diff options
Diffstat (limited to 'ipalib/plugins/migration.py')
-rw-r--r-- | ipalib/plugins/migration.py | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index fc2010f90..ea591d31e 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -82,7 +82,7 @@ _supported_schemas = (u'RFC2307bis', u'RFC2307') def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs): - attr_blacklist = ['krbprincipalkey'] + attr_blacklist = ['krbprincipalkey','memberofindirect','memberindirect'] # get default primary group for new users if 'def_group_dn' not in ctx: @@ -104,7 +104,7 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs entry_attrs['homedirectory'] = home_dir entry_attrs.setdefault('gidnumber', ctx['def_group_gid']) - # do not migrate attributes autogenerated during migration + # do not migrate all attributes for attr in entry_attrs.keys(): if attr in attr_blacklist: del entry_attrs[attr] @@ -184,6 +184,8 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg new_members.append(ldap.normalize_dn(memberdn)) entry_attrs['member'] = new_members + attr_blacklist = ['memberofindirect','memberindirect'] + schema = kwargs.get('schema', None) entry_attrs['ipauniqueid'] = 'autogenerate' if schema == 'RFC2307bis': @@ -198,6 +200,11 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg else: raise ValueError('Schema %s not supported' % schema) + # do not migrate all attributes + for attr in entry_attrs.keys(): + if attr in attr_blacklist: + del entry_attrs[attr] + return dn @@ -406,11 +413,11 @@ can use their Kerberos accounts.''') migrated[ldap_obj_name] = [] failed[ldap_obj_name] = {} - # FIXME: with limits set, we get a strange 'Success' exception try: (entries, truncated) = ds_ldap.find_entries( - search_filter, ['*'], search_bases[ldap_obj_name], ds_ldap.SCOPE_ONELEVEL#, - #time_limit=0, size_limit=0 + search_filter, ['*'], search_bases[ldap_obj_name], + ds_ldap.SCOPE_ONELEVEL, + time_limit=0, size_limit=-1 ) except errors.NotFound: if not options.get('continue',False): @@ -483,7 +490,8 @@ can use their Kerberos accounts.''') # retrieve DS base DN (entries, truncated) = ds_ldap.find_entries( - '', ['namingcontexts'], '', ds_ldap.SCOPE_BASE + '', ['namingcontexts'], '', ds_ldap.SCOPE_BASE, + size_limit=-1, time_limit=0, ) try: ds_base_dn = entries[0][1]['namingcontexts'][0] |