[Ldap] Allow search scoping #20310
[Ldap] Allow search scoping #20310
Conversation
|
I need to further tell that without this change ldap is almost unusable in some cases. For example, to build a tree of departments, you need to search in SCOPE_ONELEVEL but you can't (without this PR). My dirty workaround is to look at length of entry's dn to understand if this is sub-department (cn is uuid, so it has fixed size). This is very dirty and unreliable solution. |
|
Why does nobody look at this PR (it's week already)? @csarrazi marked as author in https://github.com/symfony/ldap. Should I contact him? |
|
@xunto I do not receive notifications unless I am explicitly tagged in a comment. |
| @@ -23,6 +23,10 @@ | |||
| const DEREF_FINDING = 0x02; | |||
| const DEREF_ALWAYS = 0x03; | |||
|
|
|||
| const SCOPE_BASE = 0x00; | |||
There was a problem hiding this comment.
Do not use integer constants here unless they are actually part of the specification. Here, please use string values.
I.e.
const SCOPE_BASE = 'base';
const SCOPE_ONELEVEL = 'one_level';
const SCOPE_SUBTREE = 'subtree';|
One thing though, please also add functional tests for the scope handling. |
| $func = 'ldap_list'; | ||
| break; | ||
| case static::SCOPE_SUBTREE: | ||
| default: |
There was a problem hiding this comment.
The default should actually throw an exception (which should actually never be thrown, as the OptionsResolver is actually the one which sanitizes the scope option) instead of being a fall-through for the subtree scope.
There was a problem hiding this comment.
@csarrazi actually I already defined allowed values in option OptionsResolver (c6c47ae#diff-822ec15d626e08f71c9ebaea383b5a89R40). So default is only for linter.
There was a problem hiding this comment.
Okay. So throw an exception in the default, and set $func to ldap_search in the SCOPE_SUBTREE case. :)
| 'scope' => Query::SCOPE_SUBTREE, | ||
| ))->execute()->count(); | ||
|
|
||
| $this->assertNotEquals($one_level, $subtree); |
There was a problem hiding this comment.
I do not feel that this tests anything useful (Apart from checking that a one level scope is different from a subtree). We should actually check whether we have the expected content in the output from the test.
There was a problem hiding this comment.
I'm working on it right now)
|
|
||
| dn: cn=Scope,cn=Ldap,ou=Components,dc=symfony,dc=com | ||
| objectclass: organizationalunit | ||
| cn: Scopes |
There was a problem hiding this comment.
Add newline to end of file.
|
I apologise for big amount of commits. My distro have different paths for openldap so I can't run tests on my computer. |
|
@xunto No problem, as long as you squash everything later! ;) You could also use the csarrazi/symfony-ldap docker repository, if you want to easily spawn an openldap instance, btw! |
|
@csarrazi Everything should be ok now. Thanks for review. I going to squash it right now. |
|
You're welcome! |
|
@csarrazi done |
|
Oh, didn't noticed yout anwser about default in switch/case. Give me a minute... |
|
@csarrazi Everything is done. Tests pass. |
|
👍 |
|
@csarrazi Should I slap deciders or mergers now? |
|
Yup! :) |
|
@csarrazi Thanks for help! @symfony/deciders, it's your turn! |
|
Just for your information, this new feature won't be merged for 3.2, but considered for 3.3. |
|
@fabpot Sad but ok, I think. So it won't get into the master until 3.2 is released? So, in december. |
|
Right, that's correct. |
|
👍 |
|
Hey @xunto! Sorry for getting back one more time. Could you just amend your PR and change the scope names so they respect RFC 2255? ("base" / "one" / "sub"). See https://tools.ietf.org/html/rfc2255
That would be great! :) |
|
@csarrazi Ok, will do. |
|
@csarrazi done. |
|
@symfony/deciders, 3.2 is released. Looks like now we can merge this. |
|
Thank you @xunto. |
This PR was squashed before being merged into the 3.3-dev branch (closes #20310). Discussion ---------- [Ldap] Allow search scoping | Q | A | | --- | --- | | Branch? | "master" | | Bug fix? | no | | New feature? | yes | | BC breaks? | no | | Deprecations? | no | | Tests pass? | yes | | Fixed tickets | - | | License | MIT | | Doc PR | - | Quite trivial, PR adds "scope" attribute to the query options. For example: ```php public function ldapAction() { $ldap = $this->get("app.ldap"); $dn = $this->getParameter("dn"); $results = $ldap->query($dn, "(objectClass=*)", [ "scope" => Query::SCOPE_ONELEVEL ])->execute(); foreach ($results as $entry) { var_dump($entry->getDn()); echo "<br/>"; } return new Response(""); } ``` SCOPE_BASE: http://php.net/manual/ru/function.ldap-read.php SCOPE_ONELEVEL: http://php.net/manual/ru/function.ldap-list.php SCOPE_SUBTREE: http://php.net/manual/ru/function.ldap-search.php Commits ------- 83c7915 [Ldap] Allow search scoping
Quite trivial, PR adds "scope" attribute to the query options. For example:
SCOPE_BASE: http://php.net/manual/ru/function.ldap-read.php
SCOPE_ONELEVEL: http://php.net/manual/ru/function.ldap-list.php
SCOPE_SUBTREE: http://php.net/manual/ru/function.ldap-search.php