def _tryService(self, services, baseEntry, request, controls, reply): try: serviceName = services.pop(0) except IndexError: return None timestamp = self.timestamp() d = baseEntry.search(filterObject=pureldap.LDAPFilter_and([ pureldap.LDAPFilter_equalityMatch(attributeDesc=pureldap.LDAPAttributeDescription('objectClass'), assertionValue=pureldap.LDAPAssertionValue('serviceSecurityObject')), pureldap.LDAPFilter_equalityMatch(attributeDesc=pureldap.LDAPAttributeDescription('owner'), assertionValue=pureldap.LDAPAssertionValue(request.dn)), pureldap.LDAPFilter_equalityMatch(attributeDesc=pureldap.LDAPAttributeDescription('cn'), assertionValue=pureldap.LDAPAssertionValue(serviceName)), pureldap.LDAPFilter_or([ # no time pureldap.LDAPFilter_not(pureldap.LDAPFilter_present('validFrom')), # or already valid pureldap.LDAPFilter_lessOrEqual(attributeDesc=pureldap.LDAPAttributeDescription('validFrom'), assertionValue=pureldap.LDAPAssertionValue(timestamp)), ]), pureldap.LDAPFilter_or([ # no time pureldap.LDAPFilter_not(pureldap.LDAPFilter_present('validUntil')), # or still valid pureldap.LDAPFilter_greaterOrEqual(attributeDesc=pureldap.LDAPAttributeDescription('validUntil'), assertionValue=pureldap.LDAPAssertionValue(timestamp)), ]), ]), attributes=('1.1',)) def _gotEntries(entries): if not entries: return None assert len(entries)==1 #TODO e = entries[0] d = e.bind(request.auth) return d d.addCallback(_gotEntries) d.addCallbacks( callback=self._loopIfNone, callbackArgs=(services, baseEntry, request, controls, reply), errback=self._loopIfBindError, errbackArgs=(services, baseEntry, request, controls, reply)) return d
def test_not_cn(self): text = '(!(cn=Tim Howes))' filt = pureldap.LDAPFilter_not( pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='Tim Howes'))) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_not(self): o = inmemory.ReadOnlyInMemoryLDAPEntry(dn='cn=foo,dc=example,dc=com', attributes={ 'objectClass': ['a', 'b'], 'aValue': ['a'], 'bValue': ['b'], }) result = o.match( pureldap.LDAPFilter_not( pureldap.LDAPFilter_or([ pureldap.LDAPFilter_present('cValue'), pureldap.LDAPFilter_present('dValue'), ]))) self.assertEquals(result, True)
def test_andornot(self): text = r'(&(!(|(cn=foo)(cn=bar)))(sn=a*b*c*d))' filt = pureldap.LDAPFilter_and([ pureldap.LDAPFilter_not( pureldap.LDAPFilter_or([ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='bar')), ])), pureldap.LDAPFilter_substrings( type='sn', substrings=[pureldap.LDAPFilter_substrings_initial('a'), pureldap.LDAPFilter_substrings_any('b'), pureldap.LDAPFilter_substrings_any('c'), pureldap.LDAPFilter_substrings_final('d'), ])]) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def _p_extensible(s, l, t): attr, dn, matchingRule, value = t return pureldap.LDAPFilter_extensibleMatch(matchingRule=matchingRule, type=attr, matchValue=value, dnAttributes=dn) extensible.setParseAction(_p_extensible) item = simple ^ present ^ substring ^ extensible item.setName('item') item.leaveWhitespace() not_ = Suppress(Literal('!')) + filter_ not_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_not(t[0])) not_.setName('not') filterlist = OneOrMore(filter_) or_ = Suppress(Literal('|')) + filterlist or_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_or(t)) or_.setName('or') and_ = Suppress(Literal('&')) + filterlist and_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_and(t)) and_.setName('and') filtercomp = and_ | or_ | not_ | item filtercomp.setName('filtercomp') filter_ << (Suppress(Literal('(').leaveWhitespace()) + filtercomp + Suppress(Literal(')').leaveWhitespace())) filter_.setName('filter') filtercomp.leaveWhitespace() filter_.leaveWhitespace()