summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
authorPavel Zuna <pzuna@redhat.com>2009-06-15 15:50:50 +0200
committerRob Crittenden <rcritten@redhat.com>2009-06-15 11:18:55 -0400
commitad54fc33994c871eb72471a6bb19edacdc830343 (patch)
treed69fa046dcfc721ba7487e2aa83f2b72e7f4f1fe /ipaserver
parent473e03d2f79321c72ada1bf579f431ae27d57d6f (diff)
downloadfreeipa-ad54fc33994c871eb72471a6bb19edacdc830343.tar.gz
freeipa-ad54fc33994c871eb72471a6bb19edacdc830343.tar.xz
freeipa-ad54fc33994c871eb72471a6bb19edacdc830343.zip
Add support for incomplete (truncated) search results.
ldap2.find_entries now returns a tuple containing 2 values. First, a list of entries (dn, entry_attrs), Second, the truncated flag. If the truncated flag is True, search results hit a server limitation and are incomplete. This patch also removes decoding of non-string scalar python types into unicode (they are left unchanged).
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/plugins/ldap2.py43
1 files changed, 29 insertions, 14 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 15ac21c76..7697a153e 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -388,7 +388,8 @@ class ldap2(CrudBackend, Encoder):
scope=_ldap.SCOPE_SUBTREE, time_limit=1, size_limit=3000):
"""
Return a list of entries [(dn, entry_attrs)] matching specified
- search parameters.
+ search parameters followed by truncated flag. If the truncated flag is
+ True, search hit a server limit and its results are incomplete.
Keyword arguments:
attrs_list -- list of attributes to return, all if None (default None)
@@ -400,20 +401,30 @@ class ldap2(CrudBackend, Encoder):
base_dn = self.normalize_dn(base_dn)
if not filter:
filter = '(objectClass=*)'
+ res = []
+ truncated = False
# pass arguments to python-ldap
try:
- res = self.conn.search_ext_s(base_dn, scope, filter, attrs_list,
- timeout=time_limit, sizelimit=size_limit)
+ id = self.conn.search_ext(
+ base_dn, scope, filter, attrs_list, timeout=time_limit,
+ sizelimit=size_limit
+ )
+ while True:
+ (objtype, res_list) = self.conn.result(id, 0)
+ if not res_list:
+ break
+ res.append(res_list[0])
except (_ldap.ADMINLIMIT_EXCEEDED, _ldap.TIMELIMIT_EXCEEDED,
_ldap.SIZELIMIT_EXCEEDED), e:
- raise e
+ truncated = True
except _ldap.LDAPError, e:
_handle_errors(e, **{})
+
if not res:
raise errors.NotFound(reason='no such entry')
- return res
+ return (res, truncated)
def find_entry_by_attr(self, attr, value, object_class, attrs_list=None,
base_dn=''):
@@ -426,7 +437,7 @@ class ldap2(CrudBackend, Encoder):
"""
search_kw = {attr: value, 'objectClass': object_class}
filter = self.make_filter(search_kw, rules=self.MATCH_ALL)
- return self.find_entries(filter, attrs_list, base_dn)[0]
+ return self.find_entries(filter, attrs_list, base_dn)[0][0]
def get_entry(self, dn, attrs_list=None):
"""
@@ -435,12 +446,12 @@ class ldap2(CrudBackend, Encoder):
Keyword arguments:
attrs_list - list of attributes to return, all if None (default None)
"""
- return self.find_entries(None, attrs_list, dn, self.SCOPE_BASE)[0]
+ return self.find_entries(None, attrs_list, dn, self.SCOPE_BASE)[0][0]
def get_ipa_config(self):
"""Returns the IPA configuration entry (dn, entry_attrs)."""
filter = '(cn=ipaConfig)'
- return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0]
+ return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0][0]
def get_schema(self):
"""Returns a copy of the current LDAP schema."""
@@ -606,9 +617,9 @@ class ldap2(CrudBackend, Encoder):
# try to remove the entry from activated/inactivated group
if active:
- entries = self.find_entries(inactivated_filter, [], parent_rdn)
+ entries = self.find_entries(inactivated_filter, [], parent_rdn)[0]
else:
- entries = self.find_entries(activated_filter, [], parent_rdn)
+ entries = self.find_entries(activated_filter, [], parent_rdn)[0]
(group_dn, group_entry_attrs) = entries[0]
try:
self.remove_entry_from_group(dn, group_dn)
@@ -625,9 +636,9 @@ class ldap2(CrudBackend, Encoder):
if account_lock_attr == 'false':
return # we don't
- entries = self.find_entries(activated_filter, [], parent_rdn)
+ entries = self.find_entries(activated_filter, [], parent_rdn)[0]
else:
- entries = self.find_entries(inactivated_filter, [], parent_rdn)
+ entries = self.find_entries(inactivated_filter, [], parent_rdn)[0]
(group_dn, group_entry_attrs) = entries[0]
try:
self.add_entry_to_group(dn, group_dn)
@@ -719,12 +730,16 @@ class ldap2(CrudBackend, Encoder):
# find entries and normalize the output for CRUD
output = []
- entries = self.find_entries(filter, attrs_list, base_dn, scope)
+ (entries, truncated) = self.find_entries(
+ filter, attrs_list, base_dn, scope
+ )
for (dn, entry_attrs) in entries:
entry_attrs['dn'] = [dn]
output.append(entry_attrs)
- return output
+ if truncated:
+ return (-1, output)
+ return (len(output), output)
api.register(ldap2)