Jakub Hrozek wrote:
On Wed, Nov 24, 2010 at 04:54:19PM -0500, Rob Crittenden wrote:
Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/22/2010 04:21 PM, Jakub Hrozek wrote:
On 11/22/2010 04:16 PM, Jakub Hrozek wrote:
The code handles it (I just ran a quick test with --schema=RFC2307bis).
It just iterates through all members of a group -- be it user member of
group member, it's just a DN for the plugin.
Jakub
Sorry, I found another bug in the plugin. I'll send a new patch shortly,
so please don't waste time reviewing this one.
New patch is attached. It fixes two more bugs of the original plugin -
determines whether a group member is a user or a nested group by
checking the DN, not just the RDN attribute name and does not hardcode
primary keys.
Will this blow up in convert_members_rfc2307bis() if a member isn't
contained in the users and groups containers? Should there be a
failsafe to skip over things that don't match (along with
appropriate reporting)?
It wouldn't blow up but add the original DN into the member attribute
which is probably worse. Thanks for catching this. I modified the patch
to log all migrated users and groups with info() and skip those that
don't match any of the containers while logging these entries with
error().
Or if one of users or groups search bases
isn't provided?
If one of them isn't provided, a default would be used.
It definitely doesn't like this:
# ipa migrate-ds --user-container=''
--group-container='cn=groups,cn=accounts' ldap://ds.example.com:389
When passed the right set of options it does seem to do the right thing.
Sorry, but I don't quite understand the "--user-container=''" switch.
Does it mean the users are rooted at the Base DN? Can you post the error
or relevant log info? Please note that the default objectclass is
person.
The empty user-container isn't related to this patch so ACK, pushed to
master.
The error I'm seeing in the Apache error log is:
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] Traceback
(most recent call last):
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/share/ipa/wsgi.py", line 27, in application
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] return
api.Backend.session(environ, start_response)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 142, in
__call__
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] return
self.route(environ, start_response)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 154, in
route
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] return
app(environ, start_response)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 234, in
__call__
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] response
= self.wsgi_execute(environ)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 211, in
wsgi_execute
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] result =
self.Command[name](*args, **options)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 417, in __call__
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] ret =
self.run(*args, **options)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 690, in run
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] return
self.execute(*args, **options)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py", line
380, in execute
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] ldap,
config, ds_ldap, ds_base_dn, options
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py", line
300, in migrate
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32]
search_filter, ['*'], search_base, ds_ldap.SCOPE_ONELEVEL#,
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, in new_f
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] return
f(*new_args, **kwargs)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 199, in new_f
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] return
args[0].decode(f(*args, **kwargs))
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 516,
in find_entries
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] base_dn =
self.normalize_dn(base_dn)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 343,
in normalize_dn
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] rdns =
explode_dn(dn)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib64/python2.6/site-packages/ldap/dn.py", line 79, in explode_dn
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] dn_decomp
= str2dn(dn,flags)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib64/python2.6/site-packages/ldap/dn.py", line 53, in str2dn
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] return
ldap.functions._ldap_function_call(_ldap.str2dn,dn,flags)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] File
"/usr/lib64/python2.6/site-packages/ldap/functions.py", line 57, in
_ldap_function_call
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] result =
func(*args,**kwargs)
[Tue Dec 07 10:38:10 2010] [error] [client 192.168.166.32] DECODING_ERROR
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
