On Sat, 2011-10-01 at 19:45 +0200, Jan Cholasta wrote: > On 29.9.2011 12:01, Martin Kosek wrote: > > When group/user is migrated, the attribute used for RDN may be > > multivalued. Make sure that we pick the value used in the RDN > > which should be the unique one and not just the first one. > > > > https://fedorahosted.org/freeipa/ticket/1892 > > > > Every time you do "import *", god kills a kitten. Also, it pollutes the > module namespace with unnecessary symbols and decreases code readability.
World is not just black and white. In this case I think its OK since ipalib/dn.py has a nice maintained __all__ list with all 3 DN related classes. Thus. I see no namespace pollution. > > I'm a bit puzzled why do you do this: > + try: > + pkey = dn[ldap_obj.primary_key.name].lower() > + except KeyError: > + failed[ldap_obj_name][str(dn)] = > unicode(_rdn_err_msg) > + continue > > and not just this: > + pkey = ava.value.lower() Good point. Updated patch attached. Martin > > Besides that, the issue seems to be fixed. > > Honza >
>From a3cf06058a32ebf03aa85d00a43fe832270f2701 Mon Sep 17 00:00:00 2001 From: Martin Kosek <[email protected]> Date: Thu, 29 Sep 2011 11:55:13 +0200 Subject: [PATCH] migrate process cannot handle multivalued pkey attribute When group/user is migrated, the attribute used for RDN may be multivalued. Make sure that we pick the value used in the RDN which should be the unique one and not just the first one. https://fedorahosted.org/freeipa/ticket/1892 --- ipalib/plugins/migration.py | 18 +++++++++++++++++- 1 files changed, 17 insertions(+), 1 deletions(-) diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index f75612cef07eb06f4747d7989ee2d5d41c3bf8bd..93ac114d8f30ec9f97dcb4bc59ee9ac39f50f4c4 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -24,6 +24,7 @@ import ldap as _ldap from ipalib import api, errors, output from ipalib import Command, List, Password, Str, Flag, StrEnum from ipalib.cli import to_cli +from ipalib.dn import * if api.env.in_server and api.env.context in ['lite', 'server']: try: from ipaserver.plugins.ldap2 import ldap2 @@ -77,6 +78,7 @@ EXAMPLES: _krb_err_msg = _('Kerberos principal %s already exists. Use \'ipa user-mod\' to set it manually.') _grp_err_msg = _('Failed to add user to the default group. Use \'ipa group-add-member\' to add manually.') _ref_err_msg = _('Migration of LDAP search reference is not supported.') +_dn_err_msg = _('Malformed DN') _supported_schemas = (u'RFC2307bis', u'RFC2307') @@ -496,7 +498,21 @@ can use their Kerberos accounts.''') failed[ldap_obj_name][entry_attrs[0]] = unicode(_ref_err_msg) continue - pkey = entry_attrs[ldap_obj.primary_key.name][0].lower() + try: + dn = DN(dn) + except ValueError: + failed[ldap_obj_name][dn] = unicode(_dn_err_msg) + continue + + ava = dn[0][0] + if ava.attr == ldap_obj.primary_key.name: + # In case if pkey attribute is in the migrated object DN + # and the original LDAP is multivalued, make sure that + # we pick the correct value (the unique one stored in DN) + pkey = ava.value.lower() + else: + pkey = entry_attrs[ldap_obj.primary_key.name][0].lower() + if pkey in exclude: continue -- 1.7.6.2
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
