On 04/25/2019 05:38 PM, Anuj Borah wrote:
I will then also get different results, but you need to clarify what is "correct" and what not, if it is in what is sent to the server or what is done with handling the results@Ludwig <mailto:lkris...@redhat.com>Try running these Two scrips one is with filter and other is with search_s.
Problem is with search_s i am getting correct result , where with filter wrong result.Regards Anuj BorahOn Thu, Apr 25, 2019 at 8:30 PM Ludwig <lkris...@redhat.com <mailto:lkris...@redhat.com>> wrote:what is your problem ? the searches in both access logs produce the same results: grep nentries /tmp/access_with* | grep tag=101 /tmp/access_with_filter:[25/Apr/2019:08:36:36.560467098 +0000] conn=1 op=148 RESULT err=0 tag=101 nentries=3 etime=0.0000399837 /tmp/access_with_filter:[25/Apr/2019:08:36:36.562926674 +0000] conn=1 op=149 RESULT err=0 tag=101 nentries=9 etime=0.0000452772 /tmp/access_with_filter:[25/Apr/2019:08:36:36.565416724 +0000] conn=1 op=150 RESULT err=0 tag=101 nentries=8 etime=0.0000416033 /tmp/access_with_filter:[25/Apr/2019:08:36:36.567629593 +0000] conn=1 op=151 RESULT err=0 tag=101 nentries=2 etime=0.0000350486 /tmp/access_with_filter:[25/Apr/2019:08:36:36.569782885 +0000] conn=1 op=152 RESULT err=0 tag=101 nentries=4 etime=0.0000350236 /tmp/access_with_filter:[25/Apr/2019:08:36:36.571945045 +0000] conn=1 op=153 RESULT err=0 tag=101 nentries=7 etime=0.0000367961 /tmp/access_with_filter:[25/Apr/2019:08:36:36.577773550 +0000] conn=1 op=154 RESULT err=0 tag=101 nentries=7 etime=0.0004031631 /tmp/access_with_filter:[25/Apr/2019:08:36:36.579866766 +0000] conn=1 op=155 RESULT err=0 tag=101 nentries=3 etime=0.0000274951 /tmp/access_with_filter:[25/Apr/2019:08:36:36.581771337 +0000] conn=1 op=156 RESULT err=0 tag=101 nentries=3 etime=0.0000312338 /tmp/access_with_filter:[25/Apr/2019:08:36:36.583848484 +0000] conn=1 op=157 RESULT err=0 tag=101 nentries=3 etime=0.1999656509 /tmp/access_with_filter:[25/Apr/2019:08:36:36.587570224 +0000] conn=1 op=158 RESULT err=0 tag=101 nentries=121 etime=0.0001897405 /tmp/access_with_filter:[25/Apr/2019:08:36:36.591514384 +0000] conn=1 op=159 RESULT err=0 tag=101 nentries=2 etime=0.0000319819 /tmp/access_with_filter:[25/Apr/2019:08:36:36.593657986 +0000] conn=1 op=160 RESULT err=0 tag=101 nentries=3 etime=0.0000285626 /tmp/access_with_filter:[25/Apr/2019:08:36:36.595880861 +0000] conn=1 op=161 RESULT err=0 tag=101 nentries=4 etime=0.0000356436 /tmp/access_with_filter:[25/Apr/2019:08:36:36.602518935 +0000] conn=1 op=162 RESULT err=0 tag=101 nentries=120 etime=0.0004828401 /tmp/access_with_filter:[25/Apr/2019:08:36:36.611163994 +0000] conn=1 op=163 RESULT err=0 tag=101 nentries=120 etime=0.0004651831 /tmp/access_with_filter:[25/Apr/2019:08:36:36.640014117 +0000] conn=1 op=166 RESULT err=0 tag=101 nentries=2 etime=0.0000711662 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.910324404 +0000] conn=1 op=148 RESULT err=0 tag=101 nentries=3 etime=0.0000351385 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.912317892 +0000] conn=1 op=149 RESULT err=0 tag=101 nentries=9 etime=0.0000358365 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.914679657 +0000] conn=1 op=150 RESULT err=0 tag=101 nentries=8 etime=0.0000430844 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.916847641 +0000] conn=1 op=151 RESULT err=0 tag=101 nentries=2 etime=0.0000332474 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.918878872 +0000] conn=1 op=152 RESULT err=0 tag=101 nentries=4 etime=0.0000341456 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.920965290 +0000] conn=1 op=153 RESULT err=0 tag=101 nentries=7 etime=0.0000374608 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.926723170 +0000] conn=1 op=154 RESULT err=0 tag=101 nentries=7 etime=0.0004056591 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.928637310 +0000] conn=1 op=155 RESULT err=0 tag=101 nentries=3 etime=0.0000299780 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.930719687 +0000] conn=1 op=156 RESULT err=0 tag=101 nentries=3 etime=0.0000296688 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.932751416 +0000] conn=1 op=157 RESULT err=0 tag=101 nentries=3 etime=0.0000318958 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.936312042 +0000] conn=1 op=158 RESULT err=0 tag=101 nentries=121 etime=0.0001861409 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.939996595 +0000] conn=1 op=159 RESULT err=0 tag=101 nentries=2 etime=0.0000340760 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.942122456 +0000] conn=1 op=160 RESULT err=0 tag=101 nentries=3 etime=0.0000309626 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.944215749 +0000] conn=1 op=161 RESULT err=0 tag=101 nentries=4 etime=0.0000340311 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.950446188 +0000] conn=1 op=162 RESULT err=0 tag=101 nentries=120 etime=0.0004499138 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.957921166 +0000] conn=1 op=163 RESULT err=0 tag=101 nentries=120 etime=0.0004453710 /tmp/access_with_search_s:[25/Apr/2019:08:56:30.968401791 +0000] conn=1 op=166 RESULT err=0 tag=101 nentries=2 etime=0.0000215050 On 04/25/2019 10:59 AM, Anuj Borah wrote:@Ludwig <mailto:lkris...@redhat.com> Attached the logs . I have noticed , it happening due to _get_objectclass_filter() method in filter of DSLdapObjects . Accounts(topo.standalone, DEFAULT_SUFFIX)._objectclasses ['nsAccount', 'nsPerson', 'simpleSecurityObject', 'organization', 'person', 'account', 'organizationalUnit', 'netscapeServer', 'domain', 'posixAccount', 'shadowAccount', 'posixGroup', 'mailRecipient'] but the cn=Accounting Managers,ou=Groups,dc=example,dc=com has objectClass: groupOfUniqueNames . This may be the problem . You canĀ not find any error in access logs as naturally it does not have any error , its just empty results . Regards Anuj Borah On Thu, Apr 25, 2019 at 12:39 PM Ludwig <lkris...@redhat.com <mailto:lkris...@redhat.com>> wrote: can you provide the access logs to show what searches were really done On 04/24/2019 12:23 PM, Anuj Borah wrote:Hi all, Please consider bellow condition . UserAccount(topo.standalone, 'cn=Accounting Managers,ou=groups,dc=example,dc=com').add('uniquemember', [ 'uid=scarter, ou=People, dc=example,dc=com', 'uid=tmorris, ou=People, dc=example,dc=com', 'uid=kvaughan, ou=People, dc=example,dc=com', 'uid=rdaugherty, ou=People, dc=example,dc=com', 'uid=hmiller, ou=People, dc=example,dc=com']) UserAccount(topo.standalone, 'cn=HR Managers,ou=groups,dc=example,dc=com').add('uniquemember', [ 'uid=kvaughan, ou=People, dc=example,dc=com', 'uid=cschmith, ou=People, dc=example,dc=com']) And try to add filter: With Filter: It fails gives 0 result for those involves Group 'cn=Accounting Managers,ou=groups,dc=example,dc=com' . for iin ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)', '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)', '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)', '(&(objectclass=inetorgperson)(uid=scarter))', '(&(objectclass=organizationalperson)(uid=scarter))', '(objectclass=inetorgperson)', '(&(objectclass=organizationalPerson)(sn=Jensen))', '(&(mail=*)(objectclass=organizationalPerson))', '(mail=*)', '(&(sn=Rentz)(objectclass=organizationalPerson))', '(&(sn=Ward)(sn=Ward))', '(sn=Jensen)', '(sn=*)', '(sn=*utz)']: assert Accounts(topo.standalone, DEFAULT_SUFFIX).filter(i) with search_s(Old Way): I gives correct results . for iin ['(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)', '(uniquemember=uid=rdaugherty, ou=People, dc=example,dc=com)', '(uniquemember=uid=hmiller, ou=People, dc=example,dc=com)', '(&(objectclass=inetorgperson)(uid=scarter))', '(&(objectclass=organizationalperson)(uid=scarter))', '(objectclass=inetorgperson)', '(&(objectclass=organizationalPerson)(sn=Jensen))', '(&(mail=*)(objectclass=organizationalPerson))', '(mail=*)', '(&(sn=Rentz)(objectclass=organizationalPerson))', '(&(sn=Ward)(sn=Ward))', '(sn=Jensen)', '(sn=*)', '(sn=*utz)']: assert topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, i) I have attached the test script too . Test test_various_combinations_of_filters_and_idlistscanlimit Regards Anuj Borah _______________________________________________ 389-devel mailing list --389-devel@lists.fedoraproject.org <mailto:389-devel@lists.fedoraproject.org> To unsubscribe send an email to389-devel-le...@lists.fedoraproject.org <mailto:389-devel-le...@lists.fedoraproject.org> Fedora Code of Conduct:https://getfedora.org/code-of-conduct.html List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org_______________________________________________ 389-devel mailing list -- 389-devel@lists.fedoraproject.org <mailto:389-devel@lists.fedoraproject.org> To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org <mailto:389-devel-le...@lists.fedoraproject.org> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org
_______________________________________________ 389-devel mailing list -- 389-devel@lists.fedoraproject.org To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org