[Freeipa-devel] [freeipa PR#688][synchronized] Update get_attr_filter in LDAPSearch to handle nsaccountlock user searches

redhatrises Wed, 05 Apr 2017 05:55:50 -0700

   URL: https://github.com/freeipa/freeipa/pull/688
Author: redhatrises
 Title: #688: Update get_attr_filter in LDAPSearch to handle nsaccountlock user 
searches
Action: synchronized


To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/688/head:pr688
git checkout pr688

From a5a1428a57dc4191a3853ef628fc5978f1bdd7e9 Mon Sep 17 00:00:00 2001
From: Gabe <redhatri...@gmail.com>
Date: Wed, 5 Apr 2017 06:50:38 -0600
Subject: [PATCH] Update get_attr_filter in LDAPSearch to handle nsaccountlock
 user searches

- Update get_attr_filter in LDAPSearch to handle nsaccountlock by setting the default value for
nsaccountlock to false as well as update the filter to check for the default value
---
 API.txt                       |  6 +++---
 VERSION.m4                    |  4 ++--
 ipaserver/plugins/baseldap.py | 11 ++++++++++-
 ipaserver/plugins/user.py     |  1 +
 4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/API.txt b/API.txt
index 7850538..fa7582d 100644
--- a/API.txt
+++ b/API.txt
@@ -5923,7 +5923,7 @@ option: Str('manager?')
 option: Str('mobile*')
 option: Flag('no_members', autofill=True, default=False)
 option: Flag('noprivate', autofill=True, cli_name='noprivate', default=False)
-option: Bool('nsaccountlock?', cli_name='disabled')
+option: Bool('nsaccountlock?', cli_name='disabled', default=False)
 option: Str('ou?', cli_name='orgunit')
 option: Str('pager*')
 option: Str('postalcode?')
@@ -6052,7 +6052,7 @@ option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules')
 option: Str('not_in_netgroup*', cli_name='not_in_netgroups')
 option: Str('not_in_role*', cli_name='not_in_roles')
 option: Str('not_in_sudorule*', cli_name='not_in_sudorules')
-option: Bool('nsaccountlock?', autofill=False, cli_name='disabled')
+option: Bool('nsaccountlock?', autofill=False, cli_name='disabled', default=False)
 option: Str('ou?', autofill=False, cli_name='orgunit')
 option: Str('pager*', autofill=False)
 option: Flag('pkey_only?', autofill=True, default=False)
@@ -6109,7 +6109,7 @@ option: Str('mail*', autofill=False, cli_name='email')
 option: Str('manager?', autofill=False)
 option: Str('mobile*', autofill=False)
 option: Flag('no_members', autofill=True, default=False)
-option: Bool('nsaccountlock?', autofill=False, cli_name='disabled')
+option: Bool('nsaccountlock?', autofill=False, cli_name='disabled', default=False)
 option: Str('ou?', autofill=False, cli_name='orgunit')
 option: Str('pager*', autofill=False)
 option: Str('postalcode?', autofill=False)
diff --git a/VERSION.m4 b/VERSION.m4
index 6ec56c5..87dec0e 100644
--- a/VERSION.m4
+++ b/VERSION.m4
@@ -73,8 +73,8 @@ define(IPA_DATA_VERSION, 20100614120000)
 #                                                      #
 ########################################################
 define(IPA_API_VERSION_MAJOR, 2)
-define(IPA_API_VERSION_MINOR, 225)
-# Last change: Add --password-expiration option to force password change
+define(IPA_API_VERSION_MINOR, 226)
+# Last change: Set default value for nsaccountlock to False
 
 
 ########################################################
diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py
index dbe3cbd..35ad96f 100644
--- a/ipaserver/plugins/baseldap.py
+++ b/ipaserver/plugins/baseldap.py
@@ -1937,7 +1937,16 @@ def get_attr_filter(self, ldap, **options):
         """
         search_kw = self.args_options_2_entry(**options)
         search_kw['objectclass'] = self.obj.object_class
-        return ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
+
+        filters = []
+        for name, value in search_kw.items():
+            default = self.get_default_of(name, **options)
+            fltr = ldap.make_filter_from_attr(name, value, ldap.MATCH_ALL)
+            if default is not None and value == default:
+                fltr = ldap.combine_filters([fltr, '(!({}=*))'.format(name)])
+            filters.append(fltr)
+
+        return ldap.combine_filters(filters, rules=ldap.MATCH_ALL)
 
     def get_term_filter(self, ldap, term):
         """
diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py
index 9eab521..948a198 100644
--- a/ipaserver/plugins/user.py
+++ b/ipaserver/plugins/user.py
@@ -380,6 +380,7 @@ class user(baseuser):
     takes_params = baseuser.takes_params + (
         Bool('nsaccountlock?',
             cli_name=('disabled'),
+            default=False,
             label=_('Account disabled'),
         ),
         Bool('preserved?',

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#688][synchronized] Update get_attr_filter in LDAPSearch to handle nsaccountlock user searches

Reply via email to