Issue 3656 - Extend schema function to return MAY or MUST attrs

Add new paramters to get_allowed_attributes() to return just MAY or MUST
attributes

Related: https://pagure.io/freeipa/issue/3656

Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Mark Reynolds 2023-11-10 09:47:44 -05:00 committed by Florence Blanc-Renaud
parent 7ee2d7d359
commit 5c8614157d

View File

@ -1185,14 +1185,23 @@ class LDAPClient:
"""schema associated with this LDAP server"""
return self._get_schema()
def get_allowed_attributes(self, objectclasses, raise_on_unknown=False):
def get_allowed_attributes(self, objectclasses, raise_on_unknown=False,
attributes="all"):
if self.schema is None:
return None
allowed_attributes = []
for oc in objectclasses:
obj = self.schema.get_obj(ldap.schema.ObjectClass, oc)
if obj is not None:
allowed_attributes += obj.must + obj.may
if attributes == "must":
# Only return required(must) attrs
allowed_attributes += obj.must
elif attributes == "may":
# Only return allowed(may) attrs
allowed_attributes += obj.may
else:
# Return both allowed & required attrs
allowed_attributes += obj.must + obj.may
elif raise_on_unknown:
raise errors.NotFound(
reason=_('objectclass %s not found') % oc)
@ -1201,7 +1210,6 @@ class LDAPClient:
def __enter__(self):
return self
def __exit__(self, exc_type, exc_value, traceback):
self.close()