> On 29 Apr 2019, at 11:53, Anuj Borah <aborah@redhat.com> wrote:
>
> @William Brown
>
> The space did not make any difference . Look at bellow result .
>
> (Pdb) i
> '(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)'
> (Pdb) Accounts(topo.standalone, DEFAULT_SUFFIX).filter(i)
^ Because you are using the wrong class.
Filter will wrap your call because you are filtering over the set of Accounts, not "generic searching". If you want to search a group OfUniqueNames, you need:
UniqueGroup(…).filter().
Have a look at _mapped_object.py in def filter and youll see it does:
def filter(self, search):
# This will yield and & filter for objectClass with as many terms as needed.
search_filter = _gen_and([self._get_objectclass_filter(),search])
IE, your search of "uniqueMember=…" is then inserted such that:
(&(objectClass=groupOfUniqueNames)(uniqueMember=…))
Because you are using Accounts, this is doing:
(&(|(objectClass=nsAccount)(objectClass=person)…) (uniqueMember=…))
Which of course won't find anything in a group, because Accounts are not Groups.
So in fact, lib389 is doing exactly the right thing here, by saying "no, your search is not safe or sane, so you don't get any results". Lib389 is designed to prevent you making mistakes, and so will error or do nothing in the cases where something is wrong, rather than allow a corruption or odd behaviour to occur.
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-devel mailing list -- 389-devel@lists.fedoraproject.org
To unsubscribe send an email to 389-devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org
No comments:
Post a Comment