On 29 Apr 2019, at 12:15, Anuj Borah <aborah(a)redhat.com>
wrote:
@William Brown
Thank you for the clarification. Same thing was writing in the second mail of this mail
chain . I was missing the use case UniqueGroup(…).filter().
What about bellow filters . Can we use filter here also .
topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(& (|
(nsRoleDN=cn=new managed role) (sn=Hall)) (l=sunnyvale))', ['cn',
'cn', 'cn'])
topo.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(& (|
(nsRoleDN=cn=new managed role) (sn=Hall)) (l=sunnyvale))', ['*', 'cn’]
If you are filtering again accounts that are in a roll, then you would do:
Accounts().filter(conditions) ...
)
> And This one .
>
> topo.standalone.search_s(DEFAULT_SUFFIX,
ldap.SCOPE_SUBTREE,"testUserAccountControl:1.2.840.113556.1.4.804:=16777216",['attrlist=cn:sn:uid:testUserAccountControl’]
)
I think you need to think about this problem as “I want to run this filter and I expect to
get these specific types back”. You aren’t simply doing a search, you are telling lib389
“find all accounts that match these conditions”.
So if you do the nsRoleDN search against accounts, you’ll get all accounts in that
nsroledn. If you do the nsroledn search agains groups, you’ll get all groups that are in
that nsroledn.
Perhaps you need to think of it that way, that you are expressing not just the conditions
you want to find, but what types of things you expect them to be. If you can answer that
question, youll have the answer to “how” to use filter for those searches.
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs