Changing cert-find to do not use only primary key to search in LDAP.

In service.py the primary key is krbCanonicalName, which we
don't want to use to do searchs. Now, cert-find uses primary
key or a specified attribute to do searches in LDAP, instead
of using only a primary key.

https://pagure.io/freeipa/issue/6948

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
Felipe Volpone 2017-06-01 16:53:11 -03:00 committed by Martin Basti
parent e1f8684e85
commit 44bd5e358b

View File

@ -1090,8 +1090,8 @@ class cert(BaseCertObject):
param = param.clone(flags=param.flags - {'no_search'})
yield param
for owner in self._owners():
yield owner.primary_key.clone_rename(
for owner, search_key in self._owners():
yield search_key.clone_rename(
'owner_{0}'.format(owner.name),
required=False,
multivalue=True,
@ -1101,15 +1101,22 @@ class cert(BaseCertObject):
)
def _owners(self):
for name in ('user', 'host', 'service'):
yield self.api.Object[name]
for obj_name, search_key in [('user', None),
('host', None),
('service', 'krbprincipalname')]:
obj = self.api.Object[obj_name]
if search_key is None:
pkey = obj.primary_key
else:
pkey = obj.params[search_key]
yield obj, pkey
def _fill_owners(self, obj):
dns = obj.pop('owner', None)
if dns is None:
return
for owner in self._owners():
for owner, _search_key in self._owners():
container_dn = DN(owner.container_dn, self.api.env.basedn)
name = 'owner_' + owner.name
for dn in dns:
@ -1373,8 +1380,8 @@ class cert_find(Search, CertMethod):
option = option.clone(default=None, autofill=None)
yield option
for owner in self.obj._owners():
yield owner.primary_key.clone_rename(
for owner, search_key in self.obj._owners():
yield search_key.clone_rename(
'{0}'.format(owner.name),
required=False,
multivalue=True,
@ -1385,7 +1392,7 @@ class cert_find(Search, CertMethod):
owner.object_name_plural),
label=owner.object_name,
)
yield owner.primary_key.clone_rename(
yield search_key.clone_rename(
'no_{0}'.format(owner.name),
required=False,
multivalue=True,
@ -1504,7 +1511,7 @@ class cert_find(Search, CertMethod):
ldap = self.api.Backend.ldap2
filters = []
for owner in self.obj._owners():
for owner, search_key in self.obj._owners():
for prefix, rule in (('', ldap.MATCH_ALL),
('no_', ldap.MATCH_NONE)):
try:
@ -1520,7 +1527,7 @@ class cert_find(Search, CertMethod):
filters.append(filter)
filter = ldap.make_filter_from_attr(
owner.primary_key.name,
search_key.name,
value,
rule)
filters.append(filter)