on 2014.05.14
#
# Author: Giovanni Cannata
#
# Copyright 2014 - 2018 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from os import sep
from .results import RESULT_OPERATIONS_ERROR, RESULT_PROTOCOL_ERROR, RESULT_TIME_LIMIT_EXCEEDED, RESULT_SIZE_LIMIT_EXCEEDED, \
RESULT_STRONGER_AUTH_REQUIRED, RESULT_REFERRAL, RESULT_ADMIN_LIMIT_EXCEEDED, RESULT_UNAVAILABLE_CRITICAL_EXTENSION, \
RESULT_AUTH_METHOD_NOT_SUPPORTED, RESULT_UNDEFINED_ATTRIBUTE_TYPE, RESULT_NO_SUCH_ATTRIBUTE, \
RESULT_SASL_BIND_IN_PROGRESS, RESULT_CONFIDENTIALITY_REQUIRED, RESULT_INAPPROPRIATE_MATCHING, \
RESULT_CONSTRAINT_VIOLATION, \
RESULT_ATTRIBUTE_OR_VALUE_EXISTS, RESULT_INVALID_ATTRIBUTE_SYNTAX, RESULT_NO_SUCH_OBJECT, RESULT_ALIAS_PROBLEM, \
RESULT_INVALID_DN_SYNTAX, RESULT_ALIAS_DEREFERENCING_PROBLEM, RESULT_INVALID_CREDENTIALS, RESULT_LOOP_DETECTED, \
RESULT_ENTRY_ALREADY_EXISTS, RESULT_LCUP_SECURITY_VIOLATION, RESULT_CANCELED, RESULT_E_SYNC_REFRESH_REQUIRED, \
RESULT_NO_SUCH_OPERATION, RESULT_LCUP_INVALID_DATA, RESULT_OBJECT_CLASS_MODS_PROHIBITED, RESULT_NAMING_VIOLATION, \
RESULT_INSUFFICIENT_ACCESS_RIGHTS, RESULT_OBJECT_CLASS_VIOLATION, RESULT_TOO_LATE, RESULT_CANNOT_CANCEL, \
RESULT_LCUP_UNSUPPORTED_SCHEME, RESULT_BUSY, RESULT_AFFECT_MULTIPLE_DSAS, RESULT_UNAVAILABLE, \
RESULT_NOT_ALLOWED_ON_NON_LEAF, \
RESULT_UNWILLING_TO_PERFORM, RESULT_OTHER, RESULT_LCUP_RELOAD_REQUIRED, RESULT_ASSERTION_FAILED, \
RESULT_AUTHORIZATION_DENIED, RESULT_LCUP_RESOURCES_EXHAUSTED, RESULT_NOT_ALLOWED_ON_RDN, \
RESULT_INAPPROPRIATE_AUTHENTICATION
import socket
# LDAPException hierarchy
[docs]class LDAPException(Exception):
pass
[docs]class LDAPOperationResult(LDAPException):
def __new__(cls, result=None, description=None, dn=None, message=None, response_type=None, response=None):
if cls is LDAPOperationResult and result and result in exception_table:
exc = super(LDAPOperationResult, exception_table[result]).__new__(
exception_table[result]) # create an exception of the required result error
exc.result = result
exc.description = description
exc.dn = dn
exc.message = message
exc.type = response_type
exc.response = response
else:
exc = super(LDAPOperationResult, cls).__new__(cls)
return exc
def __init__(self, result=None, description=None, dn=None, message=None, response_type=None, response=None):
self.result = result
self.description = description
self.dn = dn
self.message = message
self.type = response_type
self.response = response
def __str__(self):
s = [self.__class__.__name__,
str(self.result) if self.result else None,
self.description if self.description else None,
self.dn if self.dn else None,
self.message if self.message else None,
self.type if self.type else None,
self.response if self.response else None]
return ' - '.join([str(item) for item in s if s is not None])
def __repr__(self):
return self.__str__()
[docs]class LDAPOperationsErrorResult(LDAPOperationResult):
pass
[docs]class LDAPProtocolErrorResult(LDAPOperationResult):
pass
[docs]class LDAPTimeLimitExceededResult(LDAPOperationResult):
pass
[docs]class LDAPSizeLimitExceededResult(LDAPOperationResult):
pass
[docs]class LDAPAuthMethodNotSupportedResult(LDAPOperationResult):
pass
[docs]class LDAPStrongerAuthRequiredResult(LDAPOperationResult):
pass
[docs]class LDAPReferralResult(LDAPOperationResult):
pass
[docs]class LDAPAdminLimitExceededResult(LDAPOperationResult):
pass
[docs]class LDAPUnavailableCriticalExtensionResult(LDAPOperationResult):
pass
[docs]class LDAPConfidentialityRequiredResult(LDAPOperationResult):
pass
[docs]class LDAPSASLBindInProgressResult(LDAPOperationResult):
pass
[docs]class LDAPNoSuchAttributeResult(LDAPOperationResult):
pass
[docs]class LDAPUndefinedAttributeTypeResult(LDAPOperationResult):
pass
[docs]class LDAPInappropriateMatchingResult(LDAPOperationResult):
pass
[docs]class LDAPConstraintViolationResult(LDAPOperationResult):
pass
[docs]class LDAPAttributeOrValueExistsResult(LDAPOperationResult):
pass
[docs]class LDAPInvalidAttributeSyntaxResult(LDAPOperationResult):
pass
[docs]class LDAPNoSuchObjectResult(LDAPOperationResult):
pass
[docs]class LDAPAliasProblemResult(LDAPOperationResult):
pass
[docs]class LDAPInvalidDNSyntaxResult(LDAPOperationResult):
pass
[docs]class LDAPAliasDereferencingProblemResult(LDAPOperationResult):
pass
[docs]class LDAPInappropriateAuthenticationResult(LDAPOperationResult):
pass
[docs]class LDAPInvalidCredentialsResult(LDAPOperationResult):
pass
[docs]class LDAPInsufficientAccessRightsResult(LDAPOperationResult):
pass
[docs]class LDAPBusyResult(LDAPOperationResult):
pass
[docs]class LDAPUnavailableResult(LDAPOperationResult):
pass
[docs]class LDAPLoopDetectedResult(LDAPOperationResult):
pass
[docs]class LDAPNamingViolationResult(LDAPOperationResult):
pass
[docs]class LDAPObjectClassViolationResult(LDAPOperationResult):
pass
[docs]class LDAPNotAllowedOnNotLeafResult(LDAPOperationResult):
pass
[docs]class LDAPNotAllowedOnRDNResult(LDAPOperationResult):
pass
[docs]class LDAPEntryAlreadyExistsResult(LDAPOperationResult):
pass
[docs]class LDAPObjectClassModsProhibitedResult(LDAPOperationResult):
pass
[docs]class LDAPAffectMultipleDSASResult(LDAPOperationResult):
pass
[docs]class LDAPOtherResult(LDAPOperationResult):
pass
[docs]class LDAPLCUPResourcesExhaustedResult(LDAPOperationResult):
pass
[docs]class LDAPLCUPSecurityViolationResult(LDAPOperationResult):
pass
[docs]class LDAPLCUPInvalidDataResult(LDAPOperationResult):
pass
[docs]class LDAPLCUPUnsupportedSchemeResult(LDAPOperationResult):
pass
[docs]class LDAPLCUPReloadRequiredResult(LDAPOperationResult):
pass
[docs]class LDAPCanceledResult(LDAPOperationResult):
pass
[docs]class LDAPNoSuchOperationResult(LDAPOperationResult):
pass
[docs]class LDAPCannotCancelResult(LDAPOperationResult):
pass
[docs]class LDAPAssertionFailedResult(LDAPOperationResult):
pass
[docs]class LDAPAuthorizationDeniedResult(LDAPOperationResult):
pass
[docs]class LDAPESyncRefreshRequiredResult(LDAPOperationResult):
pass
exception_table = {RESULT_OPERATIONS_ERROR: LDAPOperationsErrorResult,
RESULT_PROTOCOL_ERROR: LDAPProtocolErrorResult,
RESULT_TIME_LIMIT_EXCEEDED: LDAPTimeLimitExceededResult,
RESULT_SIZE_LIMIT_EXCEEDED: LDAPSizeLimitExceededResult,
RESULT_AUTH_METHOD_NOT_SUPPORTED: LDAPAuthMethodNotSupportedResult,
RESULT_STRONGER_AUTH_REQUIRED: LDAPStrongerAuthRequiredResult,
RESULT_REFERRAL: LDAPReferralResult,
RESULT_ADMIN_LIMIT_EXCEEDED: LDAPAdminLimitExceededResult,
RESULT_UNAVAILABLE_CRITICAL_EXTENSION: LDAPUnavailableCriticalExtensionResult,
RESULT_CONFIDENTIALITY_REQUIRED: LDAPConfidentialityRequiredResult,
RESULT_SASL_BIND_IN_PROGRESS: LDAPSASLBindInProgressResult,
RESULT_NO_SUCH_ATTRIBUTE: LDAPNoSuchAttributeResult,
RESULT_UNDEFINED_ATTRIBUTE_TYPE: LDAPUndefinedAttributeTypeResult,
RESULT_INAPPROPRIATE_MATCHING: LDAPInappropriateMatchingResult,
RESULT_CONSTRAINT_VIOLATION: LDAPConstraintViolationResult,
RESULT_ATTRIBUTE_OR_VALUE_EXISTS: LDAPAttributeOrValueExistsResult,
RESULT_INVALID_ATTRIBUTE_SYNTAX: LDAPInvalidAttributeSyntaxResult,
RESULT_NO_SUCH_OBJECT: LDAPNoSuchObjectResult,
RESULT_ALIAS_PROBLEM: LDAPAliasProblemResult,
RESULT_INVALID_DN_SYNTAX: LDAPInvalidDNSyntaxResult,
RESULT_ALIAS_DEREFERENCING_PROBLEM: LDAPAliasDereferencingProblemResult,
RESULT_INAPPROPRIATE_AUTHENTICATION: LDAPInappropriateAuthenticationResult,
RESULT_INVALID_CREDENTIALS: LDAPInvalidCredentialsResult,
RESULT_INSUFFICIENT_ACCESS_RIGHTS: LDAPInsufficientAccessRightsResult,
RESULT_BUSY: LDAPBusyResult,
RESULT_UNAVAILABLE: LDAPUnavailableResult,
RESULT_UNWILLING_TO_PERFORM: LDAPUnwillingToPerformResult,
RESULT_LOOP_DETECTED: LDAPLoopDetectedResult,
RESULT_NAMING_VIOLATION: LDAPNamingViolationResult,
RESULT_OBJECT_CLASS_VIOLATION: LDAPObjectClassViolationResult,
RESULT_NOT_ALLOWED_ON_NON_LEAF: LDAPNotAllowedOnNotLeafResult,
RESULT_NOT_ALLOWED_ON_RDN: LDAPNotAllowedOnRDNResult,
RESULT_ENTRY_ALREADY_EXISTS: LDAPEntryAlreadyExistsResult,
RESULT_OBJECT_CLASS_MODS_PROHIBITED: LDAPObjectClassModsProhibitedResult,
RESULT_AFFECT_MULTIPLE_DSAS: LDAPAffectMultipleDSASResult,
RESULT_OTHER: LDAPOtherResult,
RESULT_LCUP_RESOURCES_EXHAUSTED: LDAPLCUPResourcesExhaustedResult,
RESULT_LCUP_SECURITY_VIOLATION: LDAPLCUPSecurityViolationResult,
RESULT_LCUP_INVALID_DATA: LDAPLCUPInvalidDataResult,
RESULT_LCUP_UNSUPPORTED_SCHEME: LDAPLCUPUnsupportedSchemeResult,
RESULT_LCUP_RELOAD_REQUIRED: LDAPLCUPReloadRequiredResult,
RESULT_CANCELED: LDAPCanceledResult,
RESULT_NO_SUCH_OPERATION: LDAPNoSuchOperationResult,
RESULT_TOO_LATE: LDAPTooLateResult,
RESULT_CANNOT_CANCEL: LDAPCannotCancelResult,
RESULT_ASSERTION_FAILED: LDAPAssertionFailedResult,
RESULT_AUTHORIZATION_DENIED: LDAPAuthorizationDeniedResult,
RESULT_E_SYNC_REFRESH_REQUIRED: LDAPESyncRefreshRequiredResult}
[docs]class LDAPExceptionError(LDAPException):
pass
# configuration exceptions
[docs]class LDAPConfigurationError(LDAPExceptionError):
pass
[docs]class LDAPUnknownStrategyError(LDAPConfigurationError):
pass
[docs]class LDAPUnknownAuthenticationMethodError(LDAPConfigurationError):
pass
[docs]class LDAPSSLConfigurationError(LDAPConfigurationError):
pass
[docs]class LDAPDefinitionError(LDAPConfigurationError):
pass
[docs]class LDAPPackageUnavailableError(LDAPConfigurationError, ImportError):
pass
[docs]class LDAPConfigurationParameterError(LDAPConfigurationError):
pass
# abstract layer exceptions
[docs]class LDAPKeyError(LDAPExceptionError, KeyError, AttributeError):
pass
[docs]class LDAPObjectError(LDAPExceptionError, ValueError):
pass
[docs]class LDAPAttributeError(LDAPExceptionError, ValueError, TypeError):
pass
[docs]class LDAPCursorError(LDAPExceptionError):
pass
[docs]class LDAPObjectDereferenceError(LDAPExceptionError):
pass
# security exceptions
[docs]class LDAPSSLNotSupportedError(LDAPExceptionError, ImportError):
pass
[docs]class LDAPInvalidTlsSpecificationError(LDAPExceptionError):
pass
[docs]class LDAPInvalidHashAlgorithmError(LDAPExceptionError, ValueError):
pass
# connection exceptions
[docs]class LDAPBindError(LDAPExceptionError):
pass
[docs]class LDAPInvalidServerError(LDAPExceptionError):
pass
[docs]class LDAPSASLMechanismNotSupportedError(LDAPExceptionError):
pass
[docs]class LDAPConnectionIsReadOnlyError(LDAPExceptionError):
pass
[docs]class LDAPChangeError(LDAPExceptionError, ValueError):
pass
[docs]class LDAPServerPoolError(LDAPExceptionError):
pass
[docs]class LDAPServerPoolExhaustedError(LDAPExceptionError):
pass
[docs]class LDAPInvalidPortError(LDAPExceptionError):
pass
[docs]class LDAPStartTLSError(LDAPExceptionError):
pass
[docs]class LDAPCertificateError(LDAPExceptionError):
pass
[docs]class LDAPUserNameNotAllowedError(LDAPExceptionError):
pass
[docs]class LDAPUserNameIsMandatoryError(LDAPExceptionError):
pass
[docs]class LDAPPasswordIsMandatoryError(LDAPExceptionError):
pass
[docs]class LDAPInvalidFilterError(LDAPExceptionError):
pass
[docs]class LDAPInvalidScopeError(LDAPExceptionError, ValueError):
pass
[docs]class LDAPInvalidDereferenceAliasesError(LDAPExceptionError, ValueError):
pass
[docs]class LDAPInvalidValueError(LDAPExceptionError, ValueError):
pass
[docs]class LDAPControlError(LDAPExceptionError, ValueError):
pass
[docs]class LDAPExtensionError(LDAPExceptionError, ValueError):
pass
[docs]class LDAPLDIFError(LDAPExceptionError):
pass
[docs]class LDAPSchemaError(LDAPExceptionError):
pass
[docs]class LDAPSASLPrepError(LDAPExceptionError):
pass
[docs]class LDAPSASLBindInProgressError(LDAPExceptionError):
pass
[docs]class LDAPMetricsError(LDAPExceptionError):
pass
[docs]class LDAPObjectClassError(LDAPExceptionError):
pass
[docs]class LDAPInvalidDnError(LDAPExceptionError):
pass
[docs]class LDAPResponseTimeoutError(LDAPExceptionError):
pass
[docs]class LDAPTransactionError(LDAPExceptionError):
pass
# communication exceptions
[docs]class LDAPCommunicationError(LDAPExceptionError):
pass
[docs]class LDAPSocketOpenError(LDAPCommunicationError):
pass
[docs]class LDAPSocketCloseError(LDAPCommunicationError):
pass
[docs]class LDAPSocketReceiveError(LDAPCommunicationError, socket.error):
pass
[docs]class LDAPSocketSendError(LDAPCommunicationError, socket.error):
pass
[docs]class LDAPSessionTerminatedByServerError(LDAPCommunicationError):
pass
[docs]class LDAPUnknownResponseError(LDAPCommunicationError):
pass
[docs]class LDAPUnknownRequestError(LDAPCommunicationError):
pass
[docs]class LDAPReferralError(LDAPCommunicationError):
pass
# pooling exceptions
[docs]class LDAPConnectionPoolNameIsMandatoryError(LDAPExceptionError):
pass
[docs]class LDAPConnectionPoolNotStartedError(LDAPExceptionError):
pass
# restartable strategy
[docs]class LDAPMaximumRetriesError(LDAPExceptionError):
def __str__(self):
s = []
if self.args:
if isinstance(self.args, tuple):
if len(self.args) > 0:
s.append('LDAPMaximumRetriesError: ' + str(self.args[0]))
if len(self.args) > 1:
s.append('Exception history:')
prev_exc = ''
for i, exc in enumerate(self.args[1]): # args[1] contains exception history
# if str(exc[1]) != prev_exc:
# s.append((str(i).rjust(5) + ' ' + str(exc[0]) + ': ' + str(exc[1]) + ' - ' + str(exc[2])))
# prev_exc = str(exc[1])
if str(exc) != prev_exc:
s.append((str(i).rjust(5) + ' ' + str(type(exc)) + ': ' + str(exc)))
prev_exc = str(exc)
if len(self.args) > 2:
s.append('Maximum number of retries reached: ' + str(self.args[2]))
else:
s = [LDAPExceptionError.__str__(self)]
return sep.join(s)
# exception factories
[docs]def communication_exception_factory(exc_to_raise, exc):
"""
Generates a new exception class of the requested type (subclass of LDAPCommunication) merged with the exception raised by the interpreter
"""
if exc_to_raise.__name__ in [cls.__name__ for cls in LDAPCommunicationError.__subclasses__()]:
return type(exc_to_raise.__name__, (exc_to_raise, type(exc)), dict())
else:
raise LDAPExceptionError('unable to generate exception type ' + str(exc_to_raise))
[docs]def start_tls_exception_factory(exc_to_raise, exc):
"""
Generates a new exception class of the requested type merged with the exception raised by the interpreter
"""
if exc_to_raise.__name__ == 'LDAPStartTLSError':
return type(exc_to_raise.__name__, (exc_to_raise, type(exc)), dict())
else:
raise LDAPExceptionError('unable to generate exception type ' + str(exc_to_raise))