@Ludwig <lkris...@redhat.com> Attached the logs .
I have noticed , it happening due to _get_objectclass_filter() method in filter of DSLdapObjects . Accounts(topo.standalone, DEFAULT_SUFFIX)._objectclasses ['nsAccount', 'nsPerson', 'simpleSecurityObject', 'organization', 'person', 'account', 'organizationalUnit', 'netscapeServer', 'domain', 'posixAccount', 'shadowAccount', 'posixGroup', 'mailRecipient'] but the cn=Accounting Managers,ou=Groups,dc=example,dc=com has objectClass: groupOfUniqueNames . This may be the problem . You can not find any error in access logs as naturally it does not have any error , its just empty results . Regards Anuj Borah On Thu, Apr 25, 2019 at 12:39 PM Ludwig <lkris...@redhat.com> wrote: > can you provide the access logs to show what searches were really done > > On 04/24/2019 12:23 PM, Anuj Borah wrote: > > Hi all, > > Please consider bellow condition . > > UserAccount(topo.standalone, 'cn=Accounting > Managers,ou=groups,dc=example,dc=com').add('uniquemember', [ > 'uid=scarter, ou=People, dc=example,dc=com', 'uid=tmorris, ou=People, > dc=example,dc=com', 'uid=kvaughan, ou=People, dc=example,dc=com', > 'uid=rdaugherty, ou=People, dc=example,dc=com', 'uid=hmiller, ou=People, > dc=example,dc=com']) > > UserAccount(topo.standalone, 'cn=HR > Managers,ou=groups,dc=example,dc=com').add('uniquemember', [ > 'uid=kvaughan, ou=People, dc=example,dc=com', 'uid=cschmith, ou=People, > dc=example,dc=com']) > > > And try to add filter: > > With Filter: It fails gives 0 result for those involves Group > 'cn=Accounting Managers,ou=groups,dc=example,dc=com' . > > for i in ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)', > '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)', > '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)', > '(&(objectclass=inetorgperson)(uid=scarter))', > '(&(objectclass=organizationalperson)(uid=scarter))', > '(objectclass=inetorgperson)', > '(&(objectclass=organizationalPerson)(sn=Jensen))', > '(&(mail=*)(objectclass=organizationalPerson))', '(mail=*)', > '(&(sn=Rentz)(objectclass=organizationalPerson))', > '(&(sn=Ward)(sn=Ward))', '(sn=Jensen)', '(sn=*)', > '(sn=*utz)']: > assert Accounts(topo.standalone, DEFAULT_SUFFIX).filter(i) > > > with search_s(Old Way): I gives correct results . > > for i in ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)', > '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)', > '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)', > '(&(objectclass=inetorgperson)(uid=scarter))', > '(&(objectclass=organizationalperson)(uid=scarter))', > '(objectclass=inetorgperson)', > '(&(objectclass=organizationalPerson)(sn=Jensen))', > '(&(mail=*)(objectclass=organizationalPerson))', '(mail=*)', > '(&(sn=Rentz)(objectclass=organizationalPerson))', > '(&(sn=Ward)(sn=Ward))', '(sn=Jensen)', '(sn=*)', > '(sn=*utz)']: > assert topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, i) > > > > I have attached the test script too . Test > test_various_combinations_of_filters_and_idlistscanlimit > > Regards > Anuj Borah > > > > > > _______________________________________________ > 389-devel mailing list -- 389-devel@lists.fedoraproject.org > To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org > > > _______________________________________________ > 389-devel mailing list -- 389-devel@lists.fedoraproject.org > To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org >
access_with_filter
Description: Binary data
access_with_search_s
Description: Binary data
_______________________________________________ 389-devel mailing list -- 389-devel@lists.fedoraproject.org To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org