diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-09-26 22:19:57 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-10-04 16:14:11 +0200 |
commit | 30b29bd8e8a17d9a869b261f210854d6191572b8 (patch) | |
tree | 9678fb761dbe43dbb3db9c897e73edaa04b2dbd1 /install/migration/migration.py | |
parent | b5758c800538e0d0173a9219cd90a305d0ada79f (diff) | |
download | freeipa-30b29bd8e8a17d9a869b261f210854d6191572b8.tar.gz freeipa-30b29bd8e8a17d9a869b261f210854d6191572b8.tar.xz freeipa-30b29bd8e8a17d9a869b261f210854d6191572b8.zip |
Migration: don't assume there is only one naming context, add logging.
We can't assume that there will be only one naming context. Look at each
one until we find an IPA one.
Add logging so you can know that a migration attempt fails and why.
https://fedorahosted.org/freeipa/ticket/1834
https://fedorahosted.org/freeipa/ticket/1835
Diffstat (limited to 'install/migration/migration.py')
-rw-r--r-- | install/migration/migration.py | 47 |
1 files changed, 33 insertions, 14 deletions
diff --git a/install/migration/migration.py b/install/migration/migration.py index ed6ade9ef..8edd67869 100644 --- a/install/migration/migration.py +++ b/install/migration/migration.py @@ -25,10 +25,25 @@ import errno import glob import ldap import wsgiref +import logging +from ipapython.ipautil import get_ipa_basedn BASE_DN = '' LDAP_URI = 'ldaps://localhost:636' +def convert_exception(error): + """ + Convert an LDAP exception into something more readable. + """ + if not isinstance(error, ldap.TIMEOUT): + desc = error.args[0]['desc'].strip() + info = error.args[0].get('info', '').strip() + else: + desc = '' + info = '' + + return '%s (%s)' % (desc, info) + def wsgi_redirect(start_response, loc): start_response('302 Found', [('Location', loc)]) return [] @@ -44,39 +59,44 @@ def get_base_dn(): """ Retrieve LDAP server base DN. """ + global BASE_DN + if BASE_DN: return BASE_DN try: conn = ldap.initialize(LDAP_URI) conn.simple_bind_s('', '') - entries = conn.search_ext_s( - '', scope=ldap.SCOPE_BASE, attrlist=['namingcontexts'] - ) - except ldap.LDAPError: - return '' - conn.unbind_s() - try: - return entries[0][1]['namingcontexts'][0] - except (IndexError, KeyError): + BASE_DN = get_ipa_basedn(conn) + except ldap.LDAPError, e: + logging.error('migration context search failed: %s' % e) return '' + finally: + conn.unbind_s() + + return BASE_DN def bind(username, password): base_dn = get_base_dn() if not base_dn: + logging.error('migration unable to get base dn') raise IOError(errno.EIO, 'Cannot get Base DN') bind_dn = 'uid=%s,cn=users,cn=accounts,%s' % (username, base_dn) try: conn = ldap.initialize(LDAP_URI) conn.simple_bind_s(bind_dn, password) except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM, - ldap.NO_SUCH_OBJECT): + ldap.NO_SUCH_OBJECT), e: + logging.error('migration invalid credentials for %s: %s' % (bind_dn, convert_exception(e))) raise IOError(errno.EPERM, 'Invalid LDAP credentials for user %s' % username) - except ldap.LDAPError: + except ldap.LDAPError, e: + logging.error('migration bind failed: %s' % convert_exception(e)) raise IOError(errno.EIO, 'Bind error') - - conn.unbind_s() + finally: + conn.unbind_s() def application(environ, start_response): + global LDAP_URI + if environ.get('REQUEST_METHOD', None) != 'POST': return wsgi_redirect(start_response, 'index.html') @@ -98,4 +118,3 @@ def application(environ, start_response): ui_url = get_ui_url(environ) return wsgi_redirect(start_response, ui_url) - |