URL: https://github.com/freeipa/freeipa/pull/812
Author: felipevolpone
Title: #812: [WIP] Refactoring cert-find to use API call directly instead of
using
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/812/head:pr812
git checkout pr812
From 352e502ae62e35144810a10bca1db5f909e99759 Mon Sep 17 00:00:00 2001
From: Felipe Volpone <fbarr...@redhat.com>
Date: Fri, 26 May 2017 10:28:21 -0300
Subject: [PATCH 1/2] Changing the LDAP search to do not use krbCanonicalName
directly, instead it will use krbPrincipalName
---
ipaserver/plugins/cert.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index fbda6ca6ca..eba85636f4 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1520,7 +1520,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
filters.append(filter)
filter = ldap.make_filter_from_attr(
- owner.primary_key.name,
+ 'krbPrincipalName',
value,
rule)
filters.append(filter)
From 942b1fcca13ff2ed656e08b1e9d231560ec78b85 Mon Sep 17 00:00:00 2001
From: Felipe Volpone <felipevolp...@gmail.com>
Date: Wed, 31 May 2017 11:37:27 -0300
Subject: [PATCH 2/2] Changing the LDAP search to do not use krbCanonicalName
directly, instead it will use krbPrincipalName
---
ipaserver/plugins/cert.py | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index eba85636f4..1816627b28 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1090,8 +1090,8 @@ def get_params(self):
param = param.clone(flags=param.flags - {'no_search'})
yield param
- for owner in self._owners():
- yield owner.primary_key.clone_rename(
+ for owner, owner_pkey in self._owners():
+ yield owner_pkey.clone_rename(
'owner_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1101,15 +1101,22 @@ def get_params(self):
)
def _owners(self):
- for name in ('user', 'host', 'service'):
- yield self.api.Object[name]
+ for obj_name, pkey_name in [('user', None),
+ ('host', None),
+ ('service', 'krbprincipalname')]:
+ obj = self.api.Object[obj_name]
+ if pkey_name is None:
+ pkey = obj.primary_key
+ else:
+ pkey = obj.params[pkey_name]
+ yield obj, pkey
def _fill_owners(self, obj):
dns = obj.pop('owner', None)
if dns is None:
return
- for owner in self._owners():
+ for owner, __ in self._owners():
container_dn = DN(owner.container_dn, self.api.env.basedn)
name = 'owner_' + owner.name
for dn in dns:
@@ -1373,8 +1380,8 @@ def get_options(self):
option = option.clone(default=None, autofill=None)
yield option
- for owner in self.obj._owners():
- yield owner.primary_key.clone_rename(
+ for owner, owner_pkey in self.obj._owners():
+ yield owner_pkey.clone_rename(
'{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1385,7 +1392,7 @@ def get_options(self):
owner.object_name_plural),
label=owner.object_name,
)
- yield owner.primary_key.clone_rename(
+ yield owner_pkey.clone_rename(
'no_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
ldap = self.api.Backend.ldap2
filters = []
- for owner in self.obj._owners():
+ for owner, owner_pkey in self.obj._owners():
for prefix, rule in (('', ldap.MATCH_ALL),
('no_', ldap.MATCH_NONE)):
try:
@@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
filters.append(filter)
filter = ldap.make_filter_from_attr(
- 'krbPrincipalName',
+ owner_pkey.name,
value,
rule)
filters.append(filter)
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
