Fix search filter generator in ldap2 for NOT operator.

Search filters generated from attributes with multiple values were incorrect when the NOT operator was used (ldap.MATCH_NONE).
author: Pavel Zuna <pzuna@redhat.com> 2010-11-30 21:53:28 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2010-12-08 14:30:47 -0500
commit: 8bd9f1333fe87e31c93632959fec38bded38e2d5 (patch)
tree: ddeda8780cbf3e8d4007c83e5743012c0ef805d1
parent: 4c09809ea87f137bb8424743de4e6d7b62bb1254 (diff)
download: freeipa-8bd9f1333fe87e31c93632959fec38bded38e2d5.tar.gz
freeipa-8bd9f1333fe87e31c93632959fec38bded38e2d5.tar.xz
freeipa-8bd9f1333fe87e31c93632959fec38bded38e2d5.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 83a77069d..918d83041 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -452,6 +452,12 @@ class ldap2(CrudBackend, Encoder):
         """
         if isinstance(value, (list, tuple)):
             flts = []
+            if rules == self.MATCH_NONE:
+                for v in value:
+                    flts.append(
+                        self.make_filter_from_attr(attr, v, exact=exact)
+                    )
+                return '(!%s)' % self.combine_filters(flts)
             for v in value:
                 flts.append(self.make_filter_from_attr(attr, v, rules, exact))
             return self.combine_filters(flts, rules)
author	Pavel Zuna <pzuna@redhat.com>	2010-11-30 21:53:28 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2010-12-08 14:30:47 -0500
commit	8bd9f1333fe87e31c93632959fec38bded38e2d5 (patch)
tree	ddeda8780cbf3e8d4007c83e5743012c0ef805d1
parent	4c09809ea87f137bb8424743de4e6d7b62bb1254 (diff)
download	freeipa-8bd9f1333fe87e31c93632959fec38bded38e2d5.tar.gz freeipa-8bd9f1333fe87e31c93632959fec38bded38e2d5.tar.xz freeipa-8bd9f1333fe87e31c93632959fec38bded38e2d5.zip