mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
Changing cert-find to do not use only primary key to search in LDAP.
In service.py the primary key is krbCanonicalName, which we don't want to use to do searchs. Now, cert-find uses primary key or a specified attribute to do searches in LDAP, instead of using only a primary key. https://pagure.io/freeipa/issue/6948 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
parent
e1f8684e85
commit
44bd5e358b
@ -1090,8 +1090,8 @@ class cert(BaseCertObject):
|
|||||||
param = param.clone(flags=param.flags - {'no_search'})
|
param = param.clone(flags=param.flags - {'no_search'})
|
||||||
yield param
|
yield param
|
||||||
|
|
||||||
for owner in self._owners():
|
for owner, search_key in self._owners():
|
||||||
yield owner.primary_key.clone_rename(
|
yield search_key.clone_rename(
|
||||||
'owner_{0}'.format(owner.name),
|
'owner_{0}'.format(owner.name),
|
||||||
required=False,
|
required=False,
|
||||||
multivalue=True,
|
multivalue=True,
|
||||||
@ -1101,15 +1101,22 @@ class cert(BaseCertObject):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _owners(self):
|
def _owners(self):
|
||||||
for name in ('user', 'host', 'service'):
|
for obj_name, search_key in [('user', None),
|
||||||
yield self.api.Object[name]
|
('host', None),
|
||||||
|
('service', 'krbprincipalname')]:
|
||||||
|
obj = self.api.Object[obj_name]
|
||||||
|
if search_key is None:
|
||||||
|
pkey = obj.primary_key
|
||||||
|
else:
|
||||||
|
pkey = obj.params[search_key]
|
||||||
|
yield obj, pkey
|
||||||
|
|
||||||
def _fill_owners(self, obj):
|
def _fill_owners(self, obj):
|
||||||
dns = obj.pop('owner', None)
|
dns = obj.pop('owner', None)
|
||||||
if dns is None:
|
if dns is None:
|
||||||
return
|
return
|
||||||
|
|
||||||
for owner in self._owners():
|
for owner, _search_key in self._owners():
|
||||||
container_dn = DN(owner.container_dn, self.api.env.basedn)
|
container_dn = DN(owner.container_dn, self.api.env.basedn)
|
||||||
name = 'owner_' + owner.name
|
name = 'owner_' + owner.name
|
||||||
for dn in dns:
|
for dn in dns:
|
||||||
@ -1373,8 +1380,8 @@ class cert_find(Search, CertMethod):
|
|||||||
option = option.clone(default=None, autofill=None)
|
option = option.clone(default=None, autofill=None)
|
||||||
yield option
|
yield option
|
||||||
|
|
||||||
for owner in self.obj._owners():
|
for owner, search_key in self.obj._owners():
|
||||||
yield owner.primary_key.clone_rename(
|
yield search_key.clone_rename(
|
||||||
'{0}'.format(owner.name),
|
'{0}'.format(owner.name),
|
||||||
required=False,
|
required=False,
|
||||||
multivalue=True,
|
multivalue=True,
|
||||||
@ -1385,7 +1392,7 @@ class cert_find(Search, CertMethod):
|
|||||||
owner.object_name_plural),
|
owner.object_name_plural),
|
||||||
label=owner.object_name,
|
label=owner.object_name,
|
||||||
)
|
)
|
||||||
yield owner.primary_key.clone_rename(
|
yield search_key.clone_rename(
|
||||||
'no_{0}'.format(owner.name),
|
'no_{0}'.format(owner.name),
|
||||||
required=False,
|
required=False,
|
||||||
multivalue=True,
|
multivalue=True,
|
||||||
@ -1504,7 +1511,7 @@ class cert_find(Search, CertMethod):
|
|||||||
ldap = self.api.Backend.ldap2
|
ldap = self.api.Backend.ldap2
|
||||||
|
|
||||||
filters = []
|
filters = []
|
||||||
for owner in self.obj._owners():
|
for owner, search_key in self.obj._owners():
|
||||||
for prefix, rule in (('', ldap.MATCH_ALL),
|
for prefix, rule in (('', ldap.MATCH_ALL),
|
||||||
('no_', ldap.MATCH_NONE)):
|
('no_', ldap.MATCH_NONE)):
|
||||||
try:
|
try:
|
||||||
@ -1520,7 +1527,7 @@ class cert_find(Search, CertMethod):
|
|||||||
filters.append(filter)
|
filters.append(filter)
|
||||||
|
|
||||||
filter = ldap.make_filter_from_attr(
|
filter = ldap.make_filter_from_attr(
|
||||||
owner.primary_key.name,
|
search_key.name,
|
||||||
value,
|
value,
|
||||||
rule)
|
rule)
|
||||||
filters.append(filter)
|
filters.append(filter)
|
||||||
|
Loading…
Reference in New Issue
Block a user