Univention Bugzilla – Attachment 6931 Details for
Bug 36255
LDAP filter for policies
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
36255.patch (text/plain), 4.59 KB, created by
Florian Best
on 2015-06-01 16:01 CEST
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2015-06-01 16:01 CEST
Size:
4.59 KB
patch
obsolete
>diff --git a/ucs-4.0-2/base/univention-policy/lib/policy.c b/ucs-4.0-2/base/univention-policy/lib/policy.c >index c653f3d..10f1b07 100644 >--- a/ucs-4.0-2/base/univention-policy/lib/policy.c >+++ b/ucs-4.0-2/base/univention-policy/lib/policy.c >@@ -204,7 +204,7 @@ static void univention_policy_cleanup(univention_policy_handle_t* handle) > } > > /* Retrieve policy 'dn' */ >-static void univention_policy_merge(LDAP *ld, const char *dn, univention_policy_handle_t *handle, char **object_classes) >+static void univention_policy_merge(LDAP *ld, const char *dn, univention_policy_handle_t *handle, char **object_classes, const char *objectdn) > { > int rc; > LDAPMessage *res; >@@ -266,6 +266,25 @@ static void univention_policy_merge(LDAP *ld, const char *dn, univention_policy_ > } > ldap_value_free_len(vals); > } >+ >+ if (apply && (vals = ldap_get_values_len(ld, entry, "ldapFilter")) != NULL) { >+ int ldap_filter_rc; >+ for (i = 0; (vals[i] != NULL && vals[i]->bv_val != NULL); i++) { >+ LDAPMessage *ldap_filter_res; >+ char *search_attrs[] = { LDAP_NO_ATTRS, NULL }; >+ ldap_filter_rc = ldap_search_ext_s(ld, objectdn, LDAP_SCOPE_BASE, vals[i]->bv_val, search_attrs, 0, NULL, NULL, &timeout, 0, &ldap_filter_res); >+ if (ldap_filter_rc != LDAP_SUCCESS) { >+ univention_debug(UV_DEBUG_LDAP, UV_DEBUG_ERROR, "search filter '%s' caused error: %s: %s", vals[i]->bv_val, objectdn, ldap_err2string(ldap_filter_rc)); >+ } else { >+ if (!ldap_count_entries(ld, ldap_filter_res)) >+ apply = false; >+ } >+ ldap_msgfree(ldap_filter_res); >+ break; // single-value >+ } >+ ldap_value_free_len(vals); >+ } >+ > if (fixed_attributes == NULL && (vals = ldap_get_values_len(ld, entry, "fixedAttributes")) != NULL) { > i = ldap_count_values_len(vals); > if ((fixed_attributes = calloc(i + 1, sizeof(char *))) == NULL) >@@ -327,6 +346,7 @@ static void univention_policy_merge(LDAP *ld, const char *dn, univention_policy_ > strcmp(attr, "emptyAttributes") && > strcmp(attr, "requiredObjectClasses") && > strcmp(attr, "prohibitedObjectClasses") && >+ strcmp(attr, "ldapFilter") && > strcmp(attr, "univentionObjectType") && > (vals = ldap_get_values_len(ld, entry, attr)) != NULL) { > >@@ -431,7 +451,7 @@ univention_policy_handle_t* univention_policy_open(LDAP* ld, const char *base, c > univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, "found policies for %s", pdn); > for (i = 0; (vals[i] != NULL && vals[i]->bv_val != NULL); i++) { > univention_debug(UV_DEBUG_POLICY, UV_DEBUG_INFO, " policy: %s", vals[i]->bv_val); >- univention_policy_merge(ld, vals[i]->bv_val, handle, object_classes); >+ univention_policy_merge(ld, vals[i]->bv_val, handle, object_classes, dn); > } > ldap_value_free_len(vals); > } >diff --git a/ucs-4.0-2/base/univention-policy/python-lib/policy_result.py b/ucs-4.0-2/base/univention-policy/python-lib/policy_result.py >index 2a7e24e..3b38305 100644 >--- a/ucs-4.0-2/base/univention-policy/python-lib/policy_result.py >+++ b/ucs-4.0-2/base/univention-policy/python-lib/policy_result.py >@@ -38,7 +38,7 @@ def policy_result(dn, binddn="", bindpw=""): > Return a tuple of hash-lists, mapping attributes to a list of values and > mapping attributes to the matching Policy-DN. > >- >>> (results, policies) = policy_result('dc=opendvdi,dc=local' [, binddn=BINDDN, bindpw=BINDPW]) >+ >>> (results, policies) = policy_result('dc=opendvdi,dc=local', [binddn=BINDDN, bindpw=BINDPW]) > >>> policies['univentionDhcpDomainNameServers'] > 'cn=default-settings,cn=dns,cn=dhcp,cn=policies,dc=opendvdi,dc=local' > results['univentionDhcpDomainNameServers'] >diff --git a/ucs-4.0-2/management/univention-ldap/schema/policy.schema b/ucs-4.0-2/management/univention-ldap/schema/policy.schema >index 1485b8e..2d4b14f 100644 >--- a/ucs-4.0-2/management/univention-ldap/schema/policy.schema >+++ b/ucs-4.0-2/management/univention-ldap/schema/policy.schema >@@ -63,11 +63,16 @@ attributetype ( 1.3.6.1.4.1.10176.1000.2.1.4 NAME 'emptyAttributes' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > >+attributetype ( 1.3.6.1.4.1.10176.1000.2.1.5 NAME 'ldapFilter' >+ DESC 'ldap filter string' >+ EQUALITY caseExactMatch >+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) >+ > objectclass ( 1.3.6.1.4.1.10176.1000.2.2.1 NAME 'univentionPolicy' > SUP 'top' STRUCTURAL > DESC 'policy object' > MUST ( cn ) >- MAY ( requiredObjectClasses $ prohibitedObjectClasses $ fixedAttributes $ emptyAttributes)) >+ MAY ( requiredObjectClasses $ prohibitedObjectClasses $ fixedAttributes $ emptyAttributes $ ldapFilter)) > > attributetype ( 1.3.6.1.4.1.10176.1000.2.1.10 NAME 'univentionRegistry' > DESC 'registry entry'
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6931">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 36255
: 6931