Univention Bugzilla – Bug 54159
UDM REST API filter value for 'disabled' does not correspond to the resource value
Last modified: 2022-03-07 19:55:04 CET
In the UDM REST API the values for the "disabled" property of the users/user resource are JSON booleans: "true" and "false". The filter values must however be "1" or "0". Searching with "?filter=disabled=true" or "?filter=disabled=false" does not return user objects. Expected behavior is that the values presented in the JSON response can be used as values for searches.
For Bug 54126 we are implementing a workaround for this (using disabled=1/0 instead of disabled=true/false).
Maybe a quick fix directly in UDM: diff --git management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index 396ffde291..7c47952412 100644 --- management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -2304,9 +2304,9 @@ class object(univention.admin.handlers.simpleLdap): filter.variable = u'memberOf' elif filter.variable == u'disabled': # substring match for userPassword is not possible - if filter.value == u'1': + if filter.value in (u'1', u'true'): filter.transform_to_conjunction(univention.admin.filter.parse(u'(&(shadowExpire=1)(krb5KDCFlags:1.2.840.113556.1.4.803:=128)(|(sambaAcctFlags=[UD ])(sambaAcctFlags=[ULD ])))')) - elif filter.value == u'0': + elif filter.value in (u'0', u'false'): filter.transform_to_conjunction(univention.admin.filter.parse(u'(&(!(shadowExpire=1))(!(krb5KDCFlags:1.2.840.113556.1.4.803:=128))(!(|(sambaAcctFlags=[UD ])(sambaAcctFlags=[ULD ]))))')) elif filter.value == u'none': filter.transform_to_conjunction(univention.admin.filter.parse(u'(&(!(shadowExpire=1))(!(krb5KDCFlags:1.2.840.113556.1.4.803:=128))(!(|(sambaAcctFlags=[UD ])(sambaAcctFlags=[ULD ]))))'))
Works(In reply to Florian Best from comment #2) > Maybe a quick fix directly in UDM: Works in a quick test.
Some notes on this: 1. ?filter=… is a pure LDAP (UDM) filter. There is nothing which rewrites this - except for the possibility of handlers. Therefore this has nothing to do with the UDM REST API - it's just UDM interna. 2. there is "?property=…&value=… " which causes a valid LDAP/UDM filter to be created. There the UDM REST API's job would of course be to transform the value of properties into valid LDAP/UDM filters (property='disabled', value=true) → 'disabled=1'. The syntax class boolean (which is used by disabled) has a method "sanitize_property_search_value" to do this (True → '1'): 1184 class boolean(simple): 1234 » @classmethod 1235 » def get_object_property_filter(cls, object_property, object_property_value): 1236 » » not_set_filter = '(!(%s=*))' % object_property 1237 » » compare_filter = '%s=%s' % (object_property, object_property_value) 1238 » » if object_property_value == '0': 1239 » » » return '(|(%s)%s)' % (compare_filter, not_set_filter) 1240 » » elif object_property_value == '1': 1241 » » » return compare_filter 1242 » » else: 1243 » » » return '' 1244 1245 » @classmethod 1246 » def sanitize_property_search_value(cls, search_value): 1247 » » return '1' if search_value is True else '0'