Univention Bugzilla – Bug 49666
Fix response of serverctrls in univention.admin.uldap.access.search(response={})
Last modified: 2022-12-21 20:23:35 CET
Since Bug #49638 lookup() supports adding serverctrls. But univention.admin.uldap.access.search() doesn't evaluate the response parameter. Therefore it's not possible to get the response of the server controls. Because ldap.ldapobject.ReconnectLDAPObject doesn't overwrites search_ext() to add the reconnect handling, it has been reverted partially. Draft for a working way would be something like: def __search(self, *args, **kwargs): response = kwargs.pop('response', None) if self.reconnect: self.lo._apply_method_s(ldap.ldapobject.SimpleLDAPObject.result3, self.lo._apply_method_s(ldap.ldapobject.SimpleLDAPObject.search_ext, *args, **kwargs)) else: rtype, rdata, rmsgid, resp_ctrls = self.lo.result3(self.lo.search_ext(*args, **kwargs)) if kwargs.get('serverctrls') and isinstance(response, dict): response['ctrls'] = resp_ctrls return rdata +++ This bug was initially created as a clone of Bug #49638 +++ The UDM handlers lookup() method should support additional optional parameters to allow passing ldap-controls. This allows e.g. to use the page control in a lookup() call.
Current state is in git:fbest/49666-udm-pagination.
Search is now evaluating response controls. The test case has been re-activated. I manually tested it also via the UDM REST API: curl -s -k -H 'Accept: application/json' "https://Administrator:univention@localhost/univention/udm/users/user/?limit=10&page=1&by=username" | python -m json.tool Note, that this is still marked as experimental feature in UDM REST API OpenAPI schema. univention-python.yaml d66f84f7612c | fix(uldap): allow paginated search by evaluating response controls univention-python (13.0.2-13) d66f84f7612c | fix(uldap): allow paginated search by evaluating response controls ucs-test (10.0.7-29) d66f84f7612c | fix(uldap): allow paginated search by evaluating response controls
The test case was failing due to a bug in python-ldap regarding Python 3 compatibility. I took the upstream changes and patched python-ldap: Package: python-ldap Version: 3.1.0-2A~5.0.0.202212160954 Branch: ucs_5.0-0 Scope: errata5.0-2 r19727 | Bug #49666: add 03_fix_sss_control_python3.quilt python-ldap.yaml 4b8ee58eaaed | chore(python-ldap): update advisory Traceback (most recent call last): File "/usr/share/ucs-test/59_udm/61_test_udm_users.py", line 617, in test_lookup_with_pagination sctrl = SSSRequestControl(ordering_rules=['uid:caseIgnoreOrderingMatch']) File "/usr/lib/python3/dist-packages/ldap/controls/sss.py", line 60, in __init__ if isinstance(ordering_rules, basestring): NameError: name 'basestring' is not defined
Verified: * Code review * Package build * Successfully executed ucs-test * Changelog and YAML advisory OK
<https://errata.software-univention.de/#/?erratum=5.0x519> <https://errata.software-univention.de/#/?erratum=5.0x520>