Bug 1843159

Summary: RFE AD filter rewriter for ObjectCategory
Product: Red Hat Enterprise Linux 8 Reporter: mreynolds
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: pasik, spichugi, tbordaz, vashirov
Target Milestone: rcKeywords: FutureFeature, TestCaseProvided
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-1.4-8030020200605214214.618f7055 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 03:08:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description mreynolds 2020-06-02 17:51:36 UTC 
This bug is created as a clone of upstream ticket:
https://pagure.io/389-ds-base/issue/50931

#### Issue Description
AD provides flexibility, to AD client, to use shortcuts values in filter components.
For example objectCategory [1] or objectSID [2] allows shortcuts.
The transformation of the filter components assertion can be done with a plugin using slapi_compute_add_search_rewriter.

The RFE is to create a "generic" plugin that registers rewriter callback, plugin/callbacks being referenced in the config. So a third party rewriter plugin/callback could easy be integrated with 389-ds.

[1] https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx#Filter_on_objectCategory_and_objectClass
[2] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5d58c90d-3cc5-444f-aabd-cff5f99d70f7



#### Package Version and Platform
N/A


#### Steps to reproduce

1. N/A - need to provide a test case the use that plugin

#### Actual results
Currently rewriter need a new plugin (init/start/stop/config/rewriters callbacks)


#### Expected results
 rewriter should be a shared library only containing the rewriter callbacks
Comment 5 Viktor Ashirov 2020-07-30 12:25:07 UTC 
============================================================================ test session starts ============================================================================
platform linux -- Python 3.6.8, pytest-6.0.0, py-1.9.0, pluggy-0.13.1 -- /usr/bin/python3.6
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-221.el8.x86_64-x86_64-with-redhat-8.3-Ootpa', 'Packages': {'pytest': '6.0.0', 'py': '1.9.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.10.0', 'html': '2.1.1', 'libfaketime': '0.1.2'}}
389-ds-base: 1.4.3.8-4.module+el8.3.0+7193+dfd1e8ad
nss: 3.44.0-15.el8
nspr: 4.21.0-2.el8_0
openldap: 2.4.46-15.el8
cyrus-sasl: 2.1.27-5.el8
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, configfile: pytest.ini
plugins: metadata-1.10.0, html-2.1.1, libfaketime-0.1.2
collected 2 items

dirsrvtests/tests/suites/rewriters/adfilter_test.py::test_adfilter_objectCategory PASSED                                                                              [ 50%]
dirsrvtests/tests/suites/rewriters/adfilter_test.py::test_adfilter_objectSid SKIPPED                                                                                  [100%]

================================================================ 1 passed, 1 skipped, 65 warnings in 13.00s ================================================================

Marking as VERIFIED.
Comment 8 errata-xmlrpc 2020-11-04 03:08:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds:1.4 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4695