Display the value of memberOf ACIs in permission plugin.

There were two problems: 1. memberof wasn't in the list of things we looked for in the return value from aci_show() 2. The value wasn't being translated into a group name. Use the DN class to retrieve the group name from the memberof URI. Note that I changed the parsing for targetgroup as well. We now save a lookup and potentially returning a NotFound if an aci points to a group that no longer exists. https://fedorahosted.org/freeipa/ticket/2100
author: Rob Crittenden <rcritten@redhat.com> 2011-12-06 18:15:41 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2012-01-04 20:27:26 -0500
commit: 64ee2464e8f21d070358d82f40b4ec13a9546c6b (patch)
tree: 758cdd2ed18481bd9fd73165fbb4caf0c8fd4f1c /ipalib/plugins/aci.py
parent: de0444defea0868bc2b3ec1ee8624a514c67a04e (diff)
download: freeipa-64ee2464e8f21d070358d82f40b4ec13a9546c6b.tar.gz
freeipa-64ee2464e8f21d070358d82f40b4ec13a9546c6b.tar.xz
freeipa-64ee2464e8f21d070358d82f40b4ec13a9546c6b.zip
1 files changed, 7 insertions, 4 deletions
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py
index 7ace05eb4..4b85bc93c 100644
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@@ -122,6 +122,7 @@ from ipalib import api, crud, errors
 from ipalib import Object, Command
 from ipalib import Flag, Int, Str, StrEnum
 from ipalib.aci import ACI
+from ipalib.dn import DN
 from ipalib import output
 from ipalib import _, ngettext
 if api.env.in_server and api.env.context in ['lite', 'server']:
@@ -312,8 +313,10 @@ def _aci_to_kw(ldap, a, test=False):
         kw['attrs'] = tuple(kw['attrs'])
     if 'targetfilter' in a.target:
         target = a.target['targetfilter']['expression']
-        if target.startswith('(memberOf') or target.startswith('memberOf'):
-            kw['memberof'] = unicode(target)
+        if target.startswith('(memberOf=') or target.startswith('memberOf='):
+            (junk, memberof) = target.split('memberOf=', 1)
+            memberof = DN(memberof)
+            kw['memberof'] = memberof['cn']
         else:
             kw['filter'] = unicode(target)
     if 'target' in a.target:
@@ -332,8 +335,8 @@ def _aci_to_kw(ldap, a, test=False):
                 # targetgroup attr, otherwise we consider it a subtree
                 if api.env.container_group in target:
                     targetdn = unicode(target.replace('ldap:///',''))
-                    (dn, entry_attrs) = ldap.get_entry(targetdn, ['cn'])
-                    kw['targetgroup'] = entry_attrs['cn'][0]
+                    target = DN(targetdn)
+                    kw['targetgroup'] = target['cn']
                 else:
                     kw['subtree'] = unicode(target)
author	Rob Crittenden <rcritten@redhat.com>	2011-12-06 18:15:41 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2012-01-04 20:27:26 -0500
commit	64ee2464e8f21d070358d82f40b4ec13a9546c6b (patch)
tree	758cdd2ed18481bd9fd73165fbb4caf0c8fd4f1c /ipalib/plugins/aci.py
parent	de0444defea0868bc2b3ec1ee8624a514c67a04e (diff)
download	freeipa-64ee2464e8f21d070358d82f40b4ec13a9546c6b.tar.gz freeipa-64ee2464e8f21d070358d82f40b4ec13a9546c6b.tar.xz freeipa-64ee2464e8f21d070358d82f40b4ec13a9546c6b.zip