Filter users in LDAP backend (bug 1052925)

Change-Id: I004e569756698098bf073f5516945f356f88bfea
author: Jose Castro Leon <jose.castro.leon@cern.ch> 2012-10-10 08:46:51 +0200
committer: Jose Castro Leon <jose.castro.leon@cern.ch> 2012-10-10 08:50:57 +0200
commit: df8d6cc719d2af514794bfd29bc9eb63271e2079 (patch)
tree: 9bc39af8af513c279b301d0eea095e7dd2729b45 /keystone/common
parent: 3ec3c7aed1728f0a0b48097cfc472b68dfd902db (diff)
1 files changed, 12 insertions, 5 deletions
diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py
index 027bc1be..4a80d66a 100644
--- a/keystone/common/ldap/core.py
+++ b/keystone/common/ldap/core.py
@@ -65,6 +65,7 @@ class BaseLdap(object):
     DEFAULT_STRUCTURAL_CLASSES = None
     DEFAULT_ID_ATTR = 'cn'
     DEFAULT_OBJECTCLASS = None
+    DEFAULT_FILTER = None
     DUMB_MEMBER_DN = 'cn=dumb,dc=nonexistent'
     options_name = None
     model = None
@@ -93,6 +94,9 @@ class BaseLdap(object):
             self.object_class = (getattr(conf.ldap, objclass)
                                  or self.DEFAULT_OBJECTCLASS)
 
+            filter = '%s_filter' % self.options_name
+            self.filter = getattr(conf.ldap, filter) or self.DEFAULT_FILTER
+
             allow_create = '%s_allow_create' % self.options_name
             self.allow_create = getattr(conf.ldap, allow_create)
 
@@ -198,9 +202,10 @@ class BaseLdap(object):
     def _ldap_get(self, id, filter=None):
         conn = self.get_connection()
         query = '(objectClass=%s)' % self.object_class
-        if filter is not None:
-            query = '(&%s%s)' % (filter, query)
-
+        if (filter is not None or self.filter is not None):
+            localfilter = self.filter if self.filter is not None else ''
+            paramfilter = filter if filter is not None else ''
+            query = '(&%s%s%s)' % (localfilter, paramfilter, query)
         try:
             res = conn.search_s(self._id_to_dn(id), ldap.SCOPE_BASE, query)
         except ldap.NO_SUCH_OBJECT:
@@ -214,8 +219,10 @@ class BaseLdap(object):
     def _ldap_get_all(self, filter=None):
         conn = self.get_connection()
         query = '(objectClass=%s)' % (self.object_class,)
-        if filter is not None:
-            query = '(&%s%s)' % (filter, query)
+        if (filter is not None or self.filter is not None):
+            localfilter = self.filter if self.filter is not None else ''
+            paramfilter = filter if filter is not None else ''
+            query = '(&%s%s%s)' % (localfilter, paramfilter, query)
         try:
             return conn.search_s(self.tree_dn, ldap.SCOPE_ONELEVEL, query)
         except ldap.NO_SUCH_OBJECT:
author	Jose Castro Leon <jose.castro.leon@cern.ch>	2012-10-10 08:46:51 +0200
committer	Jose Castro Leon <jose.castro.leon@cern.ch>	2012-10-10 08:50:57 +0200
commit	df8d6cc719d2af514794bfd29bc9eb63271e2079 (patch)
tree	9bc39af8af513c279b301d0eea095e7dd2729b45 /keystone/common
parent	3ec3c7aed1728f0a0b48097cfc472b68dfd902db (diff)