URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: [WIP] Refactoring cert-find to use API call directly instead of using Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/812/head:pr812 git checkout pr812
From 352e502ae62e35144810a10bca1db5f909e99759 Mon Sep 17 00:00:00 2001 From: Felipe Volpone <fbarr...@redhat.com> Date: Fri, 26 May 2017 10:28:21 -0300 Subject: [PATCH 1/2] Changing the LDAP search to do not use krbCanonicalName directly, instead it will use krbPrincipalName --- ipaserver/plugins/cert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index fbda6ca6ca..eba85636f4 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1520,7 +1520,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( - owner.primary_key.name, + 'krbPrincipalName', value, rule) filters.append(filter) From 942b1fcca13ff2ed656e08b1e9d231560ec78b85 Mon Sep 17 00:00:00 2001 From: Felipe Volpone <felipevolp...@gmail.com> Date: Wed, 31 May 2017 11:37:27 -0300 Subject: [PATCH 2/2] Changing the LDAP search to do not use krbCanonicalName directly, instead it will use krbPrincipalName --- ipaserver/plugins/cert.py | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index eba85636f4..1816627b28 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1090,8 +1090,8 @@ def get_params(self): param = param.clone(flags=param.flags - {'no_search'}) yield param - for owner in self._owners(): - yield owner.primary_key.clone_rename( + for owner, owner_pkey in self._owners(): + yield owner_pkey.clone_rename( 'owner_{0}'.format(owner.name), required=False, multivalue=True, @@ -1101,15 +1101,22 @@ def get_params(self): ) def _owners(self): - for name in ('user', 'host', 'service'): - yield self.api.Object[name] + for obj_name, pkey_name in [('user', None), + ('host', None), + ('service', 'krbprincipalname')]: + obj = self.api.Object[obj_name] + if pkey_name is None: + pkey = obj.primary_key + else: + pkey = obj.params[pkey_name] + yield obj, pkey def _fill_owners(self, obj): dns = obj.pop('owner', None) if dns is None: return - for owner in self._owners(): + for owner, __ in self._owners(): container_dn = DN(owner.container_dn, self.api.env.basedn) name = 'owner_' + owner.name for dn in dns: @@ -1373,8 +1380,8 @@ def get_options(self): option = option.clone(default=None, autofill=None) yield option - for owner in self.obj._owners(): - yield owner.primary_key.clone_rename( + for owner, owner_pkey in self.obj._owners(): + yield owner_pkey.clone_rename( '{0}'.format(owner.name), required=False, multivalue=True, @@ -1385,7 +1392,7 @@ def get_options(self): owner.object_name_plural), label=owner.object_name, ) - yield owner.primary_key.clone_rename( + yield owner_pkey.clone_rename( 'no_{0}'.format(owner.name), required=False, multivalue=True, @@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): ldap = self.api.Backend.ldap2 filters = [] - for owner in self.obj._owners(): + for owner, owner_pkey in self.obj._owners(): for prefix, rule in (('', ldap.MATCH_ALL), ('no_', ldap.MATCH_NONE)): try: @@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( - 'krbPrincipalName', + owner_pkey.name, value, rule) filters.append(filter)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org