URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: Refactoring cert-find to use API call directly instead of using Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/812/head:pr812 git checkout pr812
From c8913f875b56af412ae0eedb299a9ad9505415ec Mon Sep 17 00:00:00 2001 From: Felipe Volpone <felipevolp...@gmail.com> Date: Thu, 1 Jun 2017 16:53:11 -0300 Subject: [PATCH] Changing cert-find to do not use only primary key to search in LDAP. In service.py the primary key is krbCanonicalName, which we don't want to use to do searchs. Now, cert-find uses primary key or a specified attribute to do searches in LDAP, instead of using only a primary key. https://pagure.io/freeipa/issue/6948 --- ipaserver/plugins/cert.py | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index fbda6ca6ca..b62f82541d 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1090,8 +1090,8 @@ def get_params(self): param = param.clone(flags=param.flags - {'no_search'}) yield param - for owner in self._owners(): - yield owner.primary_key.clone_rename( + for owner, search_key in self._owners(): + yield search_key.clone_rename( 'owner_{0}'.format(owner.name), required=False, multivalue=True, @@ -1101,15 +1101,22 @@ def get_params(self): ) def _owners(self): - for name in ('user', 'host', 'service'): - yield self.api.Object[name] + for obj_name, search_key in [('user', None), + ('host', None), + ('service', 'krbprincipalname')]: + obj = self.api.Object[obj_name] + if search_key is None: + pkey = obj.primary_key + else: + pkey = obj.params[search_key] + yield obj, pkey def _fill_owners(self, obj): dns = obj.pop('owner', None) if dns is None: return - for owner in self._owners(): + for owner, _search_key in self._owners(): container_dn = DN(owner.container_dn, self.api.env.basedn) name = 'owner_' + owner.name for dn in dns: @@ -1373,8 +1380,8 @@ def get_options(self): option = option.clone(default=None, autofill=None) yield option - for owner in self.obj._owners(): - yield owner.primary_key.clone_rename( + for owner, search_key in self.obj._owners(): + yield search_key.clone_rename( '{0}'.format(owner.name), required=False, multivalue=True, @@ -1385,7 +1392,7 @@ def get_options(self): owner.object_name_plural), label=owner.object_name, ) - yield owner.primary_key.clone_rename( + yield search_key.clone_rename( 'no_{0}'.format(owner.name), required=False, multivalue=True, @@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): ldap = self.api.Backend.ldap2 filters = [] - for owner in self.obj._owners(): + for owner, search_key in self.obj._owners(): for prefix, rule in (('', ldap.MATCH_ALL), ('no_', ldap.MATCH_NONE)): try: @@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( - owner.primary_key.name, + search_key.name, value, rule) filters.append(filter)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org