Filter groups by type (POSIX, non-POSIX, external)

Added flag for each groups type: --posix, --nonposix, --external to group-find command. Group types: * non-POSIX: not posix, not external * POSIX: with objectclass posixgroup * external: with objectclass ipaexternalgroup https://fedorahosted.org/freeipa/ticket/3483
2025-02-25 18:55:28 -06:00 · 2013-03-11 12:37:29 +01:00
parent 3f053437c9
commit e64db8cbc2
5 changed files with 151 additions and 3 deletions
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -328,10 +328,35 @@ class group_find(LDAPSearch):
            cli_name='private',
            doc=_('search for private groups'),
        ),
+        Flag('posix',
+             cli_name='posix',
+             doc=_('search for POSIX groups'),
+        ),
+        Flag('external',
+             cli_name='external',
+             doc=_('search for groups with support of external non-IPA members from trusted domains'),
+        ),
+        Flag('nonposix',
+             cli_name='nonposix',
+             doc=_('search for non-POSIX groups'),
+        ),
    )

    def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *args, **options):
        assert isinstance(base_dn, DN)
+
+        # filter groups by pseudo type
+        filters = []
+        if options['posix']:
+            search_kw = {'objectclass': ['posixGroup']}
+            filters.append(ldap.make_filter(search_kw, rules=ldap.MATCH_ALL))
+        if options['external']:
+            search_kw = {'objectclass': ['ipaExternalGroup']}
+            filters.append(ldap.make_filter(search_kw, rules=ldap.MATCH_ALL))
+        if options['nonposix']:
+            search_kw = {'objectclass': ['posixGroup' , 'ipaExternalGroup']}
+            filters.append(ldap.make_filter(search_kw, rules=ldap.MATCH_NONE))
+
        # if looking for private groups, we need to create a new search filter,
        # because private groups have different object classes
        if options['private']:
@@ -351,6 +376,9 @@ class group_find(LDAPSearch):
            cflt = ldap.make_filter(search_kw, exact=False)

            filter = ldap.combine_filters((oflt, cflt), rules=ldap.MATCH_ALL)
+        elif filters:
+            filters.append(filter)
+            filter = ldap.combine_filters(filters, rules=ldap.MATCH_ALL)
        return (filter, base_dn, scope)

 api.register(group_find)