diff options
author | Martin Kosek <mkosek@redhat.com> | 2014-01-27 12:28:12 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-02-05 16:47:37 +0100 |
commit | 03ba31b8ca632f1ce6e9d67e0c37ca5e7bcc8a8c (patch) | |
tree | 1ce40a56c970d733f63421db6bb1ee65de8d79b9 /ipalib | |
parent | 1601860023193ec295458a71f1f097edbb57d787 (diff) | |
download | freeipa-03ba31b8ca632f1ce6e9d67e0c37ca5e7bcc8a8c.tar.gz freeipa-03ba31b8ca632f1ce6e9d67e0c37ca5e7bcc8a8c.tar.xz freeipa-03ba31b8ca632f1ce6e9d67e0c37ca5e7bcc8a8c.zip |
Migration does not add users to default group
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.
https://fedorahosted.org/freeipa/ticket/4141
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/migration.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 772bba279..94b4a02e9 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -288,19 +288,21 @@ def _update_default_group(ldap, pkey, config, ctx, force): searchfilter = "(&(objectclass=posixAccount)(!(memberof=%s)))" % group_dn try: (result, truncated) = ldap.find_entries(searchfilter, - [''], api.env.container_user, scope=ldap.SCOPE_SUBTREE, - time_limit = -1) + [''], DN(api.env.container_user, api.env.basedn), + scope=ldap.SCOPE_SUBTREE, time_limit = -1) except errors.NotFound: + api.log.debug('All users have default group set') return new_members = [] group_entry_attrs = ldap.get_entry(group_dn, ['member']) + existing_members = set(group_entry_attrs.get('member', [])) for m in result: - if m.dn not in group_entry_attrs.get('member', []): + if m.dn not in existing_members: new_members.append(m.dn) - if len(new_members) > 0: - members = group_entry_attrs.get('member', []) + + if new_members: + members = group_entry_attrs.setdefault('member', []) members.extend(new_members) - group_entry_attrs['member'] = members try: ldap.update_entry(group_entry_attrs) @@ -310,7 +312,8 @@ def _update_default_group(ldap, pkey, config, ctx, force): e = datetime.datetime.now() d = e - s mode = " (forced)" if force else "" - api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d)) + api.log.debug('Adding %d users to group%s duration %s', + len(new_members), mode, d) # GROUP MIGRATION CALLBACKS AND VARS |