diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2018-12-21 08:48:14 -0600 |
---|---|---|
committer | Kelley Spoon <kelley.spoon@linaro.org> | 2018-12-21 16:18:11 -0600 |
commit | 3a06fa8eae18e3fed5d319a6f15877f35ea7c307 (patch) | |
tree | 64719b73f67b670ee3d000b677e024f993f7f677 | |
parent | d057f4708382ff4c9f3073d0cb0d8a96e66e54fb (diff) |
LinaroLdap: add support for a complext LDAP query
This change adds a function similar to do_query() that will allow
the programmer to specify a more complex LDAP query that can
change the scope, basedn, or search filter used for the request.
This is needed as the current do_query() function limits us to
only looking for subtree entries from the basedn on a simple filter
of (<search_attr>=<search_pat>)
Documentation on more complex filters and searches can be found here:
https://www.ibm.com/support/knowledgecenter/en/SSYJ99_8.5.0/admin-system/rbug_ldapfltrxprns.html
Change-Id: Ic1e290a3dfb6b97dda83c4595848490b8d219025
-rw-r--r-- | linaro_ldap.py | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/linaro_ldap.py b/linaro_ldap.py index 2ea5b63..ed8eaef 100644 --- a/linaro_ldap.py +++ b/linaro_ldap.py @@ -37,7 +37,6 @@ def build_config(): config["uri"] = line.split(' ', 1)[1].strip() return config - def validate_key(pubkey): with tempfile.NamedTemporaryFile(delete=True) as f: f.write(pubkey) @@ -49,7 +48,6 @@ def validate_key(pubkey): return False return True - def do_query(search_attr='uid', search_pat='*', attrlist=[]): config = build_config() with ldap_client(config) as client: @@ -60,6 +58,46 @@ def do_query(search_attr='uid', search_pat='*', attrlist=[]): attrlist) return result +def do_complex_query(base = None, search_filter='(uid=*)', \ + attrlist=[], scope=ldap.SCOPE_SUBTREE): + """This allows you to perform more complex LDAP queries by letting + you specify your own LDAP filter, change the basedn for the query, + or change the scope of the query. + + Without any args, this will return the same result as + a call to do_query(). + + Examples: + + search for uid's start with a 'k' but end with an 'n': + do_complex_query(search_filter="(&(uid=k*)(uid=*n))") + + get a list of all groups in Linaro that start with an l: + do_complex_query( + base="ou=groups,dc=linaro,dc=org", + search_filter="(cn=l*)" + ) + + lookup on a specific DN: + do_complex_query( + base="uid=some.person,ou=staff,ou=accounts,dc=linaro,dc=org", + search_filter="(objectClass=*)" + scope=linaro_ldap.ldap.SCOPE_BASE, + attrlist=['displayName'] + ) + """ + config = build_config() + + if base is None: + base = config["basedn"] + + with ldap_client(config) as client: + result = client.search_s( + base, + scope, + search_filter, + attrlist) + return result def get_users_and_keys(only_validated=False): """Gets all the users and their associated SSH key. |