diff options
-rw-r--r-- | ipa-admintools/ipa-findgroup | 16 | ||||
-rw-r--r-- | ipa-python/ipaclient.py | 8 | ||||
-rw-r--r-- | ipa-python/rpcclient.py | 17 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 31 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/ipaxmlrpc.py | 1 |
5 files changed, 72 insertions, 1 deletions
diff --git a/ipa-admintools/ipa-findgroup b/ipa-admintools/ipa-findgroup index 9e87a8a5c..a263ba640 100644 --- a/ipa-admintools/ipa-findgroup +++ b/ipa-admintools/ipa-findgroup @@ -48,7 +48,7 @@ def main(): try: client = ipaclient.IPAClient() - groups = client.find_groups(args[1]) + groups = client.find_groups(args[1], ['cn','description','gidnumber']) counter = groups[0] groups = groups[1:] @@ -57,6 +57,12 @@ def main(): return 2 for ent in groups: + try: + members = client.memberOf(ent.dn, ['dn','cn']) + except ipa.ipaerror.IPAError, e: + print "Error getting members for " + ent.dn + print str(e) + continue attr = ent.attrList() print "dn: " + ent.dn @@ -69,6 +75,14 @@ def main(): print a + ": " for l in value: print "\t" + l + + counter = members[0] + members = members[1:] + + if counter > 0: + print "Members:" + for m in members: + print " " + m['cn'] + ": " + m['dn'] # blank line between results print diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index 9464ee77e..b0dd8ee6e 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -316,3 +316,11 @@ class IPAClient: """Convert a list of LDAP attributes into a more readable form.""" return self.transport.attrs_to_labels(attrs) + + def memberOf(self, groupdn, attr_list): + """Do a memberOf search of groupdn and return the attributes in + attr_list (an empty list returns everything).""" + + return self.transport.memberOf(groupdn, attr_list) + + diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index a69fd1338..7f87ac040 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -574,3 +574,20 @@ class RPCClient: raise xmlrpclib.Fault(value, msg) return ipautil.unwrap_binary_data(result) + + def memberOf(self, groupdn, attr_list=None): + """Do a memberOf search of groupdn and return the attributes in + attr_list (an empty list returns everything).""" + + if attr_list is None: + attr_list = "__NONE__" + + server = self.setup_server() + try: + result = server.memberOf(groupdn, attr_list) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 257e84d2e..9f8780048 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1061,6 +1061,37 @@ class IPAServer: return label_list + def memberOf(self, groupdn, attr_list, opts=None): + """Do a memberOf search of groupdn and return the attributes in + attr_list (an empty list returns everything).""" + + # TODO - retrieve from config + timelimit = 2 + + searchlimit = 0 + + groupdn = self.__safe_filter(groupdn) + filter = "(memberOf=%s)" % groupdn + + conn = self.getConnection(opts) + try: + results = conn.getListAsync(self.basedn, self.scope, + filter, attr_list, 0, None, None, timelimit, + searchlimit) + except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): + results = [0] + finally: + self.releaseConnection(conn) + + counter = results[0] + results = results[1:] + + entries = [counter] + for e in results: + entries.append(self.convert_entry(e)) + + return entries + def ldap_search_escape(match): """Escapes out nasty characters from the ldap search. See RFC 2254.""" diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py index 64e5fa68c..863273659 100644 --- a/ipa-server/xmlrpc-server/ipaxmlrpc.py +++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py @@ -350,6 +350,7 @@ def handler(req, profiling=False): h.register_function(f.update_group) h.register_function(f.delete_group) h.register_function(f.attrs_to_labels) + h.register_function(f.memberOf) h.handle_request(req) finally: pass |