From ac23fa7e54d551e624caca7d27956d5198203456 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 8 Apr 2011 10:19:42 -0400
Subject: Fix migration to work between v2 servers and remove search/size
 limits.

Migration from a v2 server would fail because of our fake memberofindirect
attribute. This isn't in any objectclass so would cause entries to fail
to migrate. We can safely just remove it.

Also remove any limits on time/size when searching for entries on the
remote server. Otherwise only the number of entries configured in the
local IPA server can be migrated.

ticket 1124
---
 ipalib/plugins/migration.py | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'ipalib')

diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index fc2010f90..ea591d31e 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -82,7 +82,7 @@ _supported_schemas = (u'RFC2307bis', u'RFC2307')
 
 
 def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs):
-    attr_blacklist = ['krbprincipalkey']
+    attr_blacklist = ['krbprincipalkey','memberofindirect','memberindirect']
 
     # get default primary group for new users
     if 'def_group_dn' not in ctx:
@@ -104,7 +104,7 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
         entry_attrs['homedirectory'] = home_dir
     entry_attrs.setdefault('gidnumber', ctx['def_group_gid'])
 
-    # do not migrate attributes autogenerated during migration
+    # do not migrate all attributes
     for attr in entry_attrs.keys():
         if attr in attr_blacklist:
             del entry_attrs[attr]
@@ -184,6 +184,8 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg
             new_members.append(ldap.normalize_dn(memberdn))
         entry_attrs['member'] = new_members
 
+    attr_blacklist = ['memberofindirect','memberindirect']
+
     schema = kwargs.get('schema', None)
     entry_attrs['ipauniqueid'] = 'autogenerate'
     if schema == 'RFC2307bis':
@@ -198,6 +200,11 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwarg
     else:
         raise ValueError('Schema %s not supported' % schema)
 
+    # do not migrate all attributes
+    for attr in entry_attrs.keys():
+        if attr in attr_blacklist:
+            del entry_attrs[attr]
+
     return dn
 
 
@@ -406,11 +413,11 @@ can use their Kerberos accounts.''')
             migrated[ldap_obj_name] = []
             failed[ldap_obj_name] = {}
 
-            # FIXME: with limits set, we get a strange 'Success' exception
             try:
                 (entries, truncated) = ds_ldap.find_entries(
-                    search_filter, ['*'], search_bases[ldap_obj_name], ds_ldap.SCOPE_ONELEVEL#,
-                    #time_limit=0, size_limit=0
+                    search_filter, ['*'], search_bases[ldap_obj_name],
+                    ds_ldap.SCOPE_ONELEVEL,
+                    time_limit=0, size_limit=-1
                 )
             except errors.NotFound:
                 if not options.get('continue',False):
@@ -483,7 +490,8 @@ can use their Kerberos accounts.''')
 
         # retrieve DS base DN
         (entries, truncated) = ds_ldap.find_entries(
-            '', ['namingcontexts'], '', ds_ldap.SCOPE_BASE
+            '', ['namingcontexts'], '', ds_ldap.SCOPE_BASE,
+            size_limit=-1, time_limit=0,
         )
         try:
             ds_base_dn = entries[0][1]['namingcontexts'][0]
-- 
cgit