Use the search fields from the configuration when searching

Generalize the attribute -> objectclass search helper

ipa_server/plugins/b_ldap.py

@@ -58,19 +58,29 @@ class ldap(CrudBackend):
             self.api.env.basedn,
         )
 
+    def get_object_type(self, attribute):
+        """
+        Based on attribute, make an educated guess as to the type of
+        object we're looking for.
+        """
+        object_type = None
+        if attribute == "uid": # User
+            object_type = "person"
+        elif attribute == "cn": # Group
+            object_type = "posixGroup"
+        elif attribute == "krbprincipal": # Service
+            object_type = "krbPrincipal"
+
+        return object_type
+
     def find_entry_dn(self, key_attribute, primary_key, object_type=None):
         """
         Find an existing entry's dn from an attribute
         """
         key_attribute = key_attribute.lower()
         if not object_type:
-            if key_attribute == "uid": # User
-                filter = "posixAccount"
-            elif key_attribute == "cn": # Group
-                object_type = "posixGroup"
-            elif key_attribute == "krbprincipal": # Service
-                object_type = "krbPrincipal"
-            else:
+            object_type = self.get_object_type(key_attribute)
+        if not object_type:
             return None
 
         filter = "(&(%s=%s)(objectclass=%s))" % (
@@ -83,7 +93,7 @@ class ldap(CrudBackend):
 
         entry = servercore.get_sub_entry(search_base, filter, ['dn', 'objectclass'])
 
-        return entry['dn']
+        return entry.get('dn')
 
     def get_ipa_config(self):
         """Return a dictionary of the IPA configuration"""

ipa_server/servercore.py

@@ -178,7 +178,7 @@ def get_user_by_uid(uid, sattrs):
     """Get a specific user's entry."""
     # FIXME: should accept a container to look in
 #    uid = self.__safe_filter(uid)
-    searchfilter = "(&(uid=%s)(objectclass=posixAccount))" % uid
+    searchfilter = "(&(uid=%s)(objectclass=person))" % uid
 
     return get_sub_entry("cn=accounts," + basedn, searchfilter, sattrs)
 

ipalib/plugins/f_group.py

@@ -155,9 +155,20 @@ api.register(group_mod)
 
 class group_find(crud.Find):
     'Search the groups.'
-    def execute(self, cn, **kw):
+    def execute(self, term, **kw):
         ldap = self.api.Backend.ldap
-        kw['cn'] = cn
+
+        # Pull the list of searchable attributes out of the configuration.
+        config = ldap.get_ipa_config()
+        search_fields_conf_str = config.get('ipagroupsearchfields')
+        search_fields = search_fields_conf_str.split(",")
+
+        for s in search_fields:
+            kw[s] = term
+
+        object_type = ldap.get_object_type("cn")
+        if object_type and not kw.get('objectclass'):
+            kw['objectclass'] = ldap.get_object_type("cn")
         return ldap.search(**kw)
 
     def output_for_cli(self, groups):

ipalib/plugins/f_user.py

@@ -186,7 +186,7 @@ class user_del(crud.Del):
 #        logging.info("IPA: delete_user '%s'" % uid)
 
         ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
         return ldap.delete(dn)
     def output_for_cli(self, ret):
         """
@@ -215,7 +215,7 @@ class user_mod(crud.Mod):
         assert 'uid' not in kw
         assert 'dn' not in kw
         ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
         return ldap.update(dn, **kw)
 
     def output_for_cli(self, ret):
@@ -230,9 +230,20 @@ api.register(user_mod)
 
 class user_find(crud.Find):
     'Search the users.'
-    def execute(self, uid, **kw):
+    def execute(self, term, **kw):
         ldap = self.api.Backend.ldap
-        kw['uid'] = uid
+
+        # Pull the list of searchable attributes out of the configuration.
+        config = ldap.get_ipa_config()
+        search_fields_conf_str = config.get('ipausersearchfields')
+        search_fields = search_fields_conf_str.split(",")
+
+        for s in search_fields:
+            kw[s] = term
+
+        object_type = ldap.get_object_type("uid")
+        if object_type and not kw.get('objectclass'):
+            kw['objectclass'] = ldap.get_object_type("uid")
         return ldap.search(**kw)
     def output_for_cli(self, users):
         if not users:
@@ -267,7 +278,7 @@ class user_show(crud.Get):
         :param kw: Not used.
         """
         ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
         # FIXME: should kw contain the list of attributes to display?
         return ldap.retrieve(dn)
 
@@ -280,7 +291,7 @@ class user_lock(frontend.Command):
     )
     def execute(self, uid, **kw):
         ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
         return ldap.mark_entry_inactive(dn)
     def output_for_cli(self, ret):
         if ret:
@@ -294,7 +305,7 @@ class user_unlock(frontend.Command):
     )
     def execute(self, uid, **kw):
         ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
         return ldap.mark_entry_active(dn)
     def output_for_cli(self, ret):
         if ret: