idviews: Change format of IPA anchor to include domain

The old format of the IPA anchor, :IPA:<object_uuid> does not contain for the actual domain of the object. Once IPA-IPA trusts are introduced, we will need this information to be kept to be able to resolve the anchor. Change the IPA anchor format to :IPA:<domain>:<object_uuid> Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-09-11 13:08:06 +02:00
parent c6d50c456f
commit 961790e20a
1 changed files with 14 additions and 2 deletions
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -419,7 +419,13 @@ class baseidoverride(LDAPObject):
        try:
            entry = self.backend.get_entry(api.Object[obj_type].get_dn(obj),
                                           attrs_list=['ipaUniqueID'])
-            return IPA_ANCHOR_PREFIX + entry.single_value.get('ipaUniqueID')
+
+            # The domain prefix, this will need to be reworked once we
+            # introduce IPA-IPA trusts
+            domain = api.env.domain
+            uuid = entry.single_value.get('ipaUniqueID')
+
+            return "%s%s:%s" % (IPA_ANCHOR_PREFIX, domain, uuid)
        except errors.NotFound:
            pass

@@ -428,6 +434,9 @@ class baseidoverride(LDAPObject):
            domain_validator = ipaserver.dcerpc.DomainValidator(api)
            if domain_validator.is_configured():
                sid = domain_validator.get_trusted_domain_object_sid(obj)
+
+                # There is no domain prefix since SID contains information
+                # about the domain
                return SID_ANCHOR_PREFIX + sid

    def resolve_anchor_to_object_name(self, anchor):
@@ -435,7 +444,10 @@ class baseidoverride(LDAPObject):

            # Prepare search parameters
            accounts_dn = DN(api.env.container_accounts, api.env.basedn)
-            uuid = anchor.split(IPA_ANCHOR_PREFIX)[1].strip()
+
+            # Anchor of the form :IPA:<domain>:<uuid>
+            # Strip the IPA prefix and the domain prefix
+            uuid = anchor.rpartition(':')[-1].strip()

            objectclass, name_attr = (
                ('posixaccount', 'uid')