summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/baseldap.py
diff options
context:
space:
mode:
authorPavel Zuna <pzuna@redhat.com>2010-12-02 19:24:11 -0500
committerAdam Young <ayoung@redhat.com>2010-12-20 12:28:45 -0500
commit3a9210f06f2a1d28689d8b12179607b77078f8ea (patch)
treec2093c78689bc0e6cd80cc249737ef4795cdb686 /ipalib/plugins/baseldap.py
parentffc6031ad76c2b28807e45a90b2906bf2e94b914 (diff)
downloadfreeipa-3a9210f06f2a1d28689d8b12179607b77078f8ea.tar.gz
freeipa-3a9210f06f2a1d28689d8b12179607b77078f8ea.tar.xz
freeipa-3a9210f06f2a1d28689d8b12179607b77078f8ea.zip
Enable filtering search results by member attributes.
LDAPSearch base class has now the ability to generate additional options for objects with member attributes. These options are used to filter search results - search only for objects without the specified members. Example: ipa group-find --no-users=admin Only direct members are taken into account. Ticket #288
Diffstat (limited to 'ipalib/plugins/baseldap.py')
-rw-r--r--ipalib/plugins/baseldap.py34
1 files changed, 33 insertions, 1 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 46a98643..0603d323 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -1186,6 +1186,9 @@ class LDAPSearch(CallbackInterface, crud.Search):
"""
Retrieve all LDAP entries matching the given criteria.
"""
+ member_attributes = []
+ member_param_doc = 'exclude %s with member %s (comma-separated list)'
+
takes_options = (
Int('timelimit?',
label=_('Time Limit'),
@@ -1213,6 +1216,33 @@ class LDAPSearch(CallbackInterface, crud.Search):
def get_options(self):
for option in super(LDAPSearch, self).get_options():
yield option
+ for attr in self.member_attributes:
+ for ldap_obj_name in self.obj.attribute_members[attr]:
+ ldap_obj = self.api.Object[ldap_obj_name]
+ name = to_cli(ldap_obj_name)
+ doc = self.member_param_doc % (
+ self.obj.object_name_plural, ldap_obj.object_name_plural
+ )
+ yield List('no_%s?' % name, cli_name='no_%ss' % name, doc=doc,
+ label=ldap_obj.object_name)
+
+ def get_member_filter(self, ldap, **options):
+ filter = ''
+ for attr in self.member_attributes:
+ for ldap_obj_name in self.obj.attribute_members[attr]:
+ param_name = 'no_%s' % to_cli(ldap_obj_name)
+ if param_name in options:
+ dns = []
+ ldap_obj = self.api.Object[ldap_obj_name]
+ for pkey in options[param_name]:
+ dns.append(ldap_obj.get_dn(pkey))
+ flt = ldap.make_filter_from_attr(
+ attr, dns, ldap.MATCH_NONE
+ )
+ filter = ldap.combine_filters(
+ (filter, flt), ldap.MATCH_ALL
+ )
+ return filter
has_output_params = global_output_params
@@ -1254,8 +1284,10 @@ class LDAPSearch(CallbackInterface, crud.Search):
search_kw[a] = term
term_filter = ldap.make_filter(search_kw, exact=False)
+ member_filter = self.get_member_filter(ldap, **options)
+
filter = ldap.combine_filters(
- (term_filter, attr_filter), rules=ldap.MATCH_ALL
+ (term_filter, attr_filter, member_filter), rules=ldap.MATCH_ALL
)
scope = ldap.SCOPE_ONELEVEL