[CalendarServer-changes] [7832] CalendarServer/trunk/twistedcaldav/directory

Mon Aug 1 10:16:20 PDT 2011

Revision: 7832
          http://trac.macosforge.org/projects/calendarserver/changeset/7832
Author:   sagen at apple.com
Date:     2011-08-01 10:16:18 -0700 (Mon, 01 Aug 2011)
Log Message:
-----------
If guidAttr is specified in plist, it's required to be in LDAP.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/directory/ldapdirectory.py
    CalendarServer/trunk/twistedcaldav/directory/test/test_ldapdirectory.py

Modified: CalendarServer/trunk/twistedcaldav/directory/ldapdirectory.py
===================================================================

--- CalendarServer/trunk/twistedcaldav/directory/ldapdirectory.py	2011-07-28 19:05:19 UTC (rev 7831)
+++ CalendarServer/trunk/twistedcaldav/directory/ldapdirectory.py	2011-08-01 17:16:18 UTC (rev 7832)
@@ -309,6 +309,8 @@
 
             record = self._ldapResultToRecord(dn, attrs, recordType)
             # self.log_debug("Got LDAP record %s" % (record,))
+            if record is None:
+                continue
 
             if not unrestricted:
                 self.log_debug("%s is not enabled because it's not a member of group: %s" % (guid, self.restrictToGroup))
@@ -535,6 +537,10 @@
         guidAttr = self.rdnSchema["guidAttr"]
         if guidAttr:
             guid = self._getUniqueLdapAttribute(attrs, guidAttr)
+            if not guid:
+                self.log_error("LDAP data missing required GUID attribute: %s" %
+                    (guidAttr,))
+                return None
 
         # Find or build email
         emailAddresses = self._getMultipleLdapAttributes(attrs, self.rdnSchema[recordType]["mapping"]["emailAddresses"])
@@ -764,17 +770,19 @@
 
                 record = self._ldapResultToRecord(dn, attrs, recordType)
                 self.log_debug("Got LDAP record %s" % (record,))
-                self.recordCacheForType(recordType).addRecord(record,
-                    indexType, indexKey
-                )
 
-                if not unrestricted:
-                    self.log_debug("%s is not enabled because it's not a member of group: %s" % (guid, self.restrictToGroup))
-                    record.enabledForCalendaring = False
-                    record.enabledForAddressBooks = False
+                if record is not None:
+                    self.recordCacheForType(recordType).addRecord(record,
+                        indexType, indexKey
+                    )
 
-                record.applySACLs()
+                    if not unrestricted:
+                        self.log_debug("%s is not enabled because it's not a member of group: %s" % (guid, self.restrictToGroup))
+                        record.enabledForCalendaring = False
+                        record.enabledForAddressBooks = False
 
+                    record.applySACLs()
+
     def recordsMatchingFields(self, fields, operand="or", recordType=None):
         """
         Carries out the work of a principal-property-search against LDAP
@@ -810,6 +818,8 @@
                                 continue
 
                     record = self._ldapResultToRecord(dn, attrs, recordType)
+                    if record is None:
+                        continue
 
                     # For non-group records, if not enabled for calendaring do
                     # not include in principal property search results

Modified: CalendarServer/trunk/twistedcaldav/directory/test/test_ldapdirectory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_ldapdirectory.py	2011-07-28 19:05:19 UTC (rev 7831)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_ldapdirectory.py	2011-08-01 17:16:18 UTC (rev 7832)
@@ -276,6 +276,18 @@
             self.assertEquals(record.serverID, "test-server-id")
             self.assertEquals(record.partitionID, "test-partition-id")
 
+            # User missing guidAttr
+
+            dn = "uid=odtestamanda,cn=users,dc=example,dc=com"
+            attrs = {
+                'uid': ['odtestamanda'],
+                'cn': ['Amanda Test'],
+            }
+
+            record = self.service._ldapResultToRecord(dn, attrs,
+                self.service.recordType_users)
+            self.assertEquals(record, None)
+
             # Group with direct user members and nested group
 
             dn = "cn=odtestgrouptop,cn=groups,dc=example,dc=com"
@@ -422,10 +434,21 @@
                         'cn': ['Betty Test']
                     }
                 ),
+                (
+                    "uid=odtestcarlene,cn=users,dc=example,dc=com",
+                    {
+                        'uid': ['odtestcarlene'],
+                        # Note: no guid here, to test this record is skipped
+                        'sn': ['Test'],
+                        'mail': ['odtestcarlene at example.com'],
+                        'givenName': ['Carlene'],
+                        'cn': ['Carlene Test']
+                    }
+                ),
             ])
             records = self.service.listRecords(self.service.recordType_users)
             self.assertEquals(len(records), 2)
             self.assertEquals(
                 set([r.firstName for r in records]),
-                set(["Amanda", "Betty"])
+                set(["Amanda", "Betty"]) # Carlene is skipped because no guid in LDAP
             )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20110801/05f56248/attachment.html>
