First Last Prev Next    This bug is not in your last search results.
Bug 49666 - Fix response of serverctrls in univention.admin.uldap.access.search(response={})
Fix response of serverctrls in univention.admin.uldap.access.search(response={})
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 5.0-2-errata
Assigned To: Florian Best
Peter Stoll
https://git.knut.univention.de/univen...
:
Depends on: 49638
Blocks: 50240
  Show dependency treegraph
 
Reported: 2019-06-17 12:19 CEST by Florian Best
Modified: 2022-12-21 20:23 CET (History)
3 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2019-06-17 12:19:55 CEST 
Since Bug #49638 lookup() supports adding serverctrls.
But univention.admin.uldap.access.search() doesn't evaluate the response parameter. Therefore it's not possible to get the response of the server controls.

Because ldap.ldapobject.ReconnectLDAPObject doesn't overwrites search_ext() to add the reconnect handling, it has been reverted partially.

Draft for a working way would be something like:

def __search(self, *args, **kwargs):
    response = kwargs.pop('response', None)
    if self.reconnect:
        self.lo._apply_method_s(ldap.ldapobject.SimpleLDAPObject.result3, self.lo._apply_method_s(ldap.ldapobject.SimpleLDAPObject.search_ext, *args, **kwargs))
    else:
        rtype, rdata, rmsgid, resp_ctrls = self.lo.result3(self.lo.search_ext(*args, **kwargs))

    if kwargs.get('serverctrls') and isinstance(response, dict):
        response['ctrls'] = resp_ctrls
    return rdata

+++ This bug was initially created as a clone of Bug #49638 +++

The UDM handlers lookup() method should support additional optional parameters to allow passing ldap-controls.
This allows e.g. to use the page control in a lookup() call.
Comment 1 Florian Best univentionstaff 2019-11-26 16:41:35 CET 
Current state is in git:fbest/49666-udm-pagination.
Comment 2 Florian Best univentionstaff 2022-12-15 18:37:05 CET 
Search is now evaluating response controls.
The test case has been re-activated.

I manually tested it also via the UDM REST API:
curl -s -k -H 'Accept: application/json' "https://Administrator:univention@localhost/univention/udm/users/user/?limit=10&page=1&by=username" | python -m json.tool
Note, that this is still marked as experimental feature in UDM REST API OpenAPI schema.

univention-python.yaml
d66f84f7612c | fix(uldap): allow paginated search by evaluating response controls

univention-python (13.0.2-13)
d66f84f7612c | fix(uldap): allow paginated search by evaluating response controls

ucs-test (10.0.7-29)
d66f84f7612c | fix(uldap): allow paginated search by evaluating response controls
Comment 3 Florian Best univentionstaff 2022-12-16 09:58:50 CET 
The test case was failing due to a bug in python-ldap regarding Python 3 compatibility.
I took the upstream changes and patched python-ldap:
Package: python-ldap
Version: 3.1.0-2A~5.0.0.202212160954
Branch: ucs_5.0-0
Scope: errata5.0-2

r19727 | Bug #49666: add 03_fix_sss_control_python3.quilt

python-ldap.yaml
4b8ee58eaaed | chore(python-ldap): update advisory

Traceback (most recent call last):
  File "/usr/share/ucs-test/59_udm/61_test_udm_users.py", line 617, in test_lookup_with_pagination
    sctrl = SSSRequestControl(ordering_rules=['uid:caseIgnoreOrderingMatch'])
  File "/usr/lib/python3/dist-packages/ldap/controls/sss.py", line 60, in __init__
    if isinstance(ordering_rules, basestring):
NameError: name 'basestring' is not defined
Comment 4 Peter Stoll univentionstaff 2022-12-16 10:10:39 CET 
Verified:

* Code review
* Package build
* Successfully executed ucs-test
* Changelog and YAML advisory OK
First Last Prev Next    This bug is not in your last search results.