summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-04-08 10:19:42 -0400
committerRob Crittenden <rcritten@redhat.com>2011-05-26 16:37:03 -0400
commitac23fa7e54d551e624caca7d27956d5198203456 (patch)
treed2e0a7694435cfb2a5f991ce0475f05d787f5a0d /ipalib
parent1636d649264348526012b1f699284ad728e8a43d (diff)
downloadfreeipa-ac23fa7e54d551e624caca7d27956d5198203456.tar.gz
freeipa-ac23fa7e54d551e624caca7d27956d5198203456.tar.xz
freeipa-ac23fa7e54d551e624caca7d27956d5198203456.zip
Fix migration to work between v2 servers and remove search/size limits.
Migration from a v2 server would fail because of our fake memberofindirect attribute. This isn't in any objectclass so would cause entries to fail to migrate. We can safely just remove it. Also remove any limits on time/size when searching for entries on the remote server. Otherwise only the number of entries configured in the local IPA server can be migrated. ticket 1124
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/plugins/migration.py20
1 files changed, 14 insertions, 6 deletions
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index fc2010f90..ea591d31e 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -82,7 +82,7 @@ _supported_schemas = (u'RFC2307bis', u'RFC2307')
def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs):
- attr_blacklist = ['krbprincipalkey']
+ attr_blacklist = ['krbprincipalkey','memberofindirect','memberindirect']
# get default primary group for new users
if 'def_group_dn' not in ctx:
@@ -104,7 +104,7 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
entry_attrs['homedirectory'] = home_dir
entry_attrs.setdefault('gidnumber', ctx['def_group_gid'])
- # do not migrate attributes autogenerated during migration
+ # do not migrate all attributes
for attr in entry_attrs.keys():
if attr in attr_blacklist:
del entry_attrs[attr]
@@ -184,6 +184,8 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg
new_members.append(ldap.normalize_dn(memberdn))
entry_attrs['member'] = new_members
+ attr_blacklist = ['memberofindirect','memberindirect']
+
schema = kwargs.get('schema', None)
entry_attrs['ipauniqueid'] = 'autogenerate'
if schema == 'RFC2307bis':
@@ -198,6 +200,11 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg
else:
raise ValueError('Schema %s not supported' % schema)
+ # do not migrate all attributes
+ for attr in entry_attrs.keys():
+ if attr in attr_blacklist:
+ del entry_attrs[attr]
+
return dn
@@ -406,11 +413,11 @@ can use their Kerberos accounts.''')
migrated[ldap_obj_name] = []
failed[ldap_obj_name] = {}
- # FIXME: with limits set, we get a strange 'Success' exception
try:
(entries, truncated) = ds_ldap.find_entries(
- search_filter, ['*'], search_bases[ldap_obj_name], ds_ldap.SCOPE_ONELEVEL#,
- #time_limit=0, size_limit=0
+ search_filter, ['*'], search_bases[ldap_obj_name],
+ ds_ldap.SCOPE_ONELEVEL,
+ time_limit=0, size_limit=-1
)
except errors.NotFound:
if not options.get('continue',False):
@@ -483,7 +490,8 @@ can use their Kerberos accounts.''')
# retrieve DS base DN
(entries, truncated) = ds_ldap.find_entries(
- '', ['namingcontexts'], '', ds_ldap.SCOPE_BASE
+ '', ['namingcontexts'], '', ds_ldap.SCOPE_BASE,
+ size_limit=-1, time_limit=0,
)
try:
ds_base_dn = entries[0][1]['namingcontexts'][0]