Re: Groups are not accessible by filter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok, I will check.

Thanks

On Tue, May 7, 2019 at 8:21 AM William Brown <wbrown@xxxxxxx> wrote:

> On 7 May 2019, at 11:31, Anuj Borah <aborah@xxxxxxxxxx> wrote:
>
> @William Brown

> Actually my concern was as bellow:
>
> topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, F4, ['cn', 'cn', 'cn'])
> >>[dn: uid=bhall,ou=People,dc=example,dc=com
> cn: Benjamin Hall
>
> ]
>
> Question:  Can we use these filter directly in filter module. --->>   like Accounts().filter(F4, ['cn', 'cn', 'cn'])
>
> As this works :   
> (Pdb) Accounts(topo.standalone, DEFAULT_SUFFIX).filter(F4)
> [<lib389.idm.account.Account object at 0x7f6373376e10>]
>
> But this does not work:
> (Pdb) Accounts(topo.standalone, DEFAULT_SUFFIX).filter((&(F4)(['cn', 'cn', 'cn'])))
> *** SyntaxError: invalid syntax

^ it says invalid syntax because your F4, (...) is not vaild. You should rethink this part of the statement ...

>
>
> And these filter as bellow.
>
> topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, F10, ['mailquota', 'nsRoleDN'])
> >> [dn: uid=mtyler,ou=People,dc=example,dc=com
> mailquota: 600
> nsRoleDN: cn=new managed role,ou=People,dc=example,dc=com
>
> ]
>
> Question these filter also: ---->>>>  Accounts(...).filter(F10, ['mailquota', 'nsRoleDN'])

As above.

Try doing:

next_filter = F4, (...)
Account(...).filter(next_filter).

Is that valid? Why? Why not? What do you need to do to make it valid?

>
> Regards
> Anuj Borah
>
> On Tue, May 7, 2019 at 5:22 AM William Brown <wbrown@xxxxxxx> wrote:
> You are missing a key part of the question again: "Is there any chance we can use these filters TO GET lib389 objects of the type X".
>
> So for example:
>
> > On 3 May 2019, at 17:12, Anuj Borah <aborah@xxxxxxxxxx> wrote:
> >
> > @William Brown
> >
> > Are there any chance we can use these filter with filter module directly .
> >
> > F1 = "(sn=Hall)"
>
> If you do:
>
> Groups(...).filter("sn=hall")
>
> No because it doesn't make sense for a group to match this.
>
> If you did:
>
> Person(...).filter("sn=hall")
>
> Yes! it would work.
>
> > F2 = "(nsRoleDN=cn=new managed role)"
>
> Groups(...).filter(nsRoleDn=...)
>
> Again, doesn't make sense. But:
>
> Accounts(...).filter(nsRoleDn=...)
>
> Would make sense, to show all Accounts that are part of the role.
>
> > F3 = "(l=sunnyvale)"
>
> Here, l= would make sense on things like:
>
> OrganisationUnits().filter("l=...")
> Person("l=...")
>
> > F4 = "(& (| {} {}) {})".format(F2, F1, F3)
> > F10 = "(& {} {})".format(F6, F9)
>
> Provdide the type you WANT would satisfy these conditions, yes.
>
> But you would be better to do:
>
> F4 = (&(cond)(cond)(cond))
>
> Rather than str sub. Alternately, use gen_filter.
>
>
>
> So again - you are missing a key element of the question, which is "is this filter suitable to get objects of the type I need to work with". Lib389 doesn't think like "just search and get generic things" it thinks as "search and get strongly typed objects".
>
> >
> > topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, F4, ['cn', 'cn', 'cn'])
> > >>[dn: uid=bhall,ou=People,dc=example,dc=com
> > cn: Benjamin Hall
> >
> > ]
> >
> > topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, F10, ['mailquota', 'nsRoleDN'])
> > >> [dn: uid=mtyler,ou=People,dc=example,dc=com
> > mailquota: 600
> > nsRoleDN: cn=new managed role,ou=People,dc=example,dc=com
> >
> > ]
> >
> > Regards
> > Anuj Borah
> >
> > On Mon, Apr 29, 2019 at 12:29 PM Anuj Borah <aborah@xxxxxxxxxx> wrote:
> > Yes, it is.
> >
> > On Mon, Apr 29, 2019 at 11:17 AM William Brown <wbrown@xxxxxxx> wrote:
> >
> >
> > > On 29 Apr 2019, at 15:00, Anuj Borah <aborah@xxxxxxxxxx> wrote:
> > >
> > > @William Brown
> > >
> > > Sorry my bad , syntax was wrong .
> > >
> > > (Pdb) len(Accounts(topo.standalone, DEFAULT_SUFFIX).filter("(testUserAccountControl:1.2.840.113556.1.4.803:=8388608, ['attrlist=cn:sn:uid:testUserAccountControl'])"))
> > > 6
> > >
> > > Thanks .
> > >
> > >
> > > On Mon, Apr 29, 2019 at 10:26 AM Anuj Borah <aborah@xxxxxxxxxx> wrote:
> > > @William Brown
> > >
> > > This is the filter :    "testUserAccountControl:1.2.840.113556.1.4.803:=8388608", ['attrlist=cn:sn:uid:testUserAccountControl']
> > >
> > > len(topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,"testUserAccountControl:1.2.840.113556.1.4.803:=8388608", ['attrlist=cn:sn:uid:testUserAccountControl'])) --- Thid one works .
> > > > 6
> > >
> > > But the full filter does not fit with filter module .
> > >
> > > > (Pdb) len(Accounts(topo.standalone, DEFAULT_SUFFIX).filter("(testUserAccountControl:1.2.840.113556.1.4.803:=8388608)", ['attrlist=cn:sn:uid:testUserAccountControl']))
> > > > *** TypeError: filter() takes 2 positional arguments but 3 were given
> > > > (Pdb) len(Accounts(topo.standalone, DEFAULT_SUFFIX).filter("(testUserAccountControl:1.2.840.113556.1.4.803:=8388608), ['attrlist=cn:sn:uid:testUserAccountControl']"))
> > > > *** ldap.FILTER_ERROR: {'desc': 'Bad search filter', 'errno': 2, 'info': 'No such file or directory'}
> > >
> > >
> > > Regards
> > > Anuj Borah
> > >
> >
> > That filter string seems really … uhh, interesting. You are testing:
> >
> > (testUserAccountControl:1.2.840.113556.1.4.803:=8388608, ['attrlist=cn:sn:uid:testUserAccountControl’])
> >
> > Is that really a valid filter?
> >
> >
> > —
> > Sincerely,
> >
> > William Brown
> >
> > Senior Software Engineer, 389 Directory Server
> > SUSE Labs
> >
>
> —
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, 389 Directory Server
> SUSE Labs
> _______________________________________________
> 389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx


Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs

_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux