From 4c6ff801405de9bcc9175e1687a91ff55143d9b3 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 29 Apr 2015 08:15:54 +0200 Subject: winsync-migrate: Add a way to find all winsync users https://fedorahosted.org/freeipa/ticket/4524 Reviewed-By: Martin Babinsky --- ipaserver/winsync_migrate/base.py | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/ipaserver/winsync_migrate/base.py b/ipaserver/winsync_migrate/base.py index c21a861c2..840388904 100644 --- a/ipaserver/winsync_migrate/base.py +++ b/ipaserver/winsync_migrate/base.py @@ -44,6 +44,23 @@ class MigrateWinsync(admintool.AdminTool): "For more information, see `man ipa-migrate-winsync`." ) + def find_winsync_users(self): + """ + Finds all users that were mirrored from AD using winsync. + """ + + user_filter = "(&(objectclass=ntuser)(ntUserDomainId=*))" + user_base = DN(api.env.container_user, api.env.basedn) + entries, _ = self.ldap.find_entries( + filter=user_filter, + base_dn=user_base, + paged_search=True) + + for entry in entries: + self.log.debug("Discovered entry: %s" % entry) + + return entries + def run(self): super(MigrateWinsync, self).run() @@ -55,13 +72,13 @@ class MigrateWinsync(admintool.AdminTool): try: ctx = krbV.default_context() ccache = ctx.default_ccache() - except krbV.Krb5Error, e: - sys.exit("Must have Kerberos credentials to migrate Winsync users.") - - try: api.Backend.ldap2.connect(ccache) self.ldap = api.Backend.ldap2 + except krbV.Krb5Error, e: + sys.exit("Must have Kerberos credentials to migrate Winsync users.") except errors.ACIError, e: sys.exit("Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket.") except errors.DatabaseError, e: sys.exit("Cannot connect to the LDAP database. Please check if IPA is running.") + + entries = self.find_winsync_users() -- cgit