[Freeipa-devel] [freeipa PR#688][opened] Update get_attr_filter in LDAPSearch to handle nsaccountlock user searches

Mon, 03 Apr 2017 12:14:12 -0700 

   URL: https://github.com/freeipa/freeipa/pull/688
Author: redhatrises
 Title: #688: Update get_attr_filter in LDAPSearch to handle nsaccountlock user 
searches
Action: opened

PR body:
"""
- Update get_attr_filter in LDAPSearch to handle nsaccountlock by setting 
nsaccountlock=True if
`ipa user-find --disabled=False` is entered in the command line and then search 
for any case where nsaccountlock != True. This handles the case where 
nsaccountlock may not exist as an attribute or is False.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/688/head:pr688
git checkout pr688

From 183eba492b22ecfb7698935d7d13463c0ee20569 Mon Sep 17 00:00:00 2001
From: Gabe <redhatri...@gmail.com>
Date: Mon, 3 Apr 2017 13:02:17 -0600
Subject: [PATCH] Update get_attr_filter in LDAPSearch to handle nsaccountlock
 user searches

- Update get_attr_filter in LDAPSearch to handle nsaccountlock by setting
nsaccountlock=True if `ipa user-find --disabled=False` is entered in the command line
and then search for any case where nsaccountlock != True. This handles the case where
nsaccountlock may not exist as an attribute or is False.
---
 ipaserver/plugins/baseldap.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py
index dbe3cbd..08c0f9e 100644
--- a/ipaserver/plugins/baseldap.py
+++ b/ipaserver/plugins/baseldap.py
@@ -1937,7 +1937,23 @@ def get_attr_filter(self, ldap, **options):
         """
         search_kw = self.args_options_2_entry(**options)
         search_kw['objectclass'] = self.obj.object_class
-        return ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
+        default_kw = self.get_default(**options)
+
+        filters = []
+        for name, value in search_kw.items():
+            if name == 'nsaccountlock' and value == False:
+                # If nsaccountlock is False, set the value to True and
+                # search for nsaccountlock != True. This way we can search
+                # for any users where nsaccountlock=False or nsaccountlock=None.
+                value = True
+                fltr = ldap.make_filter_from_attr(name, value, ldap.MATCH_NONE)
+            else:
+                fltr = ldap.make_filter_from_attr(name, value, ldap.MATCH_ALL)
+            if name in default_kw and value == default_kw[name]:
+                fltr = ldap.combine_filters([fltr, '(!({}=*))'.format(name)])
+            filters.append(fltr)
+
+        return ldap.combine_filters(filters, rules=ldap.MATCH_ALL)
 
     def get_term_filter(self, ldap, term):
         """

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to