diff options
| author | Pavel Zuna <pzuna@redhat.com> | 2011-01-04 15:15:54 -0500 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2011-01-04 21:56:38 -0500 |
| commit | d6d579ead469e0b4690d6d1eec0f137dd3c40940 (patch) | |
| tree | c8d6a027f5fe598b75687aa42dd193b2c51cf816 /ipalib/plugins/user.py | |
| parent | 4f2a6e0a25cd5d92bdd436d23963f77b86f818ea (diff) | |
| download | freeipa-d6d579ead469e0b4690d6d1eec0f137dd3c40940.tar.gz freeipa-d6d579ead469e0b4690d6d1eec0f137dd3c40940.tar.xz freeipa-d6d579ead469e0b4690d6d1eec0f137dd3c40940.zip | |
Improve filtering of enrollments search results.
This is required for effective filtering of enrollments search
results in the webUI and also gives an edge to the CLI.
After this patch, each LDAPObject can define its relationships
to other LDAPObjects. For now, this is used only for filtering
search results by enrollments, but there are probably more
benefits to come.
You can do this for example:
# search for all users not enrolled in group admins
ipa user-find --not-in-groups=admins
# search for all groups not enrolled in group global with user Pavel
ipa group-find --users=Pavel --not-in-groups=global
# more examples:
ipa group-find --users=Pavel,Jakub --no-users=Honza
ipa hostgroup-find --hosts=webui.pzuna
Diffstat (limited to 'ipalib/plugins/user.py')
| -rw-r--r-- | ipalib/plugins/user.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 3d9b7e6d4..0afb8b5d2 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -316,6 +316,7 @@ class user_find(LDAPSearch): """ Search for users. """ + member_attributes = ['memberof'] takes_options = LDAPSearch.takes_options + ( Flag('whoami', @@ -323,6 +324,7 @@ class user_find(LDAPSearch): doc=_('Display user record for current Kerberos principal'), ), ) + def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *keys, **options): if options.get('whoami'): return ("(&(objectclass=posixaccount)(krbprincipalname=%s))"%\ |