diff options
author | Pavel Zuna <pzuna@redhat.com> | 2009-04-22 10:50:20 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-04-22 15:17:28 -0400 |
commit | 58c10898c7938af18ca1e8b6681d0a9e02b9771e (patch) | |
tree | b59d49f30f909387a66d2d16ee1280cd0fe5cbab /ipaserver/plugins/ldap2.py | |
parent | af82879009ba298cf7eb96a712b11be49281c854 (diff) | |
download | freeipa-58c10898c7938af18ca1e8b6681d0a9e02b9771e.tar.gz freeipa-58c10898c7938af18ca1e8b6681d0a9e02b9771e.tar.xz freeipa-58c10898c7938af18ca1e8b6681d0a9e02b9771e.zip |
Make it possible to construct partial match filters using make_filter_* methods. Add missing _sasl_auth variable.
Diffstat (limited to 'ipaserver/plugins/ldap2.py')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 38e58843c..fede90a4a 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -40,6 +40,7 @@ import string import krbV import ldap as _ldap import ldap.filter as _ldap_filter +import ldap.sasl as _ldap_sasl from ldap.controls import LDAPControl from ldap.ldapobject import SimpleLDAPObject @@ -68,6 +69,9 @@ _syntax_mapping = { # used to identify the Uniqueness plugin error message _uniqueness_plugin_error = 'Another entry with the same attribute value already exists' +# SASL authentication mechanism +_sasl_auth = _ldap_sasl.sasl({}, 'GSSAPI') + # utility function, builds LDAP URL string def _get_url(host, port, using_cacert=False): @@ -371,31 +375,37 @@ class ldap2(CrudBackend): flt = '%s)' % flt return flt - def make_filter_from_attr(self, attr, value, rules='|'): + def make_filter_from_attr(self, attr, value, rules='|', exact=True): """ Make filter for ldap2.find_entries from attribute. Keyword arguments: rules -- see ldap2.make_filter + exact -- boolean, True - make filter as (attr=value) + False - make filter as (attr=*value*) """ if isinstance(value, (list, tuple)): flts = [] for v in value: - flts.append(self.make_filter_from_attr(attr, v, rules)) + flts.append(self.make_filter_from_attr(attr, v, rules, exact)) return self.combine_filters(flts, rules) else: value = _ldap_filter.escape_filter_chars(value) attr = self._encode_value(attr) value = self._encode_value(value) - return '(%s=%s)' % (attr, value) + if exact: + return '(%s=%s)' % (attr, value) + return '(%s=*%s*)' % (attr, value) - def make_filter(self, entry_attrs, attrs_list=None, rules='|'): + def make_filter(self, entry_attrs, attrs_list=None, rules='|', exact=True): """ Make filter for ldap2.find_entries from entry attributes. Keyword arguments: attrs_list -- list of attributes to use, all if None (default None) rules -- specifies how to determine a match (default ldap2.MATCH_ANY) + exact -- boolean, True - make filter as (attr=value) + False - make filter as (attr=*value*) rules can be one of the following: ldap2.MATCH_NONE - match entries that do not match any attribute @@ -405,12 +415,16 @@ class ldap2(CrudBackend): flts = [] if attrs_list is None: for (k, v) in entry_attrs.iteritems(): - flts.append(self.make_filter_from_attr(k, v, rules)) + flts.append( + self.make_filter_from_attr(k, v, rules, exact) + ) else: for a in attrs_list: value = entry_attrs.get(a, None) if value is not None: - flts.append(self.make_filter_from_attr(a, value, rules)) + flts.append( + self.make_filter_from_attr(a, value, rules, exact) + ) return self.combine_filters(flts, rules) def find_entries(self, filter, attrs_list=None, base_dn='', |