Honor ldap_filter on filtered user list
Fix GET /v3/users?name=<name> to honor conf.ldap.user_filter. Change-Id: I65cacc04c218a7c87855a305c7e0088ac5860cc8 Closes-Bug: #1577804
This commit is contained in:
parent
faa79c8e18
commit
322a744ba8
|
@ -288,7 +288,7 @@ class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
|
|||
return self.filter_attributes(user)
|
||||
|
||||
def get_all_filtered(self, hints):
|
||||
query = self.filter_query(hints)
|
||||
query = self.filter_query(hints, self.ldap_filter)
|
||||
return [self.filter_attributes(user)
|
||||
for user in self.get_all(query, hints)]
|
||||
|
||||
|
|
|
@ -235,6 +235,20 @@ class BaseLDAPIdentity(identity_tests.IdentityTests,
|
|||
self.identity_api.get_user,
|
||||
self.user_foo['id'])
|
||||
|
||||
def test_list_users_by_name_and_with_filter(self):
|
||||
# confirm that the user is not exposed when it does not match the
|
||||
# filter setting in conf even if it is requested by name in user list
|
||||
hints = driver_hints.Hints()
|
||||
hints.add_filter('name', self.user_foo['name'])
|
||||
domain_id = self.user_foo['domain_id']
|
||||
driver = self.identity_api._select_identity_driver(domain_id)
|
||||
driver.user.ldap_filter = ('(|(cn=%s)(cn=%s))' %
|
||||
(self.user_sna['id'], self.user_two['id']))
|
||||
users = self.identity_api.list_users(
|
||||
domain_scope=self._set_domain_scope(domain_id),
|
||||
hints=hints)
|
||||
self.assertEqual(0, len(users))
|
||||
|
||||
def test_remove_role_grant_from_user_and_project(self):
|
||||
self.assignment_api.create_grant(user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
|
|
Loading…
Reference in New Issue