diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-06-04 14:25:41 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-06-05 08:51:30 +0200 |
commit | d31f0c2d330488e6b351f36d5a8f4f0affda935b (patch) | |
tree | 3580d30b19cffbcfd16f1ccc3a0edb49417abc9a | |
parent | c06cbb12ac2080e75578645b5e74adf7496de1fa (diff) | |
download | freeipa-d31f0c2d330488e6b351f36d5a8f4f0affda935b.tar.gz freeipa-d31f0c2d330488e6b351f36d5a8f4f0affda935b.tar.xz freeipa-d31f0c2d330488e6b351f36d5a8f4f0affda935b.zip |
Improve migration NotFound error
When no user/group was found, migration plugin reported an ambiguous
error about invalid container. But the root cause may be for example
in a wrong list of user/group objectclasses. Report both in the error
message to avoid user confusion.
User/group objectclass attribute is now also marked as required.
Without the list of objectclasses, an invalid LDAP search is
produced.
https://fedorahosted.org/freeipa/ticket/2206
-rw-r--r-- | API.txt | 4 | ||||
-rw-r--r-- | ipalib/plugins/migration.py | 17 |
2 files changed, 14 insertions, 7 deletions
@@ -1909,8 +1909,8 @@ arg: Password('bindpw', cli_name='password', confirm=False) option: Str('binddn?', autofill=True, cli_name='bind_dn', default=u'cn=directory manager') option: Str('usercontainer', autofill=True, cli_name='user_container', default=u'ou=people') option: Str('groupcontainer', autofill=True, cli_name='group_container', default=u'ou=groups') -option: Str('userobjectclass*', autofill=True, cli_name='user_objectclass', csv=True, default=(u'person',)) -option: Str('groupobjectclass*', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames')) +option: Str('userobjectclass+', autofill=True, cli_name='user_objectclass', csv=True, default=(u'person',)) +option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames')) option: Str('userignoreobjectclass*', autofill=True, cli_name='user_ignore_objectclass', csv=True, default=()) option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=()) option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_objectclass', csv=True, default=()) diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index a7b078975..a8c1c6d82 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -444,7 +444,7 @@ class migrate_ds(Command): default=u'ou=groups', autofill=True, ), - Str('userobjectclass*', + Str('userobjectclass+', cli_name='user_objectclass', label=_('User object class'), doc=_('Comma-separated list of objectclasses used to search for user entries in DS'), @@ -452,7 +452,7 @@ class migrate_ds(Command): default=(u'person',), autofill=True, ), - Str('groupobjectclass*', + Str('groupobjectclass+', cli_name='group_objectclass', label=_('Group object class'), doc=_('Comma-separated list of objectclasses used to search for group entries in DS'), @@ -619,8 +619,10 @@ can use their Kerberos accounts.''') for ldap_obj_name in self.migrate_order: ldap_obj = self.api.Object[ldap_obj_name] - search_filter = construct_filter(self.migrate_objects[ldap_obj_name]['filter_template'], - options[to_cli(self.migrate_objects[ldap_obj_name]['oc_option'])]) + template = self.migrate_objects[ldap_obj_name]['filter_template'] + oc_list = options[to_cli(self.migrate_objects[ldap_obj_name]['oc_option'])] + search_filter = construct_filter(template, oc_list) + exclude = options['exclude_%ss' % to_cli(ldap_obj_name)] context = dict(ds_ldap = ds_ldap) @@ -637,7 +639,12 @@ can use their Kerberos accounts.''') except errors.NotFound: if not options.get('continue',False): raise errors.NotFound( - reason=_('Container for %(container)s not found at %(search_base)s') % {'container': ldap_obj_name, 'search_base': search_bases[ldap_obj_name]} + reason=_('%(container)s LDAP search did not return any result ' + '(search base: %(search_base)s, ' + 'objectclass: %(objectclass)s)') + % {'container': ldap_obj_name, + 'search_base': search_bases[ldap_obj_name], + 'objectclass': ', '.join(oc_list)} ) else: truncated = False |