From 5c8614157d5546033528f92700f5abfebd4e5838 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Nov 28 2023 16:09:32 +0000 Subject: Issue 3656 - Extend schema function to return MAY or MUST attrs Add new paramters to get_allowed_attributes() to return just MAY or MUST attributes Related: https://pagure.io/freeipa/issue/3656 Signed-off-by: Mark Reynolds Reviewed-By: Alexander Bokovoy Reviewed-By: Christian Heimes Reviewed-By: Alexander Bokovoy Reviewed-By: Christian Heimes --- diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 531305e..1888e40 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -1185,14 +1185,23 @@ class LDAPClient: """schema associated with this LDAP server""" return self._get_schema() - def get_allowed_attributes(self, objectclasses, raise_on_unknown=False): + def get_allowed_attributes(self, objectclasses, raise_on_unknown=False, + attributes="all"): if self.schema is None: return None allowed_attributes = [] for oc in objectclasses: obj = self.schema.get_obj(ldap.schema.ObjectClass, oc) if obj is not None: - allowed_attributes += obj.must + obj.may + if attributes == "must": + # Only return required(must) attrs + allowed_attributes += obj.must + elif attributes == "may": + # Only return allowed(may) attrs + allowed_attributes += obj.may + else: + # Return both allowed & required attrs + allowed_attributes += obj.must + obj.may elif raise_on_unknown: raise errors.NotFound( reason=_('objectclass %s not found') % oc) @@ -1201,7 +1210,6 @@ class LDAPClient: def __enter__(self): return self - def __exit__(self, exc_type, exc_value, traceback): self.close()