Re: Groups are not accessible by filter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/25/2019 05:38 PM, Anuj Borah wrote:
@Ludwig
 
Try running these Two scrips one is with filter and other is with search_s.
I will then also get different results, but you need to clarify what is "correct" and what not, if it is in what is sent to the server or what is done with handling the results

Problem is with search_s i am getting correct result , where with filter wrong result.

Regards
Anuj Borah




On Thu, Apr 25, 2019 at 8:30 PM Ludwig <lkrispen@xxxxxxxxxx> wrote:

what is your problem ? the searches in both access logs produce the same results:


grep nentries /tmp/access_with* | grep tag=101
/tmp/access_with_filter:[25/Apr/2019:08:36:36.560467098 +0000] conn=1 op=148 RESULT err=0 tag=101 nentries=3 etime=0.0000399837
/tmp/access_with_filter:[25/Apr/2019:08:36:36.562926674 +0000] conn=1 op=149 RESULT err=0 tag=101 nentries=9 etime=0.0000452772
/tmp/access_with_filter:[25/Apr/2019:08:36:36.565416724 +0000] conn=1 op=150 RESULT err=0 tag=101 nentries=8 etime=0.0000416033
/tmp/access_with_filter:[25/Apr/2019:08:36:36.567629593 +0000] conn=1 op=151 RESULT err=0 tag=101 nentries=2 etime=0.0000350486
/tmp/access_with_filter:[25/Apr/2019:08:36:36.569782885 +0000] conn=1 op=152 RESULT err=0 tag=101 nentries=4 etime=0.0000350236
/tmp/access_with_filter:[25/Apr/2019:08:36:36.571945045 +0000] conn=1 op=153 RESULT err=0 tag=101 nentries=7 etime=0.0000367961
/tmp/access_with_filter:[25/Apr/2019:08:36:36.577773550 +0000] conn=1 op=154 RESULT err=0 tag=101 nentries=7 etime=0.0004031631
/tmp/access_with_filter:[25/Apr/2019:08:36:36.579866766 +0000] conn=1 op=155 RESULT err=0 tag=101 nentries=3 etime=0.0000274951
/tmp/access_with_filter:[25/Apr/2019:08:36:36.581771337 +0000] conn=1 op=156 RESULT err=0 tag=101 nentries=3 etime=0.0000312338
/tmp/access_with_filter:[25/Apr/2019:08:36:36.583848484 +0000] conn=1 op=157 RESULT err=0 tag=101 nentries=3 etime=0.1999656509
/tmp/access_with_filter:[25/Apr/2019:08:36:36.587570224 +0000] conn=1 op=158 RESULT err=0 tag=101 nentries=121 etime=0.0001897405
/tmp/access_with_filter:[25/Apr/2019:08:36:36.591514384 +0000] conn=1 op=159 RESULT err=0 tag=101 nentries=2 etime=0.0000319819
/tmp/access_with_filter:[25/Apr/2019:08:36:36.593657986 +0000] conn=1 op=160 RESULT err=0 tag=101 nentries=3 etime=0.0000285626
/tmp/access_with_filter:[25/Apr/2019:08:36:36.595880861 +0000] conn=1 op=161 RESULT err=0 tag=101 nentries=4 etime=0.0000356436
/tmp/access_with_filter:[25/Apr/2019:08:36:36.602518935 +0000] conn=1 op=162 RESULT err=0 tag=101 nentries=120 etime=0.0004828401
/tmp/access_with_filter:[25/Apr/2019:08:36:36.611163994 +0000] conn=1 op=163 RESULT err=0 tag=101 nentries=120 etime=0.0004651831
/tmp/access_with_filter:[25/Apr/2019:08:36:36.640014117 +0000] conn=1 op=166 RESULT err=0 tag=101 nentries=2 etime=0.0000711662
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.910324404 +0000] conn=1 op=148 RESULT err=0 tag=101 nentries=3 etime=0.0000351385
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.912317892 +0000] conn=1 op=149 RESULT err=0 tag=101 nentries=9 etime=0.0000358365
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.914679657 +0000] conn=1 op=150 RESULT err=0 tag=101 nentries=8 etime=0.0000430844
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.916847641 +0000] conn=1 op=151 RESULT err=0 tag=101 nentries=2 etime=0.0000332474
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.918878872 +0000] conn=1 op=152 RESULT err=0 tag=101 nentries=4 etime=0.0000341456
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.920965290 +0000] conn=1 op=153 RESULT err=0 tag=101 nentries=7 etime=0.0000374608
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.926723170 +0000] conn=1 op=154 RESULT err=0 tag=101 nentries=7 etime=0.0004056591
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.928637310 +0000] conn=1 op=155 RESULT err=0 tag=101 nentries=3 etime=0.0000299780
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.930719687 +0000] conn=1 op=156 RESULT err=0 tag=101 nentries=3 etime=0.0000296688
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.932751416 +0000] conn=1 op=157 RESULT err=0 tag=101 nentries=3 etime=0.0000318958
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.936312042 +0000] conn=1 op=158 RESULT err=0 tag=101 nentries=121 etime=0.0001861409
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.939996595 +0000] conn=1 op=159 RESULT err=0 tag=101 nentries=2 etime=0.0000340760
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.942122456 +0000] conn=1 op=160 RESULT err=0 tag=101 nentries=3 etime=0.0000309626
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.944215749 +0000] conn=1 op=161 RESULT err=0 tag=101 nentries=4 etime=0.0000340311
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.950446188 +0000] conn=1 op=162 RESULT err=0 tag=101 nentries=120 etime=0.0004499138
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.957921166 +0000] conn=1 op=163 RESULT err=0 tag=101 nentries=120 etime=0.0004453710
/tmp/access_with_search_s:[25/Apr/2019:08:56:30.968401791 +0000] conn=1 op=166 RESULT err=0 tag=101 nentries=2 etime=0.0000215050



On 04/25/2019 10:59 AM, Anuj Borah wrote:
@Ludwig
 
Attached the logs .

I have noticed , it happening due to _get_objectclass_filter() method in filter of DSLdapObjects .

Accounts(topo.standalone, DEFAULT_SUFFIX)._objectclasses
['nsAccount', 'nsPerson', 'simpleSecurityObject', 'organization', 'person', 'account', 'organizationalUnit', 'netscapeServer', 'domain', 'posixAccount', 'shadowAccount', 'posixGroup', 'mailRecipient']


but the cn=Accounting Managers,ou=Groups,dc=example,dc=com has objectClass: groupOfUniqueNames .

This may be the problem . You can  not find any error in access logs as naturally it does not have any error , its just empty results .

Regards
Anuj Borah


On Thu, Apr 25, 2019 at 12:39 PM Ludwig <lkrispen@xxxxxxxxxx> wrote:

can you provide the access logs to show what searches were really done


On 04/24/2019 12:23 PM, Anuj Borah wrote:
Hi all,

Please consider bellow condition .

UserAccount(topo.standalone, 'cn=Accounting Managers,ou=groups,dc=example,dc=com').add('uniquemember', [
    'uid=scarter, ou=People, dc=example,dc=com', 'uid=tmorris, ou=People, dc=example,dc=com', 'uid=kvaughan, ou=People, dc=example,dc=com',
    'uid=rdaugherty, ou=People, dc=example,dc=com', 'uid=hmiller, ou=People, dc=example,dc=com'])

UserAccount(topo.standalone, 'cn=HR Managers,ou=groups,dc=example,dc=com').add('uniquemember', [
    'uid=kvaughan, ou=People, dc=example,dc=com', 'uid=cschmith, ou=People, dc=example,dc=com'])

And try to add filter:

With Filter: It fails gives 0 result for those involves Group 'cn=Accounting Managers,ou=groups,dc=example,dc=com' .

for i in ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)', 
          '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)',
          '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)', 
          '(&(objectclass=inetorgperson)(uid=scarter))',
          '(&(objectclass=organizationalperson)(uid=scarter))', 
          '(objectclass=inetorgperson)', 
          '(&(objectclass=organizationalPerson)(sn=Jensen))',
          '(&(mail=*)(objectclass=organizationalPerson))', 
          '(mail=*)', 
          '(&(sn=Rentz)(objectclass=organizationalPerson))',
          '(&(sn=Ward)(sn=Ward))', 
          '(sn=Jensen)', 
          '(sn=*)', 
          '(sn=*utz)']:
    assert Accounts(topo.standalone, DEFAULT_SUFFIX).filter(i)

with search_s(Old Way): I gives correct results .

for i in ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)',
          '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)',
          '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)',
          '(&(objectclass=inetorgperson)(uid=scarter))',
          '(&(objectclass=organizationalperson)(uid=scarter))',
          '(objectclass=inetorgperson)',
          '(&(objectclass=organizationalPerson)(sn=Jensen))',
          '(&(mail=*)(objectclass=organizationalPerson))',
          '(mail=*)',
          '(&(sn=Rentz)(objectclass=organizationalPerson))',
          '(&(sn=Ward)(sn=Ward))',
          '(sn=Jensen)',
          '(sn=*)',
          '(sn=*utz)']:
    assert topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, i)


I have attached the test script too . Test test_various_combinations_of_filters_and_idlistscanlimit

Regards
Anuj Borah





_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx


_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux