diff options
-rw-r--r-- | ipalib/plugins/baseldap.py | 34 | ||||
-rw-r--r-- | ipalib/plugins/group.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/hostgroup.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/netgroup.py | 1 |
4 files changed, 37 insertions, 2 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 46a98643e..0603d323b 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1186,6 +1186,9 @@ class LDAPSearch(CallbackInterface, crud.Search): """ Retrieve all LDAP entries matching the given criteria. """ + member_attributes = [] + member_param_doc = 'exclude %s with member %s (comma-separated list)' + takes_options = ( Int('timelimit?', label=_('Time Limit'), @@ -1213,6 +1216,33 @@ class LDAPSearch(CallbackInterface, crud.Search): def get_options(self): for option in super(LDAPSearch, self).get_options(): yield option + for attr in self.member_attributes: + for ldap_obj_name in self.obj.attribute_members[attr]: + ldap_obj = self.api.Object[ldap_obj_name] + name = to_cli(ldap_obj_name) + doc = self.member_param_doc % ( + self.obj.object_name_plural, ldap_obj.object_name_plural + ) + yield List('no_%s?' % name, cli_name='no_%ss' % name, doc=doc, + label=ldap_obj.object_name) + + def get_member_filter(self, ldap, **options): + filter = '' + for attr in self.member_attributes: + for ldap_obj_name in self.obj.attribute_members[attr]: + param_name = 'no_%s' % to_cli(ldap_obj_name) + if param_name in options: + dns = [] + ldap_obj = self.api.Object[ldap_obj_name] + for pkey in options[param_name]: + dns.append(ldap_obj.get_dn(pkey)) + flt = ldap.make_filter_from_attr( + attr, dns, ldap.MATCH_NONE + ) + filter = ldap.combine_filters( + (filter, flt), ldap.MATCH_ALL + ) + return filter has_output_params = global_output_params @@ -1254,8 +1284,10 @@ class LDAPSearch(CallbackInterface, crud.Search): search_kw[a] = term term_filter = ldap.make_filter(search_kw, exact=False) + member_filter = self.get_member_filter(ldap, **options) + filter = ldap.combine_filters( - (term_filter, attr_filter), rules=ldap.MATCH_ALL + (term_filter, attr_filter, member_filter), rules=ldap.MATCH_ALL ) scope = ldap.SCOPE_ONELEVEL diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index 75f40c573..6d321064d 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -212,6 +212,8 @@ class group_find(LDAPSearch): """ Search for groups. """ + member_attributes = ['member'] + msg_summary = ngettext( '%(count)d group matched', '%(count)d groups matched', 0 ) diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index 1c4cc28e8..d8e1331cc 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -123,7 +123,7 @@ class hostgroup_find(LDAPSearch): """ Search for hostgroups. """ - + member_attributes = ['member'] msg_summary = ngettext( '%(count)d hostgroup matched', '%(count)d hostgroups matched' ) diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index e79aca2ad..a000c41e4 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -171,6 +171,7 @@ class netgroup_find(LDAPSearch): """ Search for a netgroup. """ + member_attributes = ['member', 'memberuser', 'memberhost'] has_output_params = LDAPSearch.has_output_params + output_params msg_summary = ngettext( '%(count)d netgroup matched', '%(count)d netgroups matched' |