diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index 702ae0101..24be17458 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -815,8 +815,9 @@ class aci_find(crud.Search): found = False if 'target' in a.target: target = a.target['target']['expression'] - if api.env.container_group in target: - targetdn = DN(target.replace('ldap:///','')) + targetdn = DN(target.replace('ldap:///','')) + group_container_dn = DN(api.env.container_group, api.env.basedn) + if targetdn.endswith(group_container_dn): try: cn = targetdn[0]['cn'] except (IndexError, KeyError): diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index 4fe1eef47..4a81f9746 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -697,6 +697,29 @@ class test_permission(Declarative): ), + dict( + desc='Search using --targetgroup', + command=('permission_find', [], {'targetgroup': u'ipausers'}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': DN(('cn','Add user to default group'), + api.env.container_permission, api.env.basedn), + 'cn': [u'Add user to default group'], + 'member_privilege': [u'User Administrators'], + 'attrs': [u'member'], + 'targetgroup': u'ipausers', + 'memberindirect_role': [u'User Administrator'], + 'permissions': [u'write'] + } + ], + ), + ), + + dict( desc='Delete %r' % permission1_renamed_ucase, command=('permission_del', [permission1_renamed_ucase], {}),