From 85b98059f91670bd489c35816b2ff901a7820c4f Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Thu, 8 Sep 2016 16:30:33 +0200
Subject: [PATCH] netgroup: avoid extraneous LDAP search when retrieving
 primary key from DN

DNs for netgroup entries can contain either 'cn' or 'ipauniqueid' attribute in
their leaf RDN depending on their origin. Since 'cn' is the primary key, we
can return it in `get_primary_key_from_dn` right away and avoid any extraneous
LDAP search.

https://fedorahosted.org/freeipa/ticket/5855

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
---
 ipaserver/plugins/netgroup.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/ipaserver/plugins/netgroup.py b/ipaserver/plugins/netgroup.py
index f76a0ba3a..11fec0aad 100644
--- a/ipaserver/plugins/netgroup.py
+++ b/ipaserver/plugins/netgroup.py
@@ -237,6 +237,26 @@ class netgroup(LDAPObject):
         external_host_param,
     )
 
+    def get_primary_key_from_dn(self, dn):
+        assert isinstance(dn, DN)
+        if not dn.rdns:
+            return u''
+
+        first_ava = dn.rdns[0][0]
+        if first_ava[0] == self.primary_key.name:
+            return unicode(first_ava[1])
+
+        try:
+            entry_attrs = self.backend.get_entry(
+                dn, [self.primary_key.name]
+            )
+            try:
+                return entry_attrs[self.primary_key.name][0]
+            except (KeyError, IndexError):
+                return u''
+        except errors.NotFound:
+            return unicode(dn)
+
 
 @register()
 class netgroup_add(LDAPCreate):