summaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/identity/backends
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/identity/backends')
-rw-r--r--keystone-moon/keystone/identity/backends/ldap.py19
-rw-r--r--keystone-moon/keystone/identity/backends/sql.py15
2 files changed, 11 insertions, 23 deletions
diff --git a/keystone-moon/keystone/identity/backends/ldap.py b/keystone-moon/keystone/identity/backends/ldap.py
index 0f7ee450..7a3cb03b 100644
--- a/keystone-moon/keystone/identity/backends/ldap.py
+++ b/keystone-moon/keystone/identity/backends/ldap.py
@@ -14,13 +14,12 @@
from __future__ import absolute_import
import uuid
-import ldap
import ldap.filter
from oslo_config import cfg
from oslo_log import log
import six
-from keystone import clean
+from keystone.common import clean
from keystone.common import driver_hints
from keystone.common import ldap as common_ldap
from keystone.common import models
@@ -42,7 +41,7 @@ class Identity(identity.Driver):
self.group = GroupApi(conf)
def default_assignment_driver(self):
- return "keystone.assignment.backends.ldap.Assignment"
+ return 'ldap'
def is_domain_aware(self):
return False
@@ -352,20 +351,18 @@ class GroupApi(common_ldap.BaseLdap):
"""Return a list of groups for which the user is a member."""
user_dn_esc = ldap.filter.escape_filter_chars(user_dn)
- query = '(&(objectClass=%s)(%s=%s)%s)' % (self.object_class,
- self.member_attribute,
- user_dn_esc,
- self.ldap_filter or '')
+ query = '(%s=%s)%s' % (self.member_attribute,
+ user_dn_esc,
+ self.ldap_filter or '')
return self.get_all(query)
def list_user_groups_filtered(self, user_dn, hints):
"""Return a filtered list of groups for which the user is a member."""
user_dn_esc = ldap.filter.escape_filter_chars(user_dn)
- query = '(&(objectClass=%s)(%s=%s)%s)' % (self.object_class,
- self.member_attribute,
- user_dn_esc,
- self.ldap_filter or '')
+ query = '(%s=%s)%s' % (self.member_attribute,
+ user_dn_esc,
+ self.ldap_filter or '')
return self.get_all_filtered(hints, query)
def list_group_users(self, group_id):
diff --git a/keystone-moon/keystone/identity/backends/sql.py b/keystone-moon/keystone/identity/backends/sql.py
index 39868416..8bda9a1b 100644
--- a/keystone-moon/keystone/identity/backends/sql.py
+++ b/keystone-moon/keystone/identity/backends/sql.py
@@ -77,7 +77,7 @@ class Identity(identity.Driver):
super(Identity, self).__init__()
def default_assignment_driver(self):
- return "keystone.assignment.backends.sql.Assignment"
+ return 'sql'
@property
def is_sql(self):
@@ -211,28 +211,19 @@ class Identity(identity.Driver):
session.delete(membership_ref)
def list_groups_for_user(self, user_id, hints):
- # TODO(henry-nash) We could implement full filtering here by enhancing
- # the join below. However, since it is likely to be a fairly rare
- # occurrence to filter on more than the user_id already being used
- # here, this is left as future enhancement and until then we leave
- # it for the controller to do for us.
session = sql.get_session()
self.get_user(user_id)
query = session.query(Group).join(UserGroupMembership)
query = query.filter(UserGroupMembership.user_id == user_id)
+ query = sql.filter_limit_query(Group, query, hints)
return [g.to_dict() for g in query]
def list_users_in_group(self, group_id, hints):
- # TODO(henry-nash) We could implement full filtering here by enhancing
- # the join below. However, since it is likely to be a fairly rare
- # occurrence to filter on more than the group_id already being used
- # here, this is left as future enhancement and until then we leave
- # it for the controller to do for us.
session = sql.get_session()
self.get_group(group_id)
query = session.query(User).join(UserGroupMembership)
query = query.filter(UserGroupMembership.group_id == group_id)
-
+ query = sql.filter_limit_query(User, query, hints)
return [identity.filter_user(u.to_dict()) for u in query]
def delete_user(self, user_id):