summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2014-01-27 12:28:12 +0100
committerMartin Kosek <mkosek@redhat.com>2014-02-05 16:47:37 +0100
commit03ba31b8ca632f1ce6e9d67e0c37ca5e7bcc8a8c (patch)
tree1ce40a56c970d733f63421db6bb1ee65de8d79b9
parent1601860023193ec295458a71f1f097edbb57d787 (diff)
downloadfreeipa-03ba31b8ca632f1ce6e9d67e0c37ca5e7bcc8a8c.zip
freeipa-03ba31b8ca632f1ce6e9d67e0c37ca5e7bcc8a8c.tar.gz
freeipa-03ba31b8ca632f1ce6e9d67e0c37ca5e7bcc8a8c.tar.xz
Migration does not add users to default group
When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
-rw-r--r--ipalib/plugins/migration.py17
1 files changed, 10 insertions, 7 deletions
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 772bba2..94b4a02 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -288,19 +288,21 @@ def _update_default_group(ldap, pkey, config, ctx, force):
searchfilter = "(&(objectclass=posixAccount)(!(memberof=%s)))" % group_dn
try:
(result, truncated) = ldap.find_entries(searchfilter,
- [''], api.env.container_user, scope=ldap.SCOPE_SUBTREE,
- time_limit = -1)
+ [''], DN(api.env.container_user, api.env.basedn),
+ scope=ldap.SCOPE_SUBTREE, time_limit = -1)
except errors.NotFound:
+ api.log.debug('All users have default group set')
return
new_members = []
group_entry_attrs = ldap.get_entry(group_dn, ['member'])
+ existing_members = set(group_entry_attrs.get('member', []))
for m in result:
- if m.dn not in group_entry_attrs.get('member', []):
+ if m.dn not in existing_members:
new_members.append(m.dn)
- if len(new_members) > 0:
- members = group_entry_attrs.get('member', [])
+
+ if new_members:
+ members = group_entry_attrs.setdefault('member', [])
members.extend(new_members)
- group_entry_attrs['member'] = members
try:
ldap.update_entry(group_entry_attrs)
@@ -310,7 +312,8 @@ def _update_default_group(ldap, pkey, config, ctx, force):
e = datetime.datetime.now()
d = e - s
mode = " (forced)" if force else ""
- api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d))
+ api.log.debug('Adding %d users to group%s duration %s',
+ len(new_members), mode, d)
# GROUP MIGRATION CALLBACKS AND VARS