[389-devel] [lib389] Deref control advice needed

[William Brown]

Hi,

In relation to ticket 47757, I have started work on a deref control for Noriko.
The idea is to get it working in lib389, then get it upstreamed into pyldap.

At this point it's all done, except that the actual request control doesn't
appear to work. Could one of the lib389 / ldap python experts cast their eye
over this and let me know where I've gone wrong? 

For one, I don't think that the DerferenceControl decodeControlValue function is
ever called, as I'm never seeing the encodedControlValue printed in my logs.

Second, the results I get from result3 are:

[('cn=testgroup,dc=example,dc=com', {'objectClass': ['top', 'extensibleobject'],
'uniqueMember': ['uid=test,dc=example,dc=com'], 'cn': ['testgroup']})]
[]

Which again, doesn't seem correct, as there should be a result from the control.

Additionally, any tips on how to make the code nicer would be appreciated.

I've attached the complete patch, with a unit test to trigger the search, but
the request control looks like:


 controlValue ::= SEQUENCE OF derefSpec DerefSpec

 DerefSpec ::= SEQUENCE {
 derefAttr   attributeDescription,; with DN syntax
 attributes  AttributeList }

 AttributeList ::= SEQUENCE OF attr AttributeDescription

class AttributeList(univ.SequenceOf):
componentType = AttributeDescription()

class DerefSpec(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('derefAttr', AttributeDescription()),
namedtype.NamedType('attributes', AttributeList()),
)

class ControlValue(univ.SequenceOf):
componentType = DerefSpec()

class DereferenceControl(LDAPControl):

Dereference Control


def __init__(self, criticality, deref):
LDAPControl.__init__(self, CONTROL_DEREF, criticality)
self.deref = deref

def encodeControlValue(self):
# How does -E ask for many values?
derefAttr, attributes = self.deref.split(':')
attributes = attributes.split(',')
al = AttributeList()
i = 0
while len(attributes)  0:
al.setComponentByPosition(i, attributes.pop())
i += 1
ds = DerefSpec()
ds.setComponentByName('derefAttr', derefAttr)
ds.setComponentByName('attributes', al)
cv = ControlValue()
cv.setComponentByPosition(0, ds)
print(cv.prettyPrint())
return encoder.encode(cv)

def decodeControlValue(self,encodedControlValue):
print(encodedControlValue)

From eb3dede21afcfb930d9c45ee0d83d309683f02ce Mon Sep 17 00:00:00 2001
From: William Brown will...@blackhats.net.au
Date: Tue, 25 Aug 2015 15:38:11 +0930
Subject: [PATCH] Add dereference request control to lib389 for testing.

---
 lib389/__init__.py| 99 +++
 lib389/_constants.py  |  6 +++
 tests/dereference_test.py | 75 +++
 3 files changed, 180 insertions(+)
 create mode 100644 tests/dereference_test.py

diff --git a/lib389/__init__.py b/lib389/__init__.py
index 8dfe28f..1f3e6a4 100644
--- a/lib389/__init__.py
+++ b/lib389/__init__.py
@@ -73,6 +73,65 @@ MAJOR, MINOR, _, _, _ = sys.version_info
 
 if MAJOR = 3 or (MAJOR == 2 and MINOR = 7):
 from ldap.controls.simple import GetEffectiveRightsControl
+from ldap.controls import LDAPControl
+
+from pyasn1.type import namedtype,univ
+from pyasn1.codec.ber import encoder,decoder
+from pyasn1_modules.rfc2251 import AttributeDescription
+
+# Could use AttributeDescriptionList
+
+
+ controlValue ::= SEQUENCE OF derefSpec DerefSpec
+
+ DerefSpec ::= SEQUENCE {
+ derefAttr   attributeDescription,; with DN syntax
+ attributes  AttributeList }
+
+ AttributeList ::= SEQUENCE OF attr AttributeDescription
+
+class AttributeList(univ.SequenceOf):
+componentType = AttributeDescription()
+
+class DerefSpec(univ.Sequence):
+componentType = namedtype.NamedTypes(
+namedtype.NamedType('derefAttr', AttributeDescription()),
+namedtype.NamedType('attributes', AttributeList()),
+)
+
+class ControlValue(univ.SequenceOf):
+componentType = DerefSpec()
+
+class DereferenceControl(LDAPControl):
+
+Dereference Control
+
+
+def __init__(self, criticality, deref):
+LDAPControl.__init__(self, CONTROL_DEREF, criticality)
+self.deref = deref
+
+def encodeControlValue(self):
+# How does -E ask for many values?
+derefAttr, attributes = self.deref.split(':')
+attributes = attributes.split(',')
+al = AttributeList()
+i = 0
+while len(attributes)  0:
+al.setComponentByPosition(i, attributes.pop())
+i += 1
+  

[389-devel] Please review (regression): [389 Project] #48228: wrong password check if passwordInHistory is decreased.

[Noriko Hosoi]

https://fedorahosted.org/389/ticket/48228

https://fedorahosted.org/389/attachment/ticket/48228/0001-Ticket-48228-wrong-password-check-if-passwordInHisto.2.patch
--
389-devel mailing list
389-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (2 tickets): #47757 and #48252

[Noriko Hosoi]

#47757: Unable to dereference unqiemember attribute because it is dn 
[#UID] not dn syntax

https://fedorahosted.org/389/ticket/47757
https://fedorahosted.org/389/attachment/ticket/47757/0001-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch

#48252: db2index creates index entry from deleted records
https://fedorahosted.org/389/ticket/48252
https://fedorahosted.org/389/attachment/ticket/48252/0001-Ticket-48252-db2index-creates-index-entry-from-delet.patch
https://fedorahosted.org/389/attachment/ticket/48252/0002-Ticket-48252-CI-test-added-test-cases-for-ticket-482.patch
https://fedorahosted.org/389/attachment/ticket/48252/0001-Ticket-48252-lib389-adding-get_bin_dir-and-dbscan.patch

--
389-devel mailing list
389-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 2 to fix regression): [389 Project] #48228: wrong password check if passwordInHistory is decreased.

[Noriko Hosoi]

https://fedorahosted.org/389/ticket/48228

https://fedorahosted.org/389/attachment/ticket/48228/0001-Ticket-48228-wrong-password-check-if-passwordInHisto.2.patch
git patch file (master) -- revised: fixing the regression in the 
previous patch (broken qsort)

--
389-devel mailing list
389-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel