Use the search fields from the configuration when searching

Generalize the attribute -> objectclass search helper
2025-02-25 18:55:28 -06:00 · 2008-10-16 15:00:30 -04:00
parent 5748fce84c
commit f777f72de6
4 changed files with 51 additions and 19 deletions
--- a/ipa_server/plugins/b_ldap.py
+++ b/ipa_server/plugins/b_ldap.py
@@ -58,20 +58,30 @@ class ldap(CrudBackend):
            self.api.env.basedn,
        )

+    def get_object_type(self, attribute):
+        """
+        Based on attribute, make an educated guess as to the type of
+        object we're looking for.
+        """
+        object_type = None
+        if attribute == "uid": # User
+            object_type = "person"
+        elif attribute == "cn": # Group
+            object_type = "posixGroup"
+        elif attribute == "krbprincipal": # Service
+            object_type = "krbPrincipal"
+
+        return object_type
+
    def find_entry_dn(self, key_attribute, primary_key, object_type=None):
        """
        Find an existing entry's dn from an attribute
        """
        key_attribute = key_attribute.lower()
        if not object_type:
-            if key_attribute == "uid": # User
-                filter = "posixAccount"
-            elif key_attribute == "cn": # Group
-                object_type = "posixGroup"
-            elif key_attribute == "krbprincipal": # Service
-                object_type = "krbPrincipal"
-            else:
-                return None
+            object_type = self.get_object_type(key_attribute)
+        if not object_type:
+            return None

        filter = "(&(%s=%s)(objectclass=%s))" % (
            key_attribute,
@@ -83,7 +93,7 @@ class ldap(CrudBackend):

        entry = servercore.get_sub_entry(search_base, filter, ['dn', 'objectclass'])

-        return entry['dn']
+        return entry.get('dn')

    def get_ipa_config(self):
        """Return a dictionary of the IPA configuration"""
--- a/ipa_server/servercore.py
+++ b/ipa_server/servercore.py
@@ -178,7 +178,7 @@ def get_user_by_uid(uid, sattrs):
    """Get a specific user's entry."""
    # FIXME: should accept a container to look in
 #    uid = self.__safe_filter(uid)
-    searchfilter = "(&(uid=%s)(objectclass=posixAccount))" % uid
+    searchfilter = "(&(uid=%s)(objectclass=person))" % uid

    return get_sub_entry("cn=accounts," + basedn, searchfilter, sattrs)

--- a/ipalib/plugins/f_group.py
+++ b/ipalib/plugins/f_group.py
@@ -155,9 +155,20 @@ api.register(group_mod)

 class group_find(crud.Find):
    'Search the groups.'
-    def execute(self, cn, **kw):
+    def execute(self, term, **kw):
        ldap = self.api.Backend.ldap
-        kw['cn'] = cn
+
+        # Pull the list of searchable attributes out of the configuration.
+        config = ldap.get_ipa_config()
+        search_fields_conf_str = config.get('ipagroupsearchfields')
+        search_fields = search_fields_conf_str.split(",")
+
+        for s in search_fields:
+            kw[s] = term
+
+        object_type = ldap.get_object_type("cn")
+        if object_type and not kw.get('objectclass'):
+            kw['objectclass'] = ldap.get_object_type("cn")
        return ldap.search(**kw)

    def output_for_cli(self, groups):
--- a/ipalib/plugins/f_user.py
+++ b/ipalib/plugins/f_user.py
@@ -186,7 +186,7 @@ class user_del(crud.Del):
 #        logging.info("IPA: delete_user '%s'" % uid)

        ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
        return ldap.delete(dn)
    def output_for_cli(self, ret):
        """
@@ -215,7 +215,7 @@ class user_mod(crud.Mod):
        assert 'uid' not in kw
        assert 'dn' not in kw
        ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
        return ldap.update(dn, **kw)

    def output_for_cli(self, ret):
@@ -230,9 +230,20 @@ api.register(user_mod)

 class user_find(crud.Find):
    'Search the users.'
-    def execute(self, uid, **kw):
+    def execute(self, term, **kw):
        ldap = self.api.Backend.ldap
-        kw['uid'] = uid
+
+        # Pull the list of searchable attributes out of the configuration.
+        config = ldap.get_ipa_config()
+        search_fields_conf_str = config.get('ipausersearchfields')
+        search_fields = search_fields_conf_str.split(",")
+
+        for s in search_fields:
+            kw[s] = term
+
+        object_type = ldap.get_object_type("uid")
+        if object_type and not kw.get('objectclass'):
+            kw['objectclass'] = ldap.get_object_type("uid")
        return ldap.search(**kw)
    def output_for_cli(self, users):
        if not users:
@@ -267,7 +278,7 @@ class user_show(crud.Get):
        :param kw: Not used.
        """
        ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
        # FIXME: should kw contain the list of attributes to display?
        return ldap.retrieve(dn)

@@ -280,7 +291,7 @@ class user_lock(frontend.Command):
    )
    def execute(self, uid, **kw):
        ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
        return ldap.mark_entry_inactive(dn)
    def output_for_cli(self, ret):
        if ret:
@@ -294,7 +305,7 @@ class user_unlock(frontend.Command):
    )
    def execute(self, uid, **kw):
        ldap = self.api.Backend.ldap
-        dn = ldap.find_entry_dn("uid", uid, "posixAccount")
+        dn = ldap.find_entry_dn("uid", uid)
        return ldap.mark_entry_active(dn)
    def output_for_cli(self, ret):
        if ret: