Python Pylrpc reference
This section covers the objects, methods, and other details for the Pylrpc module.
Pylrpc module objects
There are two objects in the Pylrpc module:
-
Session
This object works with the agent. When you construct this object, it creates a session with the agent automatically. When you delete this object, the session closes automatically.
-
Error
This is the type of exceptions that the Session object methods raise upon failure.
Pylrpc session object methods
This section lists out each method that you can use with the session object in the Pylrpc module.
__init__()
Opens a session with the agent.
adinfo()
Get joining settings and status of the local machine
Parameters:
none
Returns:
Object (see Description of object below)
Raises:
-
Error - if any error occurred
Example:
getUser(uid, option) and getUser(uname, option)
Query a user by UNIX UID, UNIX name or AD name
Parameters:
-
uid (int) or name (str)
-
option (int)
-
pylrpc.UNIX_ONLY : to ask adclient to return result only when the user is zone enabled
-
pylrpc.CHECK_AD_FIRST: to ask adclient to ignore cache and read from AD if connected
-
pylrpc.GROUP_MEMBERSHIP: to ask adclient to return user's group membership info
-
pylrpc.EXPIRED_GRP_MEMBERS: when used with pylrpc.GROUP_MEMBERSHIP, ask adclient to trigger asynchronous group membership refresh for this user
-
Returns:
-
Object (see Description of object below)
Raises:
-
Error - if any error occurred
Example:
# Query a zone user by UNIX uid or UNIX name
user = s.getUser("username", pylrpc.UNIX_ONLY)
user = s.getUser(999999, pylrpc.UNIX_ONLY | pylrpc.GROUP_MEMBERSHIP)
# Query an AD user by AD name
# by UPN or samAccountName@domain
user = s.getUser("Krusty@domain.com", pylrpc.GROUP_MEMBERSHIP)
# by NTLM name
user = s.getUser("domain.com+krusty", pylrpc.GROUP_MEMBERSHIP | pylrpc.CHECK_AD_FIRST)
# by Canonical name
user = s.getUser("domain.com/Users/krusty")
getGroup(gid, option) and getGroup(gname, option)
Query a zone group by gid or name
Parameters:
-
gid (int) or name (str)
-
option (int)
-
pylrpc.UNIX_ONLY : to ask adclient to return result only when the group is zone enabled
-
pylrpc.CHECK_AD_FIRST: to ask adclient to ignore cache and read from AD if connected
-
pylrpc.GROUP_MEMBERSHIP: to ask adclient to return group’s group member info
-
pylrpc.EXPIRED_GRP_MEMBERS: when used with pylrpc.GROUP_MEMBERSHIP, ask adclient to trigger asynchronous member refresh for this group
-
Returns:
-
Object (see Description of object below)
Raises:
-
Error - if any error occurred
Example:
# Query a zone group by UNIX gid or UNIX name
group = s.getGroup("username", pylrpc.UNIX_ONLY)
group = s.getGroup(999999, pylrpc.UNIX_ONLY | pylrpc.GROUP_MEMBERSHIP)
# Query an AD group by AD name
# by samAccountName@domain
group = s.getGroup("dba@domain.com", pylrpc.GROUP_MEMBERSHIP)
# by Canonical name
group = s.getGroup("domain.com/Users/dba")
flushCache(type)
Expire or flush adclient’s cache
Parameters:
-
type (int)
-
pylrpc.EXPIRE_OBJ_CACHE: force expire object data caches, equivalent to "adflush -e -fy"
-
pylrpc.FLUSH_DNS_CACHE: flush DNS cache, equivalent to "adflush -d -fy"
-
pylrpc.FLUSH_AUTH_STORE: flush authorization data cache, equivalent to "adflush -a -fy"
-
pylrpc.FLUSH_TRUSTS: flush domain trust cache, equivalent to "adflush -t -fy"
-
pylrpc.FLUSH_OBJ_CACHE: flush object data caches, equivalent to "adflush -o -fy"
-
pylrpc.FLUSH_BINDINGS: drop DC bindings, equivalent to "adflush -b -fy"
-
pylrpc.FLUSH_CONNECTORS: flush Centrify Connector info, equivalent to "adflush -c -fy"
-
Returns:
-
True on success
Raises:
-
Error - if any error occurred
Example:
refreshObject
force flush a single object out from object data cache
Parameters:
-
type (int)
-
pylrpc.UserType
-
pylrpc.GroupType
-
-
name (str)
-
Can be UNIX name or AD name
-
Returns:
-
True on success
Raises:
-
Error - if any error occurred
Example:
result = s.refreshObject(pylrpc.UserType, "username")
result = s.refreshObject(pylrpc.GroupType, "groupname")
Pylrpc Error object methods
The base class of Error is the Python Exception class.
Here's an example:
try:
s = pylrpc.Session()
except pylrpc.Error as ex:
print("ERROR: %s, code= %s" % (ex.message(), ex.code()))
message()
The error message
Returns:
-
message as (str)
code()
Returns the error code.
Returns:
-
code as (int) (See codes and error messages)
Codes and error messages
Code | Error message |
---|---|
9 |
Root privilege is required for the operation |
10 |
Machine is not joined to any domain |
13 |
adclient is not running/not available |
52 |
User not found in zone |
35 |
Active Directory user not found |
53 |
Group not found in zone |
36 |
Active Directory group not found |
6 |
Other misc errors |
Pylrpc dictionary objects
Some of the pylrpc methods return objects, those are described below. A dictionary is a data type in Python that's used to store a set of key:value pairs.
Object name | Description |
---|---|
Object |
The Object is a dictionary object that stores the attributes of the object returned. For each item of the dictionary object, the key is a string, and the value is a list of strings. If the attribute has only one value, the attribute will be a list with only one string. |