diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-10-16 15:00:30 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-10-16 15:00:30 -0400 |
commit | f777f72de6a7c1d3ef29088fbf89722c1148f246 (patch) | |
tree | 8c79867b165498ed954134da88c3ce2bf1a41e27 | |
parent | 5748fce84ca0c0256183e1da308cb9f7ae4e73de (diff) | |
download | freeipa-f777f72de6a7c1d3ef29088fbf89722c1148f246.tar.gz freeipa-f777f72de6a7c1d3ef29088fbf89722c1148f246.tar.xz freeipa-f777f72de6a7c1d3ef29088fbf89722c1148f246.zip |
Use the search fields from the configuration when searching
Generalize the attribute -> objectclass search helper
-rw-r--r-- | ipa_server/plugins/b_ldap.py | 28 | ||||
-rw-r--r-- | ipa_server/servercore.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/f_group.py | 15 | ||||
-rw-r--r-- | ipalib/plugins/f_user.py | 25 |
4 files changed, 51 insertions, 19 deletions
diff --git a/ipa_server/plugins/b_ldap.py b/ipa_server/plugins/b_ldap.py index 29f2ee843..bc1f8951c 100644 --- a/ipa_server/plugins/b_ldap.py +++ b/ipa_server/plugins/b_ldap.py @@ -58,20 +58,30 @@ class ldap(CrudBackend): self.api.env.basedn, ) + def get_object_type(self, attribute): + """ + Based on attribute, make an educated guess as to the type of + object we're looking for. + """ + object_type = None + if attribute == "uid": # User + object_type = "person" + elif attribute == "cn": # Group + object_type = "posixGroup" + elif attribute == "krbprincipal": # Service + object_type = "krbPrincipal" + + return object_type + def find_entry_dn(self, key_attribute, primary_key, object_type=None): """ Find an existing entry's dn from an attribute """ key_attribute = key_attribute.lower() if not object_type: - if key_attribute == "uid": # User - filter = "posixAccount" - elif key_attribute == "cn": # Group - object_type = "posixGroup" - elif key_attribute == "krbprincipal": # Service - object_type = "krbPrincipal" - else: - return None + object_type = self.get_object_type(key_attribute) + if not object_type: + return None filter = "(&(%s=%s)(objectclass=%s))" % ( key_attribute, @@ -83,7 +93,7 @@ class ldap(CrudBackend): entry = servercore.get_sub_entry(search_base, filter, ['dn', 'objectclass']) - return entry['dn'] + return entry.get('dn') def get_ipa_config(self): """Return a dictionary of the IPA configuration""" diff --git a/ipa_server/servercore.py b/ipa_server/servercore.py index ea6beecf5..ab7596392 100644 --- a/ipa_server/servercore.py +++ b/ipa_server/servercore.py @@ -178,7 +178,7 @@ def get_user_by_uid(uid, sattrs): """Get a specific user's entry.""" # FIXME: should accept a container to look in # uid = self.__safe_filter(uid) - searchfilter = "(&(uid=%s)(objectclass=posixAccount))" % uid + searchfilter = "(&(uid=%s)(objectclass=person))" % uid return get_sub_entry("cn=accounts," + basedn, searchfilter, sattrs) diff --git a/ipalib/plugins/f_group.py b/ipalib/plugins/f_group.py index c2280a4e4..132e45efd 100644 --- a/ipalib/plugins/f_group.py +++ b/ipalib/plugins/f_group.py @@ -155,9 +155,20 @@ api.register(group_mod) class group_find(crud.Find): 'Search the groups.' - def execute(self, cn, **kw): + def execute(self, term, **kw): ldap = self.api.Backend.ldap - kw['cn'] = cn + + # Pull the list of searchable attributes out of the configuration. + config = ldap.get_ipa_config() + search_fields_conf_str = config.get('ipagroupsearchfields') + search_fields = search_fields_conf_str.split(",") + + for s in search_fields: + kw[s] = term + + object_type = ldap.get_object_type("cn") + if object_type and not kw.get('objectclass'): + kw['objectclass'] = ldap.get_object_type("cn") return ldap.search(**kw) def output_for_cli(self, groups): diff --git a/ipalib/plugins/f_user.py b/ipalib/plugins/f_user.py index 9fec1bd47..da0262b6c 100644 --- a/ipalib/plugins/f_user.py +++ b/ipalib/plugins/f_user.py @@ -186,7 +186,7 @@ class user_del(crud.Del): # logging.info("IPA: delete_user '%s'" % uid) ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("uid", uid, "posixAccount") + dn = ldap.find_entry_dn("uid", uid) return ldap.delete(dn) def output_for_cli(self, ret): """ @@ -215,7 +215,7 @@ class user_mod(crud.Mod): assert 'uid' not in kw assert 'dn' not in kw ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("uid", uid, "posixAccount") + dn = ldap.find_entry_dn("uid", uid) return ldap.update(dn, **kw) def output_for_cli(self, ret): @@ -230,9 +230,20 @@ api.register(user_mod) class user_find(crud.Find): 'Search the users.' - def execute(self, uid, **kw): + def execute(self, term, **kw): ldap = self.api.Backend.ldap - kw['uid'] = uid + + # Pull the list of searchable attributes out of the configuration. + config = ldap.get_ipa_config() + search_fields_conf_str = config.get('ipausersearchfields') + search_fields = search_fields_conf_str.split(",") + + for s in search_fields: + kw[s] = term + + object_type = ldap.get_object_type("uid") + if object_type and not kw.get('objectclass'): + kw['objectclass'] = ldap.get_object_type("uid") return ldap.search(**kw) def output_for_cli(self, users): if not users: @@ -267,7 +278,7 @@ class user_show(crud.Get): :param kw: Not used. """ ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("uid", uid, "posixAccount") + dn = ldap.find_entry_dn("uid", uid) # FIXME: should kw contain the list of attributes to display? return ldap.retrieve(dn) @@ -280,7 +291,7 @@ class user_lock(frontend.Command): ) def execute(self, uid, **kw): ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("uid", uid, "posixAccount") + dn = ldap.find_entry_dn("uid", uid) return ldap.mark_entry_inactive(dn) def output_for_cli(self, ret): if ret: @@ -294,7 +305,7 @@ class user_unlock(frontend.Command): ) def execute(self, uid, **kw): ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("uid", uid, "posixAccount") + dn = ldap.find_entry_dn("uid", uid) return ldap.mark_entry_active(dn) def output_for_cli(self, ret): if ret: |