Fedora Info: [389-devel] Re: Groups are not accessible by filter

can you provide the access logs to show what searches were really done

On 04/24/2019 12:23 PM, Anuj Borah wrote:

Hi all,

Please consider bellow condition .

UserAccount(topo.standalone, 'cn=Accounting Managers,ou=groups,dc=example,dc=com').add('uniquemember', [      'uid=scarter, ou=People, dc=example,dc=com', 'uid=tmorris, ou=People, dc=example,dc=com', 'uid=kvaughan, ou=People, dc=example,dc=com',      'uid=rdaugherty, ou=People, dc=example,dc=com', 'uid=hmiller, ou=People, dc=example,dc=com'])    UserAccount(topo.standalone, 'cn=HR Managers,ou=groups,dc=example,dc=com').add('uniquemember', [      'uid=kvaughan, ou=People, dc=example,dc=com', 'uid=cschmith, ou=People, dc=example,dc=com'])

And try to add filter:

With Filter: It fails gives 0 result for those involves Group 'cn=Accounting Managers,ou=groups,dc=example,dc=com' .

for i in ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)',             '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)',            '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)',             '(&(objectclass=inetorgperson)(uid=scarter))',            '(&(objectclass=organizationalperson)(uid=scarter))',             '(objectclass=inetorgperson)',             '(&(objectclass=organizationalPerson)(sn=Jensen))',            '(&(mail=*)(objectclass=organizationalPerson))',             '(mail=*)',             '(&(sn=Rentz)(objectclass=organizationalPerson))',            '(&(sn=Ward)(sn=Ward))',             '(sn=Jensen)',             '(sn=*)',             '(sn=*utz)']:      assert Accounts(topo.standalone, DEFAULT_SUFFIX).filter(i)

with search_s(Old Way): I gives correct results .

for i in ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)',            '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)',            '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)',            '(&(objectclass=inetorgperson)(uid=scarter))',            '(&(objectclass=organizationalperson)(uid=scarter))',            '(objectclass=inetorgperson)',            '(&(objectclass=organizationalPerson)(sn=Jensen))',            '(&(mail=*)(objectclass=organizationalPerson))',            '(mail=*)',            '(&(sn=Rentz)(objectclass=organizationalPerson))',            '(&(sn=Ward)(sn=Ward))',            '(sn=Jensen)',            '(sn=*)',            '(sn=*utz)']:      assert topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, i)

I have attached the test script too . Test test_various_combinations_of_filters_and_idlistscanlimit

Regards

Anuj Borah

_______________________________________________  389-devel mailing list -- 389-devel@lists.fedoraproject.org  To unsubscribe send an email to 389-devel-leave@lists.fedoraproject.org  Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html  List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines  List Archives: https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org

Fedora Info

Thursday, April 25, 2019

[389-devel] Re: Groups are not accessible by filter

No comments:

Post a Comment