diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-09-08 16:30:33 +0200 |
|---|---|---|
| committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-09-09 16:27:53 +0200 |
| commit | 003b364c5a06a5adc89bac7371f46d534cfb4616 (patch) | |
| tree | 857696956ad6c8c1cfd1e48ffc566ba1ab812552 /ipaserver/plugins | |
| parent | cd75eb3b2557cbd97e93be3e1ceeef21b948a694 (diff) | |
| download | freeipa-003b364c5a06a5adc89bac7371f46d534cfb4616.tar.gz freeipa-003b364c5a06a5adc89bac7371f46d534cfb4616.tar.xz freeipa-003b364c5a06a5adc89bac7371f46d534cfb4616.zip | |
netgroup: avoid extraneous LDAP search when retrieving primary key from DN
DNs for netgroup entries can contain either 'cn' or 'ipauniqueid' attribute in
their leaf RDN depending on their origin. Since 'cn' is the primary key, we
can return it in `get_primary_key_from_dn` right away and avoid any extraneous
LDAP search.
https://fedorahosted.org/freeipa/ticket/5855
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
| -rw-r--r-- | ipaserver/plugins/netgroup.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/ipaserver/plugins/netgroup.py b/ipaserver/plugins/netgroup.py index f76a0ba3a..11fec0aad 100644 --- a/ipaserver/plugins/netgroup.py +++ b/ipaserver/plugins/netgroup.py @@ -237,6 +237,26 @@ class netgroup(LDAPObject): external_host_param, ) + def get_primary_key_from_dn(self, dn): + assert isinstance(dn, DN) + if not dn.rdns: + return u'' + + first_ava = dn.rdns[0][0] + if first_ava[0] == self.primary_key.name: + return unicode(first_ava[1]) + + try: + entry_attrs = self.backend.get_entry( + dn, [self.primary_key.name] + ) + try: + return entry_attrs[self.primary_key.name][0] + except (KeyError, IndexError): + return u'' + except errors.NotFound: + return unicode(dn) + @register() class netgroup_add(LDAPCreate): |