netgroup: avoid extraneous LDAP search when retrieving primary key from DN

DNs for netgroup entries can contain either 'cn' or 'ipauniqueid' attribute in their leaf RDN depending on their origin. Since 'cn' is the primary key, we can return it in `get_primary_key_from_dn` right away and avoid any extraneous LDAP search. https://fedorahosted.org/freeipa/ticket/5855 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-09-08 16:30:33 +02:00 · 2016-09-08 16:30:33 +02:00 · 85b98059f9
commit 85b98059f9
parent 2eeab3acf4
1 changed files with 20 additions and 0 deletions
--- a/ipaserver/plugins/netgroup.py
+++ b/ipaserver/plugins/netgroup.py
@ -237,6 +237,26 @@ class netgroup(LDAPObject):
        external_host_param,
    )

+    def get_primary_key_from_dn(self, dn):
+        assert isinstance(dn, DN)
+        if not dn.rdns:
+            return u''
+
+        first_ava = dn.rdns[0][0]
+        if first_ava[0] == self.primary_key.name:
+            return unicode(first_ava[1])
+
+        try:
+            entry_attrs = self.backend.get_entry(
+                dn, [self.primary_key.name]
+            )
+            try:
+                return entry_attrs[self.primary_key.name][0]
+            except (KeyError, IndexError):
+                return u''
+        except errors.NotFound:
+            return unicode(dn)
+

@register()
 class netgroup_add(LDAPCreate):