Re: Groups are not accessible by filter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

@Ludwig
 
Attached the logs .

I have noticed , it happening due to _get_objectclass_filter() method in filter of DSLdapObjects .

Accounts(topo.standalone, DEFAULT_SUFFIX)._objectclasses
['nsAccount', 'nsPerson', 'simpleSecurityObject', 'organization', 'person', 'account', 'organizationalUnit', 'netscapeServer', 'domain', 'posixAccount', 'shadowAccount', 'posixGroup', 'mailRecipient']


but the cn=Accounting Managers,ou=Groups,dc=example,dc=com has objectClass: groupOfUniqueNames .

This may be the problem . You can  not find any error in access logs as naturally it does not have any error , its just empty results .

Regards
Anuj Borah


On Thu, Apr 25, 2019 at 12:39 PM Ludwig <lkrispen@xxxxxxxxxx> wrote:

can you provide the access logs to show what searches were really done


On 04/24/2019 12:23 PM, Anuj Borah wrote:
Hi all,

Please consider bellow condition .

UserAccount(topo.standalone, 'cn=Accounting Managers,ou=groups,dc=example,dc=com').add('uniquemember', [
    'uid=scarter, ou=People, dc=example,dc=com', 'uid=tmorris, ou=People, dc=example,dc=com', 'uid=kvaughan, ou=People, dc=example,dc=com',
    'uid=rdaugherty, ou=People, dc=example,dc=com', 'uid=hmiller, ou=People, dc=example,dc=com'])

UserAccount(topo.standalone, 'cn=HR Managers,ou=groups,dc=example,dc=com').add('uniquemember', [
    'uid=kvaughan, ou=People, dc=example,dc=com', 'uid=cschmith, ou=People, dc=example,dc=com'])

And try to add filter:

With Filter: It fails gives 0 result for those involves Group 'cn=Accounting Managers,ou=groups,dc=example,dc=com' .

for i in ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)', 
          '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)',
          '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)', 
          '(&(objectclass=inetorgperson)(uid=scarter))',
          '(&(objectclass=organizationalperson)(uid=scarter))', 
          '(objectclass=inetorgperson)', 
          '(&(objectclass=organizationalPerson)(sn=Jensen))',
          '(&(mail=*)(objectclass=organizationalPerson))', 
          '(mail=*)', 
          '(&(sn=Rentz)(objectclass=organizationalPerson))',
          '(&(sn=Ward)(sn=Ward))', 
          '(sn=Jensen)', 
          '(sn=*)', 
          '(sn=*utz)']:
    assert Accounts(topo.standalone, DEFAULT_SUFFIX).filter(i)

with search_s(Old Way): I gives correct results .

for i in ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)',
          '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)',
          '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)',
          '(&(objectclass=inetorgperson)(uid=scarter))',
          '(&(objectclass=organizationalperson)(uid=scarter))',
          '(objectclass=inetorgperson)',
          '(&(objectclass=organizationalPerson)(sn=Jensen))',
          '(&(mail=*)(objectclass=organizationalPerson))',
          '(mail=*)',
          '(&(sn=Rentz)(objectclass=organizationalPerson))',
          '(&(sn=Ward)(sn=Ward))',
          '(sn=Jensen)',
          '(sn=*)',
          '(sn=*utz)']:
    assert topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, i)


I have attached the test script too . Test test_various_combinations_of_filters_and_idlistscanlimit

Regards
Anuj Borah





_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx

Attachment: access_with_filter
Description: Binary data

Attachment: access_with_search_s
Description: Binary data

_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux