[Freeipa-devel] [PATCH] Fix search filter generator in ldap2 for NOT operator.

Pavel Zůna Tue, 30 Nov 2010 14:29:35 -0800

Search filters generated from attributes with multiple values wereincorrect when the NOT operator was used (ldap.MATCH_NONE).


Pavel

>From 332fe9fc4d1c10fd20107afdb9328faea7d5c97c Mon Sep 17 00:00:00 2001
From: Pavel Zuna <pz...@redhat.com>
Date: Tue, 30 Nov 2010 21:53:28 -0500
Subject: [PATCH 1/2] Fix search filter generator in ldap2 for NOT operator.


Search filters generated from attributes with multiple values
were incorrect when the NOT operator was used (ldap.MATCH_NONE).
---
 ipaserver/plugins/ldap2.py |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index cbb8ddb..8f75dc0 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -450,6 +450,12 @@ class ldap2(CrudBackend, Encoder):
         """
         if isinstance(value, (list, tuple)):
             flts = []
+            if rules == self.MATCH_NONE:
+                for v in value:
+                    flts.append(
+                        self.make_filter_from_attr(attr, v, exact=exact)
+                    )
+                return '(!%s)' % self.combine_filters(flts)
             for v in value:
                 flts.append(self.make_filter_from_attr(attr, v, rules, exact))
             return self.combine_filters(flts, rules)
-- 
1.7.1.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Fix search filter generator in ldap2 for NOT operator.

Reply via email to