Re: [Freeipa-devel] [PATCH] 178+179 Add missing managing hosts filtering options
On 1/26/2012 6:48 AM, Martin Kosek wrote: Sorry for the delay. I applied 178-2 and rebased 179-2 into 179-3 (patch attached). It works except for one issue, when the host has no managedby, calling host-find with either of these options will generate an internal error. Thanks for the review Endi and a good catch. I rebased the patches and fixed this issue. I had to rebase 179 again (patch attached) due to a recent API.txt and VERSION change. ACK and pushed to master and ipa-2-2. -- Endi S. Dewata From f7ad9baf1390ea4f6178288616828a7b0bfae29c Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 26 Jan 2012 13:41:39 +0100 Subject: [PATCH 2/2] Add missing managing hosts filtering options Host object has a virtual attribute "managing" containing all hosts it manages (governed by managedBy attribute). This patch also adds standard membership filtering options: --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host in HOSTS are returned https://fedorahosted.org/freeipa/ticket/1675 --- API.txt |4 ++- VERSION |2 +- ipalib/plugins/baseldap.py| 50 +--- ipalib/plugins/host.py| 47 +++ tests/test_xmlrpc/test_host_plugin.py | 33 + 5 files changed, 111 insertions(+), 25 deletions(-) diff --git a/API.txt b/API.txt index ebf23181ad8f5b8754394a351a4bff29affb8bd7..d87dfc3b2f62a21c3dc2092194b3f4463607d510 100644 --- a/API.txt +++ b/API.txt @@ -1697,7 +1697,7 @@ output: Output('summary', (, ), None) output: Output('result', , None) output: Output('value', , None) command: host_find -args: 1,29,4 +args: 1,31,4 arg: Str('criteria?', noextrawhitespace=False) option: Str('fqdn', attribute=True, autofill=False, cli_name='hostname', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9][a-zA-Z0-9-\\.]{0,254}$', pattern_errmsg='may only include letters, numbers, and -', primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) @@ -1728,6 +1728,8 @@ option: Str('enroll_by_user*', cli_name='enroll_by_users', csv=True) option: Str('not_enroll_by_user*', cli_name='not_enroll_by_users', csv=True) option: Str('man_by_host*', cli_name='man_by_hosts', csv=True) option: Str('not_man_by_host*', cli_name='not_man_by_hosts', csv=True) +option: Str('man_host*', cli_name='man_hosts', csv=True) +option: Str('not_man_host*', cli_name='not_man_hosts', csv=True) output: Output('summary', (, ), None) output: ListOfEntries('result', (, ), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) output: Output('count', , None) diff --git a/VERSION b/VERSION index 2afbba27df3864db51223e9c7dfa9b185a466853..12316e411e8c97619608a07d217d9adf5e509dbf 100644 --- a/VERSION +++ b/VERSION @@ -79,4 +79,4 @@ IPA_DATA_VERSION=2010061412 # # IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=22 +IPA_API_VERSION_MINOR=23 diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 3d6480458a852ed43547384072def0d9ecca7e9d..f59a0d4106729573cfdbd8bdf2c407619eb051d5 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1595,6 +1595,31 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): for arg in super(crud.Search, self).get_args(): yield arg +def get_member_options(self, attr): +for ldap_obj_name in self.obj.attribute_members[attr]: +ldap_obj = self.api.Object[ldap_obj_name] +relationship = self.obj.relationships.get( +attr, ['member', '', 'no_'] +) +doc = self.member_param_incl_doc % ( +self.obj.object_name_plural, relationship[0].lower(), +ldap_obj.object_name_plural +) +name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) +yield Str( +'%s*' % name, cli_name='%ss' % name, doc=doc, +label=ldap_obj.object_name, csv=True +) +doc = self.member_param_excl_doc % ( +self.obj.object_name_plural, relationship[0].lower(), +ldap_obj.object_name_plural +) +name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) +yield Str( +'%s*' % name, cli_name='%ss' % name, doc=doc, +label=ldap_obj.object_name, csv=True +) + def get_options(self): for option in super(LDAPSearch, self).get_options(): yield option @@ -1602,29 +1627,8 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): 'no_output' not in self.obj.primary_key.flags: yield gen_pkey_only_option(se
Re: [Freeipa-devel] [PATCH] 178+179 Add missing managing hosts filtering options
On Thu, 2012-01-26 at 00:07 -0600, Endi Sukma Dewata wrote: > On 12/13/2011 8:13 AM, Martin Kosek wrote: > Host object has a virtual attribute "managing" containing all hosts > it manages (governed by managedBy attribute). This patch also adds > standard membership filtering options: > --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned > --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host > in HOSTS are returned > > https://fedorahosted.org/freeipa/ticket/1675 > >>> > >>> ACK, it works for me. I'll update the UI to use the new option. > >> > >> I take that back. It's NACK. > >> Patch #178 causes the dnszone-find --forward-only to return the reverse > >> zone. > > > > Good catch, thanks. Fixed. > > Sorry for the delay. I applied 178-2 and rebased 179-2 into 179-3 (patch > attached). It works except for one issue, when the host has no > managedby, calling host-find with either of these options will generate > an internal error. > > # ipa host-add test.example.com --force > - > Added host "test.example.com" > - >Host name: test.example.com >Principal name: host/test.example@example.com >Password: False >Keytab: False >Managed by: test.example.com > > # ipa host-remove-managedby test.example.com --hosts=test.example.com >Host name: test.example.com >Principal name: host/test.example@example.com > --- > Number of members removed 1 > --- > > # ipa host-find --man-hosts=test.example.com > ipa: ERROR: an internal error has occurred > > The above command should have returned no hosts. > > # ipa host-find --not-man-hosts=test.example.com > ipa: ERROR: an internal error has occurred > > The above command should have returned all hosts. > Thanks for the review Endi and a good catch. I rebased the patches and fixed this issue. Martin >From 363107d725ec581fa24e518d1786c13125e432b5 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 8 Dec 2011 17:34:26 +0100 Subject: [PATCH 1/2] Fix ldap2 combine_filters for ldap2.MATCH_NONE "!" is a unary LDAP filter operator and cannot be treated in the same way as binary operators ("&", "|"). Otherwise, an invalid LDAP filter is created. https://fedorahosted.org/freeipa/ticket/1675 --- ipaserver/plugins/ldap2.py | 24 ++-- 1 files changed, 10 insertions(+), 14 deletions(-) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 0698034591328d9fef60cc83f7d09a1c79f675ce..dbe6084f02f5e43d165d9b609f2642f1f8e6ffe1 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -575,6 +575,10 @@ class ldap2(CrudBackend, Encoder): """ assert isinstance(filters, (list, tuple)) filters = [f for f in filters if f] +if filters and rules == self.MATCH_NONE: # unary operator +return '(%s%s)' % (self.MATCH_NONE, + self.combine_filters(filters, self.MATCH_ANY)) + if len(filters) > 1: flt = '(%s' % rules else: @@ -603,19 +607,10 @@ class ldap2(CrudBackend, Encoder): False - forbid trailing filter wildcard when exact=False """ if isinstance(value, (list, tuple)): -flts = [] -if rules == self.MATCH_NONE: -for v in value: -flts.append( -self.make_filter_from_attr(attr, v, exact=exact, +make_filter_rules = self.MATCH_ANY if rules == self.MATCH_NONE else rules +flts = [ self.make_filter_from_attr(attr, v, exact=exact, leading_wildcard=leading_wildcard, -trailing_wildcard=trailing_wildcard) -) -return '(!%s)' % self.combine_filters(flts) -for v in value: -flts.append(self.make_filter_from_attr(attr, v, rules, exact, -leading_wildcard=leading_wildcard, -trailing_wildcard=trailing_wildcard)) +trailing_wildcard=trailing_wildcard) for v in value ] return self.combine_filters(flts, rules) elif value is not None: value = _ldap_filter.escape_filter_chars(value) @@ -651,11 +646,12 @@ class ldap2(CrudBackend, Encoder): ldap2.MATCH_ALL - match entries that match all attributes ldap2.MATCH_ANY - match entries that match any of attribute """ +make_filter_rules = self.MATCH_ANY if rules == self.MATCH_NONE else rules flts = [] if attrs_list is None: for (k, v) in entry_attrs.iteritems(): flts.append( -self.make_filter_from_attr(k, v, rules, exact, +self.make_filter_from_attr(k, v, make_filter_rules, exact,
Re: [Freeipa-devel] [PATCH] 178+179 Add missing managing hosts filtering options
On 12/13/2011 8:13 AM, Martin Kosek wrote: Host object has a virtual attribute "managing" containing all hosts it manages (governed by managedBy attribute). This patch also adds standard membership filtering options: --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host in HOSTS are returned https://fedorahosted.org/freeipa/ticket/1675 ACK, it works for me. I'll update the UI to use the new option. I take that back. It's NACK. Patch #178 causes the dnszone-find --forward-only to return the reverse zone. Good catch, thanks. Fixed. Sorry for the delay. I applied 178-2 and rebased 179-2 into 179-3 (patch attached). It works except for one issue, when the host has no managedby, calling host-find with either of these options will generate an internal error. # ipa host-add test.example.com --force - Added host "test.example.com" - Host name: test.example.com Principal name: host/test.example@example.com Password: False Keytab: False Managed by: test.example.com # ipa host-remove-managedby test.example.com --hosts=test.example.com Host name: test.example.com Principal name: host/test.example@example.com --- Number of members removed 1 --- # ipa host-find --man-hosts=test.example.com ipa: ERROR: an internal error has occurred The above command should have returned no hosts. # ipa host-find --not-man-hosts=test.example.com ipa: ERROR: an internal error has occurred The above command should have returned all hosts. -- Endi S. Dewata From 94ab8e3446c88f3d28d6f93c73d22665daa2124d Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 8 Dec 2011 17:39:45 +0100 Subject: [PATCH 2/2] Add missing managing hosts filtering options Host object has a virtual attribute "managing" containing all hosts it manages (governed by managedBy attribute). This patch also adds standard membership filtering options: --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host in HOSTS are returned https://fedorahosted.org/freeipa/ticket/1675 --- API.txt |4 ++- VERSION |2 +- ipalib/plugins/baseldap.py| 50 +--- ipalib/plugins/host.py| 41 +++ tests/test_xmlrpc/test_host_plugin.py | 33 + 5 files changed, 105 insertions(+), 25 deletions(-) diff --git a/API.txt b/API.txt index 2937c24f4d6aa53b1028f430a05ef6453544ea7c..65e82d3ec719fbee3099e58a996df552e06a5e94 100644 --- a/API.txt +++ b/API.txt @@ -1696,7 +1696,7 @@ output: Output('summary', (, ), None) output: Output('result', , None) output: Output('value', , None) command: host_find -args: 1,28,4 +args: 1,30,4 arg: Str('criteria?', noextrawhitespace=False) option: Str('fqdn', attribute=True, autofill=False, cli_name='hostname', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9][a-zA-Z0-9-\\.]{0,254}$', pattern_errmsg='may only include letters, numbers, and -', primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) @@ -1726,6 +1726,8 @@ option: Str('enroll_by_user*', cli_name='enroll_by_users', csv=True) option: Str('not_enroll_by_user*', cli_name='not_enroll_by_users', csv=True) option: Str('man_by_host*', cli_name='man_by_hosts', csv=True) option: Str('not_man_by_host*', cli_name='not_man_by_hosts', csv=True) +option: Str('man_host*', cli_name='man_hosts', csv=True) +option: Str('not_man_host*', cli_name='not_man_hosts', csv=True) output: Output('summary', (, ), None) output: ListOfEntries('result', (, ), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) output: Output('count', , None) diff --git a/VERSION b/VERSION index ff245b559f67f80f83119d15a154c30185ad0f55..2afbba27df3864db51223e9c7dfa9b185a466853 100644 --- a/VERSION +++ b/VERSION @@ -79,4 +79,4 @@ IPA_DATA_VERSION=2010061412 # # IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=21 +IPA_API_VERSION_MINOR=22 diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 3d6480458a852ed43547384072def0d9ecca7e9d..f59a0d4106729573cfdbd8bdf2c407619eb051d5 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1595,6 +1595,31 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): for arg in super(crud.Search, self).get_args(): yield arg +def get_member_options(self, attr): +for ldap_obj_name in self.obj.attribute_members[attr]: +ldap_obj = self.api.Object[ldap_obj_name] +relationship = self.obj.relationships.get( +
Re: [Freeipa-devel] [PATCH] 178+179 Add missing managing hosts filtering options
On Fri, 2011-12-09 at 16:04 -0600, Endi Sukma Dewata wrote: > On 12/9/2011 3:21 PM, Endi Sukma Dewata wrote: > > On 12/8/2011 10:45 AM, Martin Kosek wrote: > >> Host object has a virtual attribute "managing" containing all hosts > >> it manages (governed by managedBy attribute). This patch also adds > >> standard membership filtering options: > >> --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned > >> --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host > >> in HOSTS are returned > >> > >> https://fedorahosted.org/freeipa/ticket/1675 > > > > ACK, it works for me. I'll update the UI to use the new option. > > I take that back. It's NACK. > Patch #178 causes the dnszone-find --forward-only to return the reverse > zone. > Good catch, thanks. Fixed. Martin >From 950ee966769f5f3f6906dff01cc94fecf0d50616 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 8 Dec 2011 17:34:26 +0100 Subject: [PATCH 1/2] Fix ldap2 combine_filters for ldap2.MATCH_NONE "!" is a unary LDAP filter operator and cannot be treated in the same way as binary operators ("&", "|"). Otherwise, an invalid LDAP filter is created. https://fedorahosted.org/freeipa/ticket/1675 --- ipaserver/plugins/ldap2.py | 24 ++-- 1 files changed, 10 insertions(+), 14 deletions(-) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 4bfc849d82cd4384afe9bad7b244184265315f7d..4366396fbb1d0842a010f06467cf0244a28d1466 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -575,6 +575,10 @@ class ldap2(CrudBackend, Encoder): """ assert isinstance(filters, (list, tuple)) filters = [f for f in filters if f] +if filters and rules == self.MATCH_NONE: # unary operator +return '(%s%s)' % (self.MATCH_NONE, + self.combine_filters(filters, self.MATCH_ANY)) + if len(filters) > 1: flt = '(%s' % rules else: @@ -603,19 +607,10 @@ class ldap2(CrudBackend, Encoder): False - forbid trailing filter wildcard when exact=False """ if isinstance(value, (list, tuple)): -flts = [] -if rules == self.MATCH_NONE: -for v in value: -flts.append( -self.make_filter_from_attr(attr, v, exact=exact, +make_filter_rules = self.MATCH_ANY if rules == self.MATCH_NONE else rules +flts = [ self.make_filter_from_attr(attr, v, exact=exact, leading_wildcard=leading_wildcard, -trailing_wildcard=trailing_wildcard) -) -return '(!%s)' % self.combine_filters(flts) -for v in value: -flts.append(self.make_filter_from_attr(attr, v, rules, exact, -leading_wildcard=leading_wildcard, -trailing_wildcard=trailing_wildcard)) +trailing_wildcard=trailing_wildcard) for v in value ] return self.combine_filters(flts, rules) elif value is not None: value = _ldap_filter.escape_filter_chars(value) @@ -651,11 +646,12 @@ class ldap2(CrudBackend, Encoder): ldap2.MATCH_ALL - match entries that match all attributes ldap2.MATCH_ANY - match entries that match any of attribute """ +make_filter_rules = self.MATCH_ANY if rules == self.MATCH_NONE else rules flts = [] if attrs_list is None: for (k, v) in entry_attrs.iteritems(): flts.append( -self.make_filter_from_attr(k, v, rules, exact, +self.make_filter_from_attr(k, v, make_filter_rules, exact, leading_wildcard, trailing_wildcard) ) else: @@ -663,7 +659,7 @@ class ldap2(CrudBackend, Encoder): value = entry_attrs.get(a, None) if value is not None: flts.append( -self.make_filter_from_attr(a, value, rules, exact, +self.make_filter_from_attr(a, value, make_filter_rules, exact, leading_wildcard, trailing_wildcard) ) return self.combine_filters(flts, rules) -- 1.7.7.3 >From aa8b849f00c0717b6417939691ab7ec070758ef5 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 8 Dec 2011 17:39:45 +0100 Subject: [PATCH 2/2] Add missing managing hosts filtering options Host object has a virtual attribute "managing" containing all hosts it manages (governed by managedBy attribute). This patch also adds standard membership filtering options: --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host in HOSTS are returned https://fedorahosted.org/freeipa/ticket/1675 --- API.txt
Re: [Freeipa-devel] [PATCH] 178+179 Add missing managing hosts filtering options
On 12/9/2011 3:21 PM, Endi Sukma Dewata wrote: On 12/8/2011 10:45 AM, Martin Kosek wrote: Host object has a virtual attribute "managing" containing all hosts it manages (governed by managedBy attribute). This patch also adds standard membership filtering options: --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host in HOSTS are returned https://fedorahosted.org/freeipa/ticket/1675 ACK, it works for me. I'll update the UI to use the new option. I take that back. It's NACK. Patch #178 causes the dnszone-find --forward-only to return the reverse zone. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 178+179 Add missing managing hosts filtering options
On 12/8/2011 10:45 AM, Martin Kosek wrote: Host object has a virtual attribute "managing" containing all hosts it manages (governed by managedBy attribute). This patch also adds standard membership filtering options: --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host in HOSTS are returned https://fedorahosted.org/freeipa/ticket/1675 ACK, it works for me. I'll update the UI to use the new option. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 178+179 Add missing managing hosts filtering options
Host object has a virtual attribute "managing" containing all hosts it manages (governed by managedBy attribute). This patch also adds standard membership filtering options: --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host in HOSTS are returned https://fedorahosted.org/freeipa/ticket/1675 >From 24606dd627c662a1374b36341e30f513c0e3b6de Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 8 Dec 2011 17:34:26 +0100 Subject: [PATCH 1/2] Fix ldap2 combine_filters for ldap2.MATCH_NONE "!" is a unary LDAP filter operator and cannot be treated in the same way as binary operators ("&", "|"). Otherwise, an invalid LDAP filter is created. https://fedorahosted.org/freeipa/ticket/1675 --- ipaserver/plugins/ldap2.py |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 4bfc849d82cd4384afe9bad7b244184265315f7d..1e41b29f563ac9085319d71f43f1fbdc5ce19889 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -575,6 +575,10 @@ class ldap2(CrudBackend, Encoder): """ assert isinstance(filters, (list, tuple)) filters = [f for f in filters if f] +if filters and rules == self.MATCH_NONE: # unary operator +return '(%s%s)' % (self.MATCH_NONE, + self.combine_filters(filters, self.MATCH_ANY)) + if len(filters) > 1: flt = '(%s' % rules else: -- 1.7.7.3 >From 5f5b0a9c15be92a29622530cb13437bb8153cb58 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 8 Dec 2011 17:39:45 +0100 Subject: [PATCH 2/2] Add missing managing hosts filtering options Host object has a virtual attribute "managing" containing all hosts it manages (governed by managedBy attribute). This patch also adds standard membership filtering options: --man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned --not-man-hosts=HOSTS: Only hosts which do not manage _any_ host in HOSTS are returned https://fedorahosted.org/freeipa/ticket/1675 --- API.txt |4 ++- VERSION |2 +- ipalib/plugins/baseldap.py| 50 +--- ipalib/plugins/host.py| 41 +++ tests/test_xmlrpc/test_host_plugin.py | 33 + 5 files changed, 105 insertions(+), 25 deletions(-) diff --git a/API.txt b/API.txt index ed8b5553d25fbf242d49fbb338401dfd27491091..e8d34c5762202cfcd931c2ccbada6500bc940700 100644 --- a/API.txt +++ b/API.txt @@ -1511,7 +1511,7 @@ output: Output('summary', (, ), None) output: Output('result', , None) output: Output('value', , None) command: host_find -args: 1,28,4 +args: 1,30,4 arg: Str('criteria?', noextrawhitespace=False) option: Str('fqdn', attribute=True, autofill=False, cli_name='hostname', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9][a-zA-Z0-9-\\.]{0,254}$', pattern_errmsg='may only include letters, numbers, and -', primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) @@ -1541,6 +1541,8 @@ option: Str('enroll_by_user*', cli_name='enroll_by_users', csv=True) option: Str('not_enroll_by_user*', cli_name='not_enroll_by_users', csv=True) option: Str('man_by_host*', cli_name='man_by_hosts', csv=True) option: Str('not_man_by_host*', cli_name='not_man_by_hosts', csv=True) +option: Str('man_host*', cli_name='man_hosts', csv=True) +option: Str('not_man_host*', cli_name='not_man_hosts', csv=True) output: Output('summary', (, ), None) output: ListOfEntries('result', (, ), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) output: Output('count', , None) diff --git a/VERSION b/VERSION index 4fbf7a9a0a258d42d9afeea73c2b2d007ed923c7..081643745c47e78e7739f2b1092be762acd14e5f 100644 --- a/VERSION +++ b/VERSION @@ -79,4 +79,4 @@ IPA_DATA_VERSION=2010061412 # # IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=17 +IPA_API_VERSION_MINOR=18 diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 2fdcd2b744e1abc78189a1a81de78189e86f5f92..8bc286e083f76b0f5ed35313b265d208345b6b66 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1577,6 +1577,31 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): for arg in super(crud.Search, self).get_args(): yield arg +def get_member_options(self, attr): +for ldap_obj_name in self.obj.attribute_members[attr]: +ldap_obj = self.api.Object[ldap_obj_name] +relationship = self.obj.relationships.get( +attr, ['member', '', 'no_'] +) +doc = self.member_param_incl_doc % ( +s