diff options
| author | Drew Erny <derny@redhat.com> | 2015-06-04 14:02:12 -0400 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2015-06-05 19:31:18 +0200 |
| commit | a57998f51eb8b62052fe021a68503eed4714c6d3 (patch) | |
| tree | 14631f1a97bbeb2ff39a3af87e2af9b66e5d71a8 /ipalib | |
| parent | 13700d9d3f9abd25c80af5edf406e7057e04f318 (diff) | |
| download | freeipa-a57998f51eb8b62052fe021a68503eed4714c6d3.tar.gz freeipa-a57998f51eb8b62052fe021a68503eed4714c6d3.tar.xz freeipa-a57998f51eb8b62052fe021a68503eed4714c6d3.zip | |
Migration now accepts scope as argument
Adds a new option to command ipa migrate-ds, --scope=[base,onelevel,subtree]
which allows the user to specify LDAP search depth for users and groups.
'onelevel' was the hard-coded level before this patch and is still
default. Specify 'subtree' to search nested OUs for users and groups.
https://fedorahosted.org/freeipa/ticket/2547
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/migration.py | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 8b7dd9ef6..9dced137e 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -19,6 +19,7 @@ import re from ldap import MOD_ADD +from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE from ipalib import api, errors, output from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool @@ -141,6 +142,10 @@ _dn_err_msg = _('Malformed DN') _supported_schemas = (u'RFC2307bis', u'RFC2307') +# search scopes for users and groups when migrating +_supported_scopes = {u'base': SCOPE_BASE, u'onelevel': SCOPE_ONELEVEL, u'subtree': SCOPE_SUBTREE} +_default_scope = u'onelevel' + def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs): assert isinstance(dn, DN) @@ -611,6 +616,15 @@ class migrate_ds(Command): default=True, autofill=True, ), + StrEnum('scope', + cli_name='scope', + label=_('Search scope'), + doc=_('LDAP search scope for users and groups: base, onelevel, or ' + 'subtree. Defaults to onelevel'), + values=tuple(_supported_scopes.keys()), + default=_default_scope, + autofill=True, + ), ) has_output = ( @@ -705,6 +719,9 @@ can use their Kerberos accounts.''') failed = {} # {'OBJ': {'PKEY1': 'Failed 'cos blabla', ...}, ...} search_bases = self._get_search_bases(options, ds_base_dn, self.migrate_order) migration_start = datetime.datetime.now() + + scope = _supported_scopes[options.get('scope')] + for ldap_obj_name in self.migrate_order: ldap_obj = self.api.Object[ldap_obj_name] @@ -721,7 +738,7 @@ can use their Kerberos accounts.''') try: entries, truncated = ds_ldap.find_entries( search_filter, ['*'], search_bases[ldap_obj_name], - ds_ldap.SCOPE_ONELEVEL, + scope, time_limit=0, size_limit=-1, search_refs=True # migrated DS may contain search references ) |