Re: Groups are not accessible by filter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



@William Brown 

Thanks for the tip!

(Pdb) len(topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,"testUserAccountControl:1.2.840.113556.1.4.803:=8388608", ['attrlist=cn:sn:uid:testUserAccountControl']))
6
(Pdb) len(Accounts(topo.standalone, DEFAULT_SUFFIX).filter("(testUserAccountControl:1.2.840.113556.1.4.803:=8388608)"))
6

We cant not mix up ['attrlist=cn:sn:uid:testUserAccountControl'] with filter , like we do with search_s .

(Pdb) len(Accounts(topo.standalone, DEFAULT_SUFFIX).filter("(testUserAccountControl:1.2.840.113556.1.4.803:=8388608)", ['attrlist=cn:sn:uid:testUserAccountControl']))
*** TypeError: filter() takes 2 positional arguments but 3 were given
(Pdb) len(Accounts(topo.standalone, DEFAULT_SUFFIX).filter("(testUserAccountControl:1.2.840.113556.1.4.803:=8388608), ['attrlist=cn:sn:uid:testUserAccountControl']"))
*** ldap.FILTER_ERROR: {'desc': 'Bad search filter', 'errno': 2, 'info': 'No such file or directory'}

Again i have to use "re" module for the same .


Regards
Anuj Borah





On Mon, Apr 29, 2019 at 7:49 AM William Brown <wbrown@xxxxxxx> wrote:


> On 29 Apr 2019, at 12:15, Anuj Borah <aborah@xxxxxxxxxx> wrote:
>
> @William Brown
>
> Thank you for the clarification. Same thing was writing in the second mail of this mail chain . I was missing the use case UniqueGroup(…).filter().
>
> What about bellow filters . Can we use filter here also .
>
> topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(& (| (nsRoleDN=cn=new managed role) (sn=Hall)) (l=sunnyvale))', ['cn', 'cn', 'cn'])
> topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(& (| (nsRoleDN=cn=new managed role) (sn=Hall)) (l=sunnyvale))', ['*', 'cn’]

If you are filtering again accounts that are in a roll, then you would do:

Accounts().filter(conditions) ...



> )
>

> And This one .
>
> topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,"testUserAccountControl:1.2.840.113556.1.4.804:=16777216",['attrlist=cn:sn:uid:testUserAccountControl’]
> )
>

I think you need to think about this problem as “I want to run this filter and I expect to get these specific types back”. You aren’t simply doing a search, you are telling lib389 “find all accounts that match these conditions”.

So if you do the nsRoleDN search against accounts, you’ll get all accounts in that nsroledn. If you do the nsroledn search agains groups, you’ll get all groups that are in that nsroledn.

Perhaps you need to think of it that way, that you are expressing not just the conditions you want to find, but what types of things you expect them to be. If you can answer that question, youll have the answer to “how” to use filter for those searches.


Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs

_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux