Python Pylrpc reference

This section covers the objects, methods, and other details for the Pylrpc module.

Pylrpc module objects

There are two objects in the Pylrpc module:

  • Session

    This object works with the agent. When you construct this object, it creates a session with the agent automatically. When you delete this object, the session closes automatically.

  • Error

    This is the type of exceptions that the Session object methods raise upon failure.

Pylrpc session object methods

This section lists out each method that you can use with the session object in the Pylrpc module.

 

__init__()

Opens a session with the agent.

Copy
s=pylrpc.Session()

adinfo()

Get joining settings and status of the local system

Parameters:

none

Returns:

A Python dictionary with keys and values that use the string type.

Raises:

  • Error - if any error occurred

Example:

Copy
info = s.adinfo()

getUser(uid, option) and getUser(uname, option)

Query a user by UNIX UID, UNIX name or AD name

Parameters:

  • uid (int) or name (str)

  • option (int)

    • pylrpc.UNIX_ONLY : to ask adclient to return result only when the user is zone enabled

    • pylrpc.CHECK_AD_FIRST: to ask adclient to ignore cache and read from AD if connected

    • pylrpc.GROUP_MEMBERSHIP: to ask adclient to return user's group membership info

    • pylrpc.EXPIRED_GRP_MEMBERS: when used with pylrpc.GROUP_MEMBERSHIP, ask adclient to trigger asynchronous group membership refresh for this user

Returns:

  • Object (see Description of object below)

Raises:

  • Error - if any error occurred

Example:

Copy
# Query a zone user by UNIX uid or UNIX name
user = s.getUser("username", pylrpc.UNIX_ONLY)
user = s.getUser(999999, pylrpc.UNIX_ONLY | pylrpc.GROUP_MEMBERSHIP)

# Query an AD user by AD name

# by UPN or samAccountName@domain
user = s.getUser("Krusty@domain.com", pylrpc.GROUP_MEMBERSHIP) 
# by NTLM name
user = s.getUser("domain.com+krusty", pylrpc.GROUP_MEMBERSHIP | pylrpc.CHECK_AD_FIRST)
# by Canonical name
user = s.getUser("domain.com/Users/krusty")

getGroup(gid, option) and getGroup(gname, option)

Query a zone group by gid or name

Parameters:

  • gid (int) or name (str)

  • option (int)

    • pylrpc.UNIX_ONLY : to ask adclient to return result only when the group is zone enabled

    • pylrpc.CHECK_AD_FIRST: to ask adclient to ignore cache and read from AD if connected

    • pylrpc.GROUP_MEMBERSHIP: to ask adclient to return group’s group member info

    • pylrpc.EXPIRED_GRP_MEMBERS: when used with pylrpc.GROUP_MEMBERSHIP, ask adclient to trigger asynchronous member refresh for this group

Returns:

  • Object (see Description of object below)

Raises:

  • Error - if any error occurred

Example:

Copy
# Query a zone group by UNIX gid or UNIX name
group = s.getGroup("username", pylrpc.UNIX_ONLY)
group = s.getGroup(999999, pylrpc.UNIX_ONLY | pylrpc.GROUP_MEMBERSHIP)

# Query an AD group by AD name

# by samAccountName@domain
group  = s.getGroup("dba@domain.com", pylrpc.GROUP_MEMBERSHIP) 
# by Canonical name
group  = s.getGroup("domain.com/Users/dba")


flushCache(type)

Expire or flush adclient’s cache

Parameters:

  • type (int)

    • pylrpc.EXPIRE_OBJ_CACHE: force expire object data caches, equivalent to "adflush -e -fy"

    • pylrpc.FLUSH_DNS_CACHE: flush DNS cache, equivalent to "adflush -d -fy"

    • pylrpc.FLUSH_AUTH_STORE: flush authorization data cache, equivalent to "adflush -a -fy"

    • pylrpc.FLUSH_TRUSTS: flush domain trust cache, equivalent to "adflush -t -fy"

    • pylrpc.FLUSH_OBJ_CACHE: flush object data caches, equivalent to "adflush -o -fy"

    • pylrpc.FLUSH_BINDINGS: drop DC bindings, equivalent to "adflush -b -fy"

    • pylrpc.FLUSH_CONNECTORS: flush Centrify Connector info, equivalent to "adflush -c -fy"

Returns:

  • True on success

Raises:

  • Error - if any error occurred

Example:

Copy
result = s.flushCache(pylrpc.FLUSH_OBJ_CACHE | pylrpc.FLUSH_AUTH_STORE)

refreshObject

force flush a single object out from object data cache

Parameters:

  • type (int)

    • pylrpc.UserType

    • pylrpc.GroupType

  • name (str)

    • Can be UNIX name or AD name

Returns:

  • True on success

Raises:

  • Error - if any error occurred

Example:

Copy
result = s.refreshObject(pylrpc.UserType, "username")
result = s.refreshObject(pylrpc.GroupType, "groupname")

Pylrpc Error object methods

The base class of Error is the Python Exception class.

Here's an example:

Copy
try:
    s = pylrpc.Session()

except pylrpc.Error as ex:
    print("ERROR: %s, code= %s" % (ex.message(), ex.code()))

message()

The error message

Returns:

  • message as (str)

code()

Returns the error code.

Returns:

  • code as (int) (See codes and error messages)

Codes and error messages

Code Error message

9

Root privilege is required for the operation

10

The system is not joined to any domain

13

adclient is not running/not available

52

User not found in zone

35

Active Directory user not found

53

Group not found in zone

36

Active Directory group not found

6

Other misc errors

Pylrpc dictionary objects

Some of the pylrpc methods return objects, those are described below. A dictionary is a data type in Python that's used to store a set of key:value pairs.

Object name Description
Object

The Object is a dictionary object that stores the attributes of the object returned.

For each item in the dictionary object, the key is a string, and the value is a list of bytes objects. If the attribute has only one value, the attribute will be a list with only one bytes object.