diff options
| author | Pavel Zuna <pzuna@redhat.com> | 2010-12-02 19:24:11 -0500 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2010-12-20 12:28:45 -0500 |
| commit | 3a9210f06f2a1d28689d8b12179607b77078f8ea (patch) | |
| tree | c2093c78689bc0e6cd80cc249737ef4795cdb686 /ipalib/plugins/baseldap.py | |
| parent | ffc6031ad76c2b28807e45a90b2906bf2e94b914 (diff) | |
| download | freeipa-3a9210f06f2a1d28689d8b12179607b77078f8ea.tar.gz freeipa-3a9210f06f2a1d28689d8b12179607b77078f8ea.tar.xz freeipa-3a9210f06f2a1d28689d8b12179607b77078f8ea.zip | |
Enable filtering search results by member attributes.
LDAPSearch base class has now the ability to generate additional
options for objects with member attributes. These options are
used to filter search results - search only for objects without
the specified members.
Example:
ipa group-find --no-users=admin
Only direct members are taken into account.
Ticket #288
Diffstat (limited to 'ipalib/plugins/baseldap.py')
| -rw-r--r-- | ipalib/plugins/baseldap.py | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 46a98643..0603d323 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1186,6 +1186,9 @@ class LDAPSearch(CallbackInterface, crud.Search): """ Retrieve all LDAP entries matching the given criteria. """ + member_attributes = [] + member_param_doc = 'exclude %s with member %s (comma-separated list)' + takes_options = ( Int('timelimit?', label=_('Time Limit'), @@ -1213,6 +1216,33 @@ class LDAPSearch(CallbackInterface, crud.Search): def get_options(self): for option in super(LDAPSearch, self).get_options(): yield option + for attr in self.member_attributes: + for ldap_obj_name in self.obj.attribute_members[attr]: + ldap_obj = self.api.Object[ldap_obj_name] + name = to_cli(ldap_obj_name) + doc = self.member_param_doc % ( + self.obj.object_name_plural, ldap_obj.object_name_plural + ) + yield List('no_%s?' % name, cli_name='no_%ss' % name, doc=doc, + label=ldap_obj.object_name) + + def get_member_filter(self, ldap, **options): + filter = '' + for attr in self.member_attributes: + for ldap_obj_name in self.obj.attribute_members[attr]: + param_name = 'no_%s' % to_cli(ldap_obj_name) + if param_name in options: + dns = [] + ldap_obj = self.api.Object[ldap_obj_name] + for pkey in options[param_name]: + dns.append(ldap_obj.get_dn(pkey)) + flt = ldap.make_filter_from_attr( + attr, dns, ldap.MATCH_NONE + ) + filter = ldap.combine_filters( + (filter, flt), ldap.MATCH_ALL + ) + return filter has_output_params = global_output_params @@ -1254,8 +1284,10 @@ class LDAPSearch(CallbackInterface, crud.Search): search_kw[a] = term term_filter = ldap.make_filter(search_kw, exact=False) + member_filter = self.get_member_filter(ldap, **options) + filter = ldap.combine_filters( - (term_filter, attr_filter), rules=ldap.MATCH_ALL + (term_filter, attr_filter, member_filter), rules=ldap.MATCH_ALL ) scope = ldap.SCOPE_ONELEVEL |