Improve performance by specifying basedn to find_entry_by_attr()
function in ldap2 and passwd plugins.

https://fedorahosted.org/freeipa/ticket/1165

>From d0632e497d2ac95ff7cc2e8a8082c69c890d900e Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Thu, 12 May 2011 14:43:13 +0200
Subject: [PATCH] Limit passwd plugin to user container

Improve performance by specifying basedn to find_entry_by_attr()
function in ldap2 and passwd plugins.

https://fedorahosted.org/freeipa/ticket/1165
---
 ipalib/plugins/passwd.py   |    3 ++-
 ipaserver/plugins/ldap2.py |    3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ipalib/plugins/passwd.py b/ipalib/plugins/passwd.py
index 4ecd224d96663c6abc09577f484275a0946a8bbd..b740c481d254b855983ac657aeca3ac0f4c70aba 100644
--- a/ipalib/plugins/passwd.py
+++ b/ipalib/plugins/passwd.py
@@ -85,7 +85,8 @@ class passwd(Command):
             principal = '%s@%s' % (principal, self.api.env.realm)
 
         (dn, entry_attrs) = ldap.find_entry_by_attr(
-            'krbprincipalname', principal, 'posixaccount', ['']
+            'krbprincipalname', principal, 'posixaccount', [''],
+            ",".join([api.env.container_user, api.env.basedn])
         )
 
         ldap.modify_password(dn, password)
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 48629c0b48cb28213756c291b835f4efd59f89cf..ec873734b25d408c9a4a8762846e835753be808b 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -689,7 +689,8 @@ class ldap2(CrudBackend, Encoder):
            attributes and the entryLevelRights for the entry itself.
         """
         principal = getattr(context, 'principal')
-        (binddn, attrs) = self.find_entry_by_attr("krbprincipalname", principal, "krbPrincipalAux")
+        (binddn, attrs) = self.find_entry_by_attr("krbprincipalname", principal, "krbPrincipalAux",
+                                                  ",".join([api.env.container_user, api.env.basedn]))
         sctrl = [LDAPControl("1.3.6.1.4.1.42.2.27.9.5.2", True, "dn: " + binddn.encode('UTF-8'))]
         self.conn.set_option(_ldap.OPT_SERVER_CONTROLS, sctrl)
         (dn, attrs) = self.get_entry(dn, entry_attrs)
-- 
1.7.4.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to