diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-09-29 11:55:13 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-10-03 10:47:49 +0200 |
| commit | 56d89d39cef552336deaa8852ae62fd88c270a9b (patch) | |
| tree | b67d91b045409e085241710e2035cc23194c2cb8 /ipalib | |
| parent | 5d0fc849f4c7975be083d632a345081fd587ac75 (diff) | |
| download | freeipa-56d89d39cef552336deaa8852ae62fd88c270a9b.tar.gz freeipa-56d89d39cef552336deaa8852ae62fd88c270a9b.tar.xz freeipa-56d89d39cef552336deaa8852ae62fd88c270a9b.zip | |
migrate process cannot handle multivalued pkey attribute
When group/user is migrated, the attribute used for RDN may be
multivalued. Make sure that we pick the value used in the RDN
which should be the unique one and not just the first one.
https://fedorahosted.org/freeipa/ticket/1892
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/migration.py | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index f75612cef..93ac114d8 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -24,6 +24,7 @@ import ldap as _ldap from ipalib import api, errors, output from ipalib import Command, List, Password, Str, Flag, StrEnum from ipalib.cli import to_cli +from ipalib.dn import * if api.env.in_server and api.env.context in ['lite', 'server']: try: from ipaserver.plugins.ldap2 import ldap2 @@ -77,6 +78,7 @@ EXAMPLES: _krb_err_msg = _('Kerberos principal %s already exists. Use \'ipa user-mod\' to set it manually.') _grp_err_msg = _('Failed to add user to the default group. Use \'ipa group-add-member\' to add manually.') _ref_err_msg = _('Migration of LDAP search reference is not supported.') +_dn_err_msg = _('Malformed DN') _supported_schemas = (u'RFC2307bis', u'RFC2307') @@ -496,7 +498,21 @@ can use their Kerberos accounts.''') failed[ldap_obj_name][entry_attrs[0]] = unicode(_ref_err_msg) continue - pkey = entry_attrs[ldap_obj.primary_key.name][0].lower() + try: + dn = DN(dn) + except ValueError: + failed[ldap_obj_name][dn] = unicode(_dn_err_msg) + continue + + ava = dn[0][0] + if ava.attr == ldap_obj.primary_key.name: + # In case if pkey attribute is in the migrated object DN + # and the original LDAP is multivalued, make sure that + # we pick the correct value (the unique one stored in DN) + pkey = ava.value.lower() + else: + pkey = entry_attrs[ldap_obj.primary_key.name][0].lower() + if pkey in exclude: continue |