Use the global time and size limits on searches if not user-provided.
This removes the default settings for searching but the option is still there.
I also added a test to ensure that the limit is properly enforced and the truncated flag is set.
rob
>From f3ddbcf8202c6d0fe578a369c094b4935aa9f33c Mon Sep 17 00:00:00 2001 From: Rob Crittenden <[email protected]> Date: Wed, 18 Aug 2010 14:04:58 -0400 Subject: [PATCH] Use global time and size limit values when searching. Add test to verify that limit is honored and truncated flag set. ticket #48 --- ipalib/plugins/baseldap.py | 22 ++++++++++------------ ipaserver/plugins/ldap2.py | 22 +++++++++++++++++----- tests/test_xmlrpc/test_user_plugin.py | 25 +++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 17 deletions(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 69bda6d..1757a45 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -829,21 +829,19 @@ class LDAPSearch(CallbackInterface, crud.Search): Retrieve all LDAP entries matching the given criteria. """ takes_options = ( - Int('timelimit', + Int('timelimit?', label=_('Time Limit'), - doc=_('Time limit of search in seconds (default 1)'), - flags=['no_dispaly'], + doc=_('Time limit of search in seconds'), + flags=['no_display'], minvalue=0, - default=1, - autofill=True, + autofill=False, ), - Int('sizelimit', + Int('sizelimit?', label=_('Size Limit'), - doc=_('Maximum number of entries returned (default 3000)'), - flags=['no_dispaly'], + doc=_('Maximum number of entries returned'), + flags=['no_display'], minvalue=0, - default=3000, - autofill=True, + autofill=False, ), ) @@ -911,8 +909,8 @@ class LDAPSearch(CallbackInterface, crud.Search): try: (entries, truncated) = ldap.find_entries( filter, attrs_list, base_dn, scope=ldap.SCOPE_ONELEVEL, - time_limit=options.get('timelimit', 1), - size_limit=options.get('sizelimit', 3000) + time_limit=options.get('timelimit', None), + size_limit=options.get('sizelimit', None) ) except errors.ExecutionError, e: try: diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 81c2aeb..79d6d99 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -466,7 +466,7 @@ class ldap2(CrudBackend, Encoder): @encode_args(1, 2, 3) @decode_retval() def find_entries(self, filter, attrs_list=None, base_dn='', - scope=_ldap.SCOPE_SUBTREE, time_limit=1, size_limit=3000, + scope=_ldap.SCOPE_SUBTREE, time_limit=None, size_limit=None, normalize=True): """ Return a list of entries [(dn, entry_attrs)] matching specified @@ -477,8 +477,8 @@ class ldap2(CrudBackend, Encoder): attrs_list -- list of attributes to return, all if None (default None) base_dn -- dn of the entry at which to start the search (default '') scope -- search scope, see LDAP docs (default ldap2.SCOPE_SUBTREE) - time_limit -- time limit in seconds (default 1) - size_limit -- size (number of entries returned) limit (default 3000) + time_limit -- time limit in seconds (default use IPA config values) + size_limit -- size (number of entries returned) limit (default use IPA config values) normalize -- normalize the DN (default True) """ if normalize: @@ -488,6 +488,17 @@ class ldap2(CrudBackend, Encoder): res = [] truncated = False + if time_limit is None or size_limit is None: + (cdn, config) = self.get_ipa_config() + if time_limit is None: + time_limit = config.get('ipasearchtimelimit')[0] + if size_limit is None: + size_limit = config.get('ipasearchrecordslimit')[0] + if not isinstance(size_limit, int): + size_limit = int(size_limit) + if not isinstance(time_limit, float): + time_limit = float(time_limit) + # pass arguments to python-ldap try: id = self.conn.search_ext( @@ -534,8 +545,9 @@ class ldap2(CrudBackend, Encoder): def get_ipa_config(self): """Returns the IPA configuration entry (dn, entry_attrs).""" - filter = '(cn=ipaConfig)' - return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0][0] + cdn = "%s,%s" % (api.Object.config.get_dn(), api.env.basedn) + return self.find_entries(None, None, cdn, self.SCOPE_BASE, + time_limit=2, size_limit=10)[0][0] def get_schema(self): """Returns a copy of the current LDAP schema.""" diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py index 4bae4c8..1cbccbb 100644 --- a/tests/test_xmlrpc/test_user_plugin.py +++ b/tests/test_xmlrpc/test_user_plugin.py @@ -209,6 +209,31 @@ class test_user(Declarative): dict( + desc='Search for all users with a limit of 1', + command=( + 'user_find', [], dict(sizelimit=1,), + ), + expected=dict( + result=[ + dict( + dn=u'uid=admin,cn=users,cn=accounts,' + api.env.basedn, + homedirectory=[u'/home/admin'], + loginshell=[u'/bin/bash'], + sn=[u'Administrator'], + uid=[u'admin'], + memberof_group=[u'admins'], + memberof_rolegroup=[u'replicaadmin'], + memberof_taskgroup=[u'managereplica', u'deletereplica'], + ), + ], + summary=u'1 user matched', + count=1, + truncated=True, + ), + ), + + + dict( desc='Lock %r' % user1, command=( 'user_lock', [user1], {} -- 1.7.2.1
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
