diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-04-08 10:19:42 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-05-26 16:37:03 -0400 |
| commit | ac23fa7e54d551e624caca7d27956d5198203456 (patch) | |
| tree | d2e0a7694435cfb2a5f991ce0475f05d787f5a0d /ipalib | |
| parent | 1636d649264348526012b1f699284ad728e8a43d (diff) | |
| download | freeipa-ac23fa7e54d551e624caca7d27956d5198203456.tar.gz freeipa-ac23fa7e54d551e624caca7d27956d5198203456.tar.xz freeipa-ac23fa7e54d551e624caca7d27956d5198203456.zip | |
Fix migration to work between v2 servers and remove search/size limits.
Migration from a v2 server would fail because of our fake memberofindirect
attribute. This isn't in any objectclass so would cause entries to fail
to migrate. We can safely just remove it.
Also remove any limits on time/size when searching for entries on the
remote server. Otherwise only the number of entries configured in the
local IPA server can be migrated.
ticket 1124
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/migration.py | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index fc2010f90..ea591d31e 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -82,7 +82,7 @@ _supported_schemas = (u'RFC2307bis', u'RFC2307') def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs): - attr_blacklist = ['krbprincipalkey'] + attr_blacklist = ['krbprincipalkey','memberofindirect','memberindirect'] # get default primary group for new users if 'def_group_dn' not in ctx: @@ -104,7 +104,7 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs entry_attrs['homedirectory'] = home_dir entry_attrs.setdefault('gidnumber', ctx['def_group_gid']) - # do not migrate attributes autogenerated during migration + # do not migrate all attributes for attr in entry_attrs.keys(): if attr in attr_blacklist: del entry_attrs[attr] @@ -184,6 +184,8 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg new_members.append(ldap.normalize_dn(memberdn)) entry_attrs['member'] = new_members + attr_blacklist = ['memberofindirect','memberindirect'] + schema = kwargs.get('schema', None) entry_attrs['ipauniqueid'] = 'autogenerate' if schema == 'RFC2307bis': @@ -198,6 +200,11 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg else: raise ValueError('Schema %s not supported' % schema) + # do not migrate all attributes + for attr in entry_attrs.keys(): + if attr in attr_blacklist: + del entry_attrs[attr] + return dn @@ -406,11 +413,11 @@ can use their Kerberos accounts.''') migrated[ldap_obj_name] = [] failed[ldap_obj_name] = {} - # FIXME: with limits set, we get a strange 'Success' exception try: (entries, truncated) = ds_ldap.find_entries( - search_filter, ['*'], search_bases[ldap_obj_name], ds_ldap.SCOPE_ONELEVEL#, - #time_limit=0, size_limit=0 + search_filter, ['*'], search_bases[ldap_obj_name], + ds_ldap.SCOPE_ONELEVEL, + time_limit=0, size_limit=-1 ) except errors.NotFound: if not options.get('continue',False): @@ -483,7 +490,8 @@ can use their Kerberos accounts.''') # retrieve DS base DN (entries, truncated) = ds_ldap.find_entries( - '', ['namingcontexts'], '', ds_ldap.SCOPE_BASE + '', ['namingcontexts'], '', ds_ldap.SCOPE_BASE, + size_limit=-1, time_limit=0, ) try: ds_base_dn = entries[0][1]['namingcontexts'][0] |