mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Changing cert-find to do not use only primary key to search in LDAP.
In service.py the primary key is krbCanonicalName, which we don't want to use to do searchs. Now, cert-find uses primary key or a specified attribute to do searches in LDAP, instead of using only a primary key. https://pagure.io/freeipa/issue/6948 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
parent
e1f8684e85
commit
44bd5e358b
@ -1090,8 +1090,8 @@ class cert(BaseCertObject):
|
||||
param = param.clone(flags=param.flags - {'no_search'})
|
||||
yield param
|
||||
|
||||
for owner in self._owners():
|
||||
yield owner.primary_key.clone_rename(
|
||||
for owner, search_key in self._owners():
|
||||
yield search_key.clone_rename(
|
||||
'owner_{0}'.format(owner.name),
|
||||
required=False,
|
||||
multivalue=True,
|
||||
@ -1101,15 +1101,22 @@ class cert(BaseCertObject):
|
||||
)
|
||||
|
||||
def _owners(self):
|
||||
for name in ('user', 'host', 'service'):
|
||||
yield self.api.Object[name]
|
||||
for obj_name, search_key in [('user', None),
|
||||
('host', None),
|
||||
('service', 'krbprincipalname')]:
|
||||
obj = self.api.Object[obj_name]
|
||||
if search_key is None:
|
||||
pkey = obj.primary_key
|
||||
else:
|
||||
pkey = obj.params[search_key]
|
||||
yield obj, pkey
|
||||
|
||||
def _fill_owners(self, obj):
|
||||
dns = obj.pop('owner', None)
|
||||
if dns is None:
|
||||
return
|
||||
|
||||
for owner in self._owners():
|
||||
for owner, _search_key in self._owners():
|
||||
container_dn = DN(owner.container_dn, self.api.env.basedn)
|
||||
name = 'owner_' + owner.name
|
||||
for dn in dns:
|
||||
@ -1373,8 +1380,8 @@ class cert_find(Search, CertMethod):
|
||||
option = option.clone(default=None, autofill=None)
|
||||
yield option
|
||||
|
||||
for owner in self.obj._owners():
|
||||
yield owner.primary_key.clone_rename(
|
||||
for owner, search_key in self.obj._owners():
|
||||
yield search_key.clone_rename(
|
||||
'{0}'.format(owner.name),
|
||||
required=False,
|
||||
multivalue=True,
|
||||
@ -1385,7 +1392,7 @@ class cert_find(Search, CertMethod):
|
||||
owner.object_name_plural),
|
||||
label=owner.object_name,
|
||||
)
|
||||
yield owner.primary_key.clone_rename(
|
||||
yield search_key.clone_rename(
|
||||
'no_{0}'.format(owner.name),
|
||||
required=False,
|
||||
multivalue=True,
|
||||
@ -1504,7 +1511,7 @@ class cert_find(Search, CertMethod):
|
||||
ldap = self.api.Backend.ldap2
|
||||
|
||||
filters = []
|
||||
for owner in self.obj._owners():
|
||||
for owner, search_key in self.obj._owners():
|
||||
for prefix, rule in (('', ldap.MATCH_ALL),
|
||||
('no_', ldap.MATCH_NONE)):
|
||||
try:
|
||||
@ -1520,7 +1527,7 @@ class cert_find(Search, CertMethod):
|
||||
filters.append(filter)
|
||||
|
||||
filter = ldap.make_filter_from_attr(
|
||||
owner.primary_key.name,
|
||||
search_key.name,
|
||||
value,
|
||||
rule)
|
||||
filters.append(filter)
|
||||
|
Loading…
Reference in New Issue
Block a user