ldap: having to repeat the base dn everytime we call search() is boring and inconsistent with other methods, let's use relative dns instead

2024-09-03 20:06:10 +02:00 · 2022-01-11 17:10:07 +01:00 · 2022-01-11 17:10:07 +01:00 · ea6500ebfd
commit ea6500ebfd
parent a118a5a132
6 changed files with 17 additions and 15 deletions
--- a/src/domain.py
+++ b/src/domain.py
@ -69,7 +69,7 @@ def domain_list(exclude_subdomains=False):
    result = [
        entry["virtualdomain"][0]
        for entry in ldap.search(
-            "ou=domains,dc=yunohost,dc=org", "virtualdomain=*", ["virtualdomain"]
+            "ou=domains", "virtualdomain=*", ["virtualdomain"]
        )
    ]

--- a/src/permission.py
+++ b/src/permission.py
@ -58,7 +58,7 @@ def user_permission_list(

    ldap = _get_ldap_interface()
    permissions_infos = ldap.search(
-        "ou=permission,dc=yunohost,dc=org",
+        "ou=permission",
        "(objectclass=permissionYnh)",
        [
            "cn",
@ -408,7 +408,7 @@ def permission_create(

    # Validate uniqueness of permission in LDAP
    if ldap.get_conflict(
-        {"cn": permission}, base_dn="ou=permission,dc=yunohost,dc=org"
+        {"cn": permission}, base_dn="ou=permission"
    ):
        raise YunohostValidationError("permission_already_exist", permission=permission)

--- a/src/ssh.py
+++ b/src/ssh.py
@ -172,7 +172,7 @@ def _get_user_for_ssh(username, attrs=None):

    ldap = _get_ldap_interface()
    user = ldap.search(
-        "ou=users,dc=yunohost,dc=org",
+        "ou=users",
        "(&(objectclass=person)(uid=%s))" % username,
        attrs,
    )
--- a/src/tests/test_permission.py
+++ b/src/tests/test_permission.py
@ -236,17 +236,17 @@ def check_LDAP_db_integrity():
    ldap = _get_ldap_interface()

    user_search = ldap.search(
-        "ou=users,dc=yunohost,dc=org",
+        "ou=users",
        "(&(objectclass=person)(!(uid=root))(!(uid=nobody)))",
        ["uid", "memberOf", "permission"],
    )
    group_search = ldap.search(
-        "ou=groups,dc=yunohost,dc=org",
+        "ou=groups",
        "(objectclass=groupOfNamesYnh)",
        ["cn", "member", "memberUid", "permission"],
    )
    permission_search = ldap.search(
-        "ou=permission,dc=yunohost,dc=org",
+        "ou=permission",
        "(objectclass=permissionYnh)",
        ["cn", "groupPermission", "inheritPermission", "memberUid"],
    )
--- a/src/user.py
+++ b/src/user.py
@ -111,7 +111,7 @@ def user_list(fields=None):

    ldap = _get_ldap_interface()
    result = ldap.search(
-        "ou=users,dc=yunohost,dc=org",
+        "ou=users",
        "(&(objectclass=person)(!(uid=root))(!(uid=nobody)))",
        attrs,
    )
@ -233,7 +233,7 @@ def user_create(
    }

    # If it is the first user, add some aliases
-    if not ldap.search(base="ou=users,dc=yunohost,dc=org", filter="uid=*"):
+    if not ldap.search(base="ou=users", filter="uid=*"):
        attr_dict["mail"] = [attr_dict["mail"]] + aliases

    try:
@ -377,7 +377,7 @@ def user_update(
    ldap = _get_ldap_interface()
    attrs_to_fetch = ["givenName", "sn", "mail", "maildrop"]
    result = ldap.search(
-        base="ou=users,dc=yunohost,dc=org",
+        base="ou=users",
        filter="uid=" + username,
        attrs=attrs_to_fetch,
    )
@ -538,7 +538,7 @@ def user_info(username):
    else:
        filter = "uid=" + username

-    result = ldap.search("ou=users,dc=yunohost,dc=org", filter, user_attrs)
+    result = ldap.search("ou=users", filter, user_attrs)

    if result:
        user = result[0]
@ -938,7 +938,7 @@ def user_group_list(short=False, full=False, include_primary_groups=True):

    ldap = _get_ldap_interface()
    groups_infos = ldap.search(
-        "ou=groups,dc=yunohost,dc=org",
+        "ou=groups",
        "(objectclass=groupOfNamesYnh)",
        ["cn", "member", "permission"],
    )
@ -989,7 +989,7 @@ def user_group_create(

    # Validate uniqueness of groupname in LDAP
    conflict = ldap.get_conflict(
-        {"cn": groupname}, base_dn="ou=groups,dc=yunohost,dc=org"
+        {"cn": groupname}, base_dn="ou=groups"
    )
    if conflict:
        raise YunohostValidationError("group_already_exist", group=groupname)
@ -1204,7 +1204,7 @@ def user_group_info(groupname):

    # Fetch info for this group
    result = ldap.search(
-        "ou=groups,dc=yunohost,dc=org",
+        "ou=groups",
        "cn=" + groupname,
        ["cn", "member", "permission"],
    )
--- a/src/utils/ldap.py
+++ b/src/utils/ldap.py
@ -140,6 +140,8 @@ class LDAPInterface:
        """
        if not base:
            base = self.basedn
+        else:
+            base = base + "," + self.basedn

        try:
            result = self.con.search_s(base, ldap.SCOPE_SUBTREE, filter, attrs)
@ -241,7 +243,7 @@ class LDAPInterface:

        """
        dn = rdn + "," + self.basedn
-        actual_entry = self.search(base=dn, attrs=None)
+        actual_entry = self.search(rdn, attrs=None)
        ldif = modlist.modifyModlist(actual_entry[0], attr_dict, ignore_oldexistent=1)

        if ldif == []: