URL: https://github.com/freeipa/freeipa/pull/688
Author: redhatrises
 Title: #688: Update get_attr_filter in LDAPSearch to handle nsaccountlock user 
searches
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/688/head:pr688
git checkout pr688
From cbc48aecd8b2d3ebbfe099436ab492273693c5eb Mon Sep 17 00:00:00 2001
From: Gabe <redhatri...@gmail.com>
Date: Tue, 25 Apr 2017 07:51:17 -0600
Subject: [PATCH] Update get_attr_filter in LDAPSearch to handle nsaccountlock
 user searches

- Update get_attr_filter in LDAPSearch to handle nsaccountlock by setting the default value for
  nsaccountlock to false as well as update the filter to check for the default value
- Remove pytest xfail for test_find_enabled_user

https://pagure.io/freeipa/issue/6896
---
 API.txt                                  |  6 +++---
 ipaserver/plugins/baseldap.py            | 11 ++++++++++-
 ipaserver/plugins/user.py                |  1 +
 ipatests/test_xmlrpc/test_user_plugin.py |  3 ---
 4 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/API.txt b/API.txt
index 7850538..fa7582d 100644
--- a/API.txt
+++ b/API.txt
@@ -5923,7 +5923,7 @@ option: Str('manager?')
 option: Str('mobile*')
 option: Flag('no_members', autofill=True, default=False)
 option: Flag('noprivate', autofill=True, cli_name='noprivate', default=False)
-option: Bool('nsaccountlock?', cli_name='disabled')
+option: Bool('nsaccountlock?', cli_name='disabled', default=False)
 option: Str('ou?', cli_name='orgunit')
 option: Str('pager*')
 option: Str('postalcode?')
@@ -6052,7 +6052,7 @@ option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules')
 option: Str('not_in_netgroup*', cli_name='not_in_netgroups')
 option: Str('not_in_role*', cli_name='not_in_roles')
 option: Str('not_in_sudorule*', cli_name='not_in_sudorules')
-option: Bool('nsaccountlock?', autofill=False, cli_name='disabled')
+option: Bool('nsaccountlock?', autofill=False, cli_name='disabled', default=False)
 option: Str('ou?', autofill=False, cli_name='orgunit')
 option: Str('pager*', autofill=False)
 option: Flag('pkey_only?', autofill=True, default=False)
@@ -6109,7 +6109,7 @@ option: Str('mail*', autofill=False, cli_name='email')
 option: Str('manager?', autofill=False)
 option: Str('mobile*', autofill=False)
 option: Flag('no_members', autofill=True, default=False)
-option: Bool('nsaccountlock?', autofill=False, cli_name='disabled')
+option: Bool('nsaccountlock?', autofill=False, cli_name='disabled', default=False)
 option: Str('ou?', autofill=False, cli_name='orgunit')
 option: Str('pager*', autofill=False)
 option: Str('postalcode?', autofill=False)
diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py
index dbe3cbd..35ad96f 100644
--- a/ipaserver/plugins/baseldap.py
+++ b/ipaserver/plugins/baseldap.py
@@ -1937,7 +1937,16 @@ def get_attr_filter(self, ldap, **options):
         """
         search_kw = self.args_options_2_entry(**options)
         search_kw['objectclass'] = self.obj.object_class
-        return ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
+
+        filters = []
+        for name, value in search_kw.items():
+            default = self.get_default_of(name, **options)
+            fltr = ldap.make_filter_from_attr(name, value, ldap.MATCH_ALL)
+            if default is not None and value == default:
+                fltr = ldap.combine_filters([fltr, '(!({}=*))'.format(name)])
+            filters.append(fltr)
+
+        return ldap.combine_filters(filters, rules=ldap.MATCH_ALL)
 
     def get_term_filter(self, ldap, term):
         """
diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py
index 9eab521..948a198 100644
--- a/ipaserver/plugins/user.py
+++ b/ipaserver/plugins/user.py
@@ -380,6 +380,7 @@ class user(baseuser):
     takes_params = baseuser.takes_params + (
         Bool('nsaccountlock?',
             cli_name=('disabled'),
+            default=False,
             label=_('Account disabled'),
         ),
         Bool('preserved?',
diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py
index 098163d..7393a23 100644
--- a/ipatests/test_xmlrpc/test_user_plugin.py
+++ b/ipatests/test_xmlrpc/test_user_plugin.py
@@ -240,9 +240,6 @@ def test_find_with_pkey_only(self, user):
         result = command()
         user.check_find(result, pkey_only=True)
 
-    @pytest.mark.xfail(
-        reason="new users don't have set attribute nsaccountlock in LDAP, "
-               "thus this search doesn't return it in result")
     def test_find_enabled_user(self, user):
         """Test user-find --disabled=False with enabled user"""
         user.ensure_exists()
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to