@William Brown <wbr...@suse.de> Thank you for the clarification. Same thing was writing in the second mail of this mail chain . I was missing the use case UniqueGroup(…).filter().
What about bellow filters . Can we use filter here also . topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(& (| (nsRoleDN=cn=new managed role) (sn=Hall)) (l=sunnyvale))', ['cn', 'cn', 'cn']) topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(& (| (nsRoleDN=cn=new managed role) (sn=Hall)) (l=sunnyvale))', ['*', 'cn']) And This one . topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,"testUserAccountControl:1.2.840.113556.1.4.804:=16777216",['attrlist=cn:sn:uid:testUserAccountControl']) Regards Anuj Borah On Mon, Apr 29, 2019 at 7:38 AM William Brown <wbr...@suse.de> wrote: > > > > On 29 Apr 2019, at 11:53, Anuj Borah <abo...@redhat.com> wrote: > > > > @William Brown > > > > The space did not make any difference . Look at bellow result . > > > > (Pdb) i > > '(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)' > > (Pdb) Accounts(topo.standalone, DEFAULT_SUFFIX).filter(i) > > ^ Because you are using the wrong class. > > Filter will wrap your call because you are filtering over the set of > Accounts, not “generic searching”. If you want to search a group > OfUniqueNames, you need: > > UniqueGroup(…).filter(). > > Have a look at _mapped_object.py in def filter and youll see it does: > > def filter(self, search): > # This will yield and & filter for objectClass with as many terms > as needed. > search_filter = _gen_and([self._get_objectclass_filter(),search]) > > IE, your search of “uniqueMember=…” is then inserted such that: > > (&(objectClass=groupOfUniqueNames)(uniqueMember=…)) > > Because you are using Accounts, this is doing: > > (&(|(objectClass=nsAccount)(objectClass=person)…) (uniqueMember=…)) > > Which of course won’t find anything in a group, because Accounts are not > Groups. > > > So in fact, lib389 is doing exactly the right thing here, by saying “no, > your search is not safe or sane, so you don’t get any results”. Lib389 is > designed to prevent you making mistakes, and so will error or do nothing in > the cases where something is wrong, rather than allow a corruption or odd > behaviour to occur. > > > > > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > >
_______________________________________________ 389-devel mailing list -- 389-devel@lists.fedoraproject.org To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org