Page MenuHomekolab.org

a change we made to allow cmd_sync_mailhost_attrs to respect 'user_filter' settings from kolab.conf
Closed, ResolvedPublic

Description

This diff was made against pykolab-0.7.27 branch

---
 pykolab/auth/__init__.py               |  4 ++--
 pykolab/auth/ldap/__init__.py          | 14 ++++++++++----
 pykolab/cli/cmd_sync_mailhost_attrs.py |  5 +++--
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/pykolab/auth/__init__.py b/pykolab/auth/__init__.py
index 2ffd8d3..6b5af9a 100644
--- a/pykolab/auth/__init__.py
+++ b/pykolab/auth/__init__.py
@@ -193,7 +193,7 @@ class Auth(pykolab.base.Base):
         else:
             return result
 
-    def find_recipient(self, address, domain=None):
+    def find_recipient(self, address, domain=None, respect_base_filter=False):
         """
             Find one or more entries corresponding to the recipient address.
         """
@@ -203,7 +203,7 @@ class Auth(pykolab.base.Base):
         if not self._auth or self._auth == None:
             self.connect(domain=domain)
 
-        result = self._auth.find_recipient(address)
+        result = self._auth.find_recipient(address, respect_base_filter=respect_base_filter)
 
         if isinstance(result, list) and len(result) == 1:
             return result[0]
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 9a65a9c..a74fb68 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -541,7 +541,7 @@ class LDAP(pykolab.base.Base):
 
         return _entry_dns
 
-    def find_recipient(self, address="*", exclude_entry_id=None):
+    def find_recipient(self, address="*", exclude_entry_id=None, respect_base_filter=False):
         """
             Given an address string or list of addresses, find one or more valid
             recipients.
@@ -576,6 +576,7 @@ class LDAP(pykolab.base.Base):
 
         result_attributes.append(self.config_get('unique_attribute'))
 
+
         _filter = "(|"
 
         for recipient_address_attr in recipient_address_attrs:
@@ -586,9 +587,14 @@ class LDAP(pykolab.base.Base):
                     _filter += "(%s=%s)" % (recipient_address_attr, _address)
 
         _filter += ")"
-
-        _filter = "%s%s%s" % (__filter_prefix,_filter,__filter_suffix)
-
+        if respect_base_filter: 
+            # If this option is set we add an additional filter so that we only search for entries
+            # that actually should be kolabUsers as defined by "kolab_user_filter"...
+            # tbh: I have no idea why this isn't already happening...
+            log.debug(_("Adding kolab_user_filter..."), level=8)
+            _filter = "(&%s%s)" % (self.config_get('kolab_user_filter'), _filter)
+
+        filter = "%s%s%s" % (__filter_prefix,_filter,__filter_suffix)
         log.debug(_("Finding recipient with filter %r") % (_filter), level=8)
 
         if len(_filter) <= 6:
diff --git a/pykolab/cli/cmd_sync_mailhost_attrs.py b/pykolab/cli/cmd_sync_mailhost_attrs.py
index fe7f6b2..8e42055 100644
--- a/pykolab/cli/cmd_sync_mailhost_attrs.py
+++ b/pykolab/cli/cmd_sync_mailhost_attrs.py
@@ -140,10 +140,11 @@ def execute(*args, **kw):
                 recipient = auth.find_folder_resource(folder)
             else:
                 r_folder = '/'.join(folder.split('/')[1:])
-                recipient = auth.find_recipient(r_folder)
+                recipient = auth.find_recipient(r_folder, respect_base_filter=True)
 
             if (isinstance(recipient, list)):
                 if len(recipient) > 1:
+                    print recipient
                     log.warning(_("Multiple recipients for '%s'!") % (r_folder))
                     continue
                 elif len(recipient) == 0:
@@ -188,6 +189,6 @@ def execute(*args, **kw):
         if folder.startswith('shared/'):
             recipient = auth.find_folder_resource(folder)
         else:
-            recipient = auth.find_recipient('/'.join(folder.split('/')[1:]))
+            recipient = auth.find_recipient('/'.join(folder.split('/')[1:]), respect_base_filter=True)
 
         print folder, server, recipient
-- 2.7.4 

Details

Ticket Type
Task

Event Timeline

Oh, as I understand the fix would be simpler. See kolab_filter variable in https://git.kolab.org/diffusion/P/browse/master/pykolab/auth/ldap/__init__.py;1c4d7bb4154143752af6e2542cdbfaf2f7372cb5$702. It is not used in this method, but should.

Ok, when it's not used but should, then what's to do here?
The goal is to only try to sync_mailhost_attrs on LDAP items that realy belong to kolab relevant items.
So either one can do it as we did patch our current version or in a simpler way as you mentioned.

Mainly it's a suggestion to solve a problem in sync_mailhost_attrs affecting some thousend users in our system.
We have not checked and/or changed anything in kolabd create mailbox process to add or update the mailHost attribute in LDAP. We only changed this in kolab cli part to do the update/sync afterwards. So it may be usefull to think about the mailHost attribute handling in kolabd as well.

vendel.colja updated the task description. (Show Details)Aug 16 2016, 8:11 AM
petersen reassigned this task from petersen to machniak.Sep 6 2016, 12:43 PM
petersen added a subscriber: petersen.
machniak reassigned this task from machniak to vanmeeuwen.Sep 6 2016, 12:46 PM

My "it should" should be verified with Jeroen ;)

vendel.colja removed vanmeeuwen as the assignee of this task.EditedNov 3 2016, 1:12 PM
vendel.colja closed this task as Resolved.
vendel.colja edited subscribers, added: adomaitis, vanmeeuwen; removed: petersen.

This issue was resolved with https://git.kolab.org/rPe75b015fa96721968083a10d205187ffe8e335d3 in respect to T1417 and D209. The implementation is quite close to what the submitted patch was meant for. So we should close this T1389 and T10702

was not intended to change supscribers...