#7255 baseidoverride.get_dn() does not default to a default ID view when resolving user IDs
Opened 2 years ago by abbra. Modified a year ago

In order to be able to add User ID Overrides as members of IPA groups, their objects should be discoverable by LDAPModMember.get_member_dns(). This method calls 'ldap_obj.get_dn(name)', e.g. passing only a single argument.

This breaks baseidoverride.get_dn() which expects at least '(view, name)' as a key and also options with fallback_to_ldap attribute set to either True or False.

baseidoverride.get_dn() implementation needs to be fixed to assume default trust view in case keys contain a single element. It also needs to survive lack of options (default to False).


A fix is something like this:

diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py
index a68b03915..7d0bff3c8 100644
--- a/ipaserver/plugins/idviews.py
+++ b/ipaserver/plugins/idviews.py
@@ -715,8 +715,12 @@ class baseidoverride(LDAPObject):
                 self.backend,
                 self.override_object,
                 keys[-1],
-                fallback_to_ldap=options['fallback_to_ldap']
+                fallback_to_ldap=options.get('fallback_to_ldap', False)
             )
+            if (len(keys[:-1]) == 0 and
+                    self.override_object is 'user' and
+                    anchor.startswith(SID_ANCHOR_PREFIX)):
+                keys = (DEFAULT_TRUST_VIEW_NAME, ) + keys

         keys = keys[:-1] + (anchor, )
         return super(baseidoverride, self).get_dn(*keys, **options)

Metadata Update from @frenaud:
- Issue set to the milestone: FreeIPA 4.6

2 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6)

2 years ago

Metadata Update from @tdudlak:
- Issue set to the milestone: FreeIPA 4.6.3 (was: FreeIPA 4.6.2)

2 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.6.4 (was: FreeIPA 4.6.3)

a year ago

FreeIPA 4.6.3 has been released, moving to FreeIPA 4.6.4 milestone

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.6.5 (was: FreeIPA 4.6.4)

a year ago

Login to comment on this ticket.

Metadata