Migration: don't assume there is only one naming context, add logging.

We can't assume that there will be only one naming context. Look at each
one until we find an IPA one.

Add logging so you can know that a migration attempt fails and why.

https://fedorahosted.org/freeipa/ticket/1834
https://fedorahosted.org/freeipa/ticket/1835

2 files changed, 34 insertions, 15 deletions

diff --git a/install/migration/invalid.html b/install/migration/invalid.html
index a641d1a05..91de79fb9 100644
--- a/install/migration/invalid.html
+++ b/install/migration/invalid.html
@@ -35,7 +35,7 @@
              <p>If the problem persists, contact your administrator.</p>
              </div>
            </div>
-           <form id="login" action="" name="">
+           <form id="login" action="migration.py" method="post" name="">
               <ul>
                 <li>
                   <label for="username">Username:</label>
diff --git a/install/migration/migration.py b/install/migration/migration.py
index ed6ade9ef..8edd67869 100644
--- a/install/migration/migration.py
+++ b/install/migration/migration.py
@@ -25,10 +25,25 @@ import errno
 import glob
 import ldap
 import wsgiref
+import logging
+from ipapython.ipautil import get_ipa_basedn
 
 BASE_DN = ''
 LDAP_URI = 'ldaps://localhost:636'
 
+def convert_exception(error):
+    """
+    Convert an LDAP exception into something more readable.
+    """
+    if not isinstance(error, ldap.TIMEOUT):
+        desc = error.args[0]['desc'].strip()
+        info = error.args[0].get('info', '').strip()
+    else:
+        desc = ''
+        info = ''
+
+    return '%s (%s)' % (desc, info)
+
 def wsgi_redirect(start_response, loc):
     start_response('302 Found', [('Location', loc)])
     return []
@@ -44,39 +59,44 @@ def get_base_dn():
     """
     Retrieve LDAP server base DN.
     """
+    global BASE_DN
+
     if BASE_DN:
         return BASE_DN
     try:
         conn = ldap.initialize(LDAP_URI)
         conn.simple_bind_s('', '')
-        entries = conn.search_ext_s(
-            '', scope=ldap.SCOPE_BASE, attrlist=['namingcontexts']
-        )
-    except ldap.LDAPError:
-        return ''
-    conn.unbind_s()
-    try:
-        return entries[0][1]['namingcontexts'][0]
-    except (IndexError, KeyError):
+        BASE_DN = get_ipa_basedn(conn)
+    except ldap.LDAPError, e:
+        logging.error('migration context search failed: %s' % e)
         return ''
+    finally:
+        conn.unbind_s()
+
+    return BASE_DN
 
 def bind(username, password):
     base_dn = get_base_dn()
     if not base_dn:
+        logging.error('migration unable to get base dn')
         raise IOError(errno.EIO, 'Cannot get Base DN')
     bind_dn = 'uid=%s,cn=users,cn=accounts,%s' % (username, base_dn)
     try:
         conn = ldap.initialize(LDAP_URI)
         conn.simple_bind_s(bind_dn, password)
     except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM,
-            ldap.NO_SUCH_OBJECT):
+            ldap.NO_SUCH_OBJECT), e:
+        logging.error('migration invalid credentials for %s: %s' % (bind_dn, convert_exception(e)))
         raise IOError(errno.EPERM, 'Invalid LDAP credentials for user %s' % username)
-    except ldap.LDAPError:
+    except ldap.LDAPError, e:
+        logging.error('migration bind failed: %s' % convert_exception(e))
         raise IOError(errno.EIO, 'Bind error')
-
-    conn.unbind_s()
+    finally:
+        conn.unbind_s()
 
 def application(environ, start_response):
+    global LDAP_URI
+
     if environ.get('REQUEST_METHOD', None) != 'POST':
         return wsgi_redirect(start_response, 'index.html')
 
@@ -98,4 +118,3 @@ def application(environ, start_response):
 
     ui_url = get_ui_url(environ)
     return wsgi_redirect(start_response, ui_url)
-