Thank you for the clarification. Same thing was writing in the second mail of this mail chain . I was missing the use case UniqueGroup(…).filter().
What about bellow filters . Can we use filter here also .
topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(& (| (nsRoleDN=cn=new managed role) (sn=Hall)) (l=sunnyvale))', ['cn', 'cn', 'cn'])
topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(& (| (nsRoleDN=cn=new managed role) (sn=Hall)) (l=sunnyvale))', ['*', 'cn'])
topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(& (| (nsRoleDN=cn=new managed role) (sn=Hall)) (l=sunnyvale))', ['*', 'cn'])
And This one .
topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,"testUserAccountControl:1.2.840.113556.1.4.804:=16777216",['attrlist=cn:sn:uid:testUserAccountControl'])
Regards
Anuj Borah
On Mon, Apr 29, 2019 at 7:38 AM William Brown <wbrown@xxxxxxx> wrote:
> On 29 Apr 2019, at 11:53, Anuj Borah <aborah@xxxxxxxxxx> wrote:
>
> @William Brown
>
> The space did not make any difference . Look at bellow result .
>
> (Pdb) i
> '(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)'
> (Pdb) Accounts(topo.standalone, DEFAULT_SUFFIX).filter(i)
^ Because you are using the wrong class.
Filter will wrap your call because you are filtering over the set of Accounts, not “generic searching”. If you want to search a group OfUniqueNames, you need:
UniqueGroup(…).filter().
Have a look at _mapped_object.py in def filter and youll see it does:
def filter(self, search):
# This will yield and & filter for objectClass with as many terms as needed.
search_filter = _gen_and([self._get_objectclass_filter(),search])
IE, your search of “uniqueMember=…” is then inserted such that:
(&(objectClass=groupOfUniqueNames)(uniqueMember=…))
Because you are using Accounts, this is doing:
(&(|(objectClass=nsAccount)(objectClass=person)…) (uniqueMember=…))
Which of course won’t find anything in a group, because Accounts are not Groups.
So in fact, lib389 is doing exactly the right thing here, by saying “no, your search is not safe or sane, so you don’t get any results”. Lib389 is designed to prevent you making mistakes, and so will error or do nothing in the cases where something is wrong, rather than allow a corruption or odd behaviour to occur.
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________ 389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx
