From d5af6b5e3ee50f97db730a4097c46baf07e09002 Mon Sep 17 00:00:00 2001
From: Felipe Volpone <felipevolpone@gmail.com>
Date: Thu, 1 Jun 2017 16:53:11 -0300
Subject: [PATCH] Changing cert-find to do not use only primary key to search
in LDAP.
In service.py the primary key is krbCanonicalName, which we
don't want to use to do searchs. Now, cert-find uses primary
key or a specified attribute to do searches in LDAP, instead
of using only a primary key.
https://pagure.io/freeipa/issue/6948
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
---
ipaserver/plugins/cert.py | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 68402679cf0320e9c664ea89276f6c4332730a15..bb11713317abad55577b1c280253ab5d6d68c508 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -981,8 +981,8 @@ class cert(BaseCertObject):
param = param.clone(flags=param.flags - {'no_search'})
yield param
- for owner in self._owners():
- yield owner.primary_key.clone_rename(
+ for owner, search_key in self._owners():
+ yield search_key.clone_rename(
'owner_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -992,15 +992,22 @@ class cert(BaseCertObject):
)
def _owners(self):
- for name in ('user', 'host', 'service'):
- yield self.api.Object[name]
+ for obj_name, search_key in [('user', None),
+ ('host', None),
+ ('service', 'krbprincipalname')]:
+ obj = self.api.Object[obj_name]
+ if search_key is None:
+ pkey = obj.primary_key
+ else:
+ pkey = obj.params[search_key]
+ yield obj, pkey
def _fill_owners(self, obj):
dns = obj.pop('owner', None)
if dns is None:
return
- for owner in self._owners():
+ for owner, _search_key in self._owners():
container_dn = DN(owner.container_dn, self.api.env.basedn)
name = 'owner_' + owner.name
for dn in dns:
@@ -1264,8 +1271,8 @@ class cert_find(Search, CertMethod):
option = option.clone(default=None, autofill=None)
yield option
- for owner in self.obj._owners():
- yield owner.primary_key.clone_rename(
+ for owner, search_key in self.obj._owners():
+ yield search_key.clone_rename(
'{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1276,7 +1283,7 @@ class cert_find(Search, CertMethod):
owner.object_name_plural),
label=owner.object_name,
)
- yield owner.primary_key.clone_rename(
+ yield search_key.clone_rename(
'no_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1395,7 +1402,7 @@ class cert_find(Search, CertMethod):
ldap = self.api.Backend.ldap2
filters = []
- for owner in self.obj._owners():
+ for owner, search_key in self.obj._owners():
for prefix, rule in (('', ldap.MATCH_ALL),
('no_', ldap.MATCH_NONE)):
try:
@@ -1411,7 +1418,7 @@ class cert_find(Search, CertMethod):
filters.append(filter)
filter = ldap.make_filter_from_attr(
- owner.primary_key.name,
+ search_key.name,
value,
rule)
filters.append(filter)
--
2.9.4