Improve migration NotFound error

When no user/group was found, migration plugin reported an ambiguous error about invalid container. But the root cause may be for example in a wrong list of user/group objectclasses. Report both in the error message to avoid user confusion. User/group objectclass attribute is now also marked as required. Without the list of objectclasses, an invalid LDAP search is produced. https://fedorahosted.org/freeipa/ticket/2206
author: Martin Kosek <mkosek@redhat.com> 2012-06-04 14:25:41 +0200
committer: Martin Kosek <mkosek@redhat.com> 2012-06-05 08:51:30 +0200
commit: d31f0c2d330488e6b351f36d5a8f4f0affda935b (patch)
tree: 3580d30b19cffbcfd16f1ccc3a0edb49417abc9a
parent: c06cbb12ac2080e75578645b5e74adf7496de1fa (diff)
download: freeipa-d31f0c2d330488e6b351f36d5a8f4f0affda935b.tar.gz
freeipa-d31f0c2d330488e6b351f36d5a8f4f0affda935b.tar.xz
freeipa-d31f0c2d330488e6b351f36d5a8f4f0affda935b.zip
2 files changed, 14 insertions, 7 deletions
diff --git a/API.txt b/API.txt
index 501e83814..365c8bc8c 100644
--- a/API.txt
+++ b/API.txt
@@ -1909,8 +1909,8 @@ arg: Password('bindpw', cli_name='password', confirm=False)
 option: Str('binddn?', autofill=True, cli_name='bind_dn', default=u'cn=directory manager')
 option: Str('usercontainer', autofill=True, cli_name='user_container', default=u'ou=people')
 option: Str('groupcontainer', autofill=True, cli_name='group_container', default=u'ou=groups')
-option: Str('userobjectclass*', autofill=True, cli_name='user_objectclass', csv=True, default=(u'person',))
-option: Str('groupobjectclass*', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
+option: Str('userobjectclass+', autofill=True, cli_name='user_objectclass', csv=True, default=(u'person',))
+option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
 option: Str('userignoreobjectclass*', autofill=True, cli_name='user_ignore_objectclass', csv=True, default=())
 option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=())
 option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_objectclass', csv=True, default=())
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index a7b078975..a8c1c6d82 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -444,7 +444,7 @@ class migrate_ds(Command):
             default=u'ou=groups',
             autofill=True,
         ),
-        Str('userobjectclass*',
+        Str('userobjectclass+',
             cli_name='user_objectclass',
             label=_('User object class'),
             doc=_('Comma-separated list of objectclasses used to search for user entries in DS'),
@@ -452,7 +452,7 @@ class migrate_ds(Command):
             default=(u'person',),
             autofill=True,
         ),
-        Str('groupobjectclass*',
+        Str('groupobjectclass+',
             cli_name='group_objectclass',
             label=_('Group object class'),
             doc=_('Comma-separated list of objectclasses used to search for group entries in DS'),
@@ -619,8 +619,10 @@ can use their Kerberos accounts.''')
         for ldap_obj_name in self.migrate_order:
             ldap_obj = self.api.Object[ldap_obj_name]
 
-            search_filter = construct_filter(self.migrate_objects[ldap_obj_name]['filter_template'],
-                                             options[to_cli(self.migrate_objects[ldap_obj_name]['oc_option'])])
+            template = self.migrate_objects[ldap_obj_name]['filter_template']
+            oc_list = options[to_cli(self.migrate_objects[ldap_obj_name]['oc_option'])]
+            search_filter = construct_filter(template, oc_list)
+
             exclude = options['exclude_%ss' % to_cli(ldap_obj_name)]
             context = dict(ds_ldap = ds_ldap)
 
@@ -637,7 +639,12 @@ can use their Kerberos accounts.''')
             except errors.NotFound:
                 if not options.get('continue',False):
                     raise errors.NotFound(
-                        reason=_('Container for %(container)s not found at %(search_base)s') % {'container': ldap_obj_name, 'search_base': search_bases[ldap_obj_name]}
+                        reason=_('%(container)s LDAP search did not return any result '
+                                 '(search base: %(search_base)s, '
+                                 'objectclass: %(objectclass)s)')
+                                 % {'container': ldap_obj_name,
+                                    'search_base': search_bases[ldap_obj_name],
+                                    'objectclass': ', '.join(oc_list)}
                     )
                 else:
                     truncated = False
author	Martin Kosek <mkosek@redhat.com>	2012-06-04 14:25:41 +0200
committer	Martin Kosek <mkosek@redhat.com>	2012-06-05 08:51:30 +0200
commit	d31f0c2d330488e6b351f36d5a8f4f0affda935b (patch)
tree	3580d30b19cffbcfd16f1ccc3a0edb49417abc9a
parent	c06cbb12ac2080e75578645b5e74adf7496de1fa (diff)
download	freeipa-d31f0c2d330488e6b351f36d5a8f4f0affda935b.tar.gz freeipa-d31f0c2d330488e6b351f36d5a8f4f0affda935b.tar.xz freeipa-d31f0c2d330488e6b351f36d5a8f4f0affda935b.zip