From efb3700389ff46244189fa95779484eb099d63b4 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Thu, 29 Sep 2016 13:46:05 +0200
Subject: Fix ipa migrate-ds when it finds a search reference

When ipa migrate-ds finds user entries and a search reference, it complains
that the LDAP search did not return any result and does not migrate the
entries or the groups.

The issue comes from LDAPClient._convert_result which returns an empty result
list when the input is a search reference. In turn LDAPClient.find_entries
assumes that the empty result list corresponds to a Search Result Done and
returns without any entry.

The fix examines first the objtype returned by self.conn.result3. If it is
a search result done, then the loop can be exited. Otherwise (referral or
entry), _convert_result is called and the result (if not empty) is appended
to the list of returned entries.

https://fedorahosted.org/freeipa/ticket/6358

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipapython/ipaldap.py | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

(limited to 'ipapython')

diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index ed5c804dc..bbfc6f619 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -1337,7 +1337,7 @@ class LDAPClient(object):
 
     def find_entries(self, filter=None, attrs_list=None, base_dn=None,
                      scope=ldap.SCOPE_SUBTREE, time_limit=None,
-                     size_limit=None, search_refs=False, paged_search=False):
+                     size_limit=None, paged_search=False):
         """
         Return a list of entries and indication of whether the results were
         truncated ([(dn, entry_attrs)], truncated) matching specified search
@@ -1351,8 +1351,6 @@ class LDAPClient(object):
         time_limit -- time limit in seconds (default unlimited)
         size_limit -- size (number of entries returned) limit
             (default unlimited)
-        search_refs -- allow search references to be returned
-            (default skips these entries)
         paged_search -- search using paged results control
 
         :raises: errors.NotFound if result set is empty
@@ -1407,12 +1405,10 @@ class LDAPClient(object):
                     while True:
                         result = self.conn.result3(id, 0)
                         objtype, res_list, _res_id, res_ctrls = result
-                        res_list = self._convert_result(res_list)
-                        if not res_list:
+                        if objtype == ldap.RES_SEARCH_RESULT:
                             break
-                        if (objtype == ldap.RES_SEARCH_ENTRY or
-                                (search_refs and
-                                    objtype == ldap.RES_SEARCH_REFERENCE)):
+                        res_list = self._convert_result(res_list)
+                        if res_list:
                             res.append(res_list[0])
 
                     if paged_search:
-- 
cgit