diff options
| author | Florence Blanc-Renaud <flo@redhat.com> | 2016-09-29 13:46:05 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-11-17 01:01:05 +0100 |
| commit | efb3700389ff46244189fa95779484eb099d63b4 (patch) | |
| tree | baf94ed279dd53abe7a1799b908fffec05cb7e19 | |
| parent | ce2bb47cca03eda1ff85f4725abb92c639f34ecc (diff) | |
| download | freeipa-efb3700389ff46244189fa95779484eb099d63b4.tar.gz freeipa-efb3700389ff46244189fa95779484eb099d63b4.tar.xz freeipa-efb3700389ff46244189fa95779484eb099d63b4.zip | |
Fix ipa migrate-ds when it finds a search reference
When ipa migrate-ds finds user entries and a search reference, it complains
that the LDAP search did not return any result and does not migrate the
entries or the groups.
The issue comes from LDAPClient._convert_result which returns an empty result
list when the input is a search reference. In turn LDAPClient.find_entries
assumes that the empty result list corresponds to a Search Result Done and
returns without any entry.
The fix examines first the objtype returned by self.conn.result3. If it is
a search result done, then the loop can be exited. Otherwise (referral or
entry), _convert_result is called and the result (if not empty) is appended
to the list of returned entries.
https://fedorahosted.org/freeipa/ticket/6358
Reviewed-By: Martin Basti <mbasti@redhat.com>
| -rw-r--r-- | ipapython/ipaldap.py | 12 | ||||
| -rw-r--r-- | ipaserver/plugins/migration.py | 3 |
2 files changed, 5 insertions, 10 deletions
diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index ed5c804dc..bbfc6f619 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -1337,7 +1337,7 @@ class LDAPClient(object): def find_entries(self, filter=None, attrs_list=None, base_dn=None, scope=ldap.SCOPE_SUBTREE, time_limit=None, - size_limit=None, search_refs=False, paged_search=False): + size_limit=None, paged_search=False): """ Return a list of entries and indication of whether the results were truncated ([(dn, entry_attrs)], truncated) matching specified search @@ -1351,8 +1351,6 @@ class LDAPClient(object): time_limit -- time limit in seconds (default unlimited) size_limit -- size (number of entries returned) limit (default unlimited) - search_refs -- allow search references to be returned - (default skips these entries) paged_search -- search using paged results control :raises: errors.NotFound if result set is empty @@ -1407,12 +1405,10 @@ class LDAPClient(object): while True: result = self.conn.result3(id, 0) objtype, res_list, _res_id, res_ctrls = result - res_list = self._convert_result(res_list) - if not res_list: + if objtype == ldap.RES_SEARCH_RESULT: break - if (objtype == ldap.RES_SEARCH_ENTRY or - (search_refs and - objtype == ldap.RES_SEARCH_REFERENCE)): + res_list = self._convert_result(res_list) + if res_list: res.append(res_list[0]) if paged_search: diff --git a/ipaserver/plugins/migration.py b/ipaserver/plugins/migration.py index 5090a2646..72abd141f 100644 --- a/ipaserver/plugins/migration.py +++ b/ipaserver/plugins/migration.py @@ -746,8 +746,7 @@ migration process might be incomplete\n''') entries, truncated = ds_ldap.find_entries( search_filter, ['*'], search_bases[ldap_obj_name], scope, - time_limit=0, size_limit=-1, - search_refs=True # migrated DS may contain search references + time_limit=0, size_limit=-1 ) except errors.NotFound: if not options.get('continue',False): |