Martin Kosek wrote:
On Wed, 2011-10-05 at 13:44 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
Since IPA v2 server already contain predefined groups that may collide
with groups in migrated (IPA v1) server (for example admins, ipausers),
users having colliding group as their primary group may happen to belong
to an unknown group on new IPA v2 server.
Implement --group-overwrite-gid option to overwrite GID of already
existing groups to prevent this issue.
https://fedorahosted.org/freeipa/ticket/1866
For argument's sake, what is the user going to see the first time they
run this? I assume they won't think about these duplicate groups and
just do the migration. This means that the result may be some users
pointing to non-existent GIDs.
At first I was thinking about making the GID the default behavior and
just add flag "--dont-overwrite-gid. But I was afraid this could do some
damage and change GIDs where it is not required. However, I made some
improvements in this area, please see below.
If they re-run the migration with this option will it then fix
everything up?
Yep.
I'm wondering if we need a --test argument so people can run the
migration w/o writing entries to look for problems like this.
rob
If we want to do this, we would have to add a lot of LDAP query checks
since mostly try doing the LDAP write and write failures in case of an
exception.
However, I updated the patch so that user is notified about existence of
--group-overwrite-gid option better. If a migration of a group with a
GID number fails because of DuplicateError, a notice about GID is
displayed. This should make him check this situation and either use
group-mod --gidnumber=... or re-run the migration with
--group-overwrite-gid.
I also updated the Password option not to ask user for LDAP password
twice, because it makes me really mad :-)
Martin
# ipa migrate-ds ldap://panther.greyoak.com
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts
--user-ignore-objectclass=radiusprofile
Password:
ipa: ERROR: an internal error has occurred
[Thu Oct 06 21:28:49 2011] [error] ipa: ERROR: non-public: TypeError:
_post_migrate_user() got an unexpected keyword argument 'options'
[Thu Oct 06 21:28:49 2011] [error] Traceback (most recent call last):
[Thu Oct 06 21:28:49 2011] [error] File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 223, in
wsgi_execute
[Thu Oct 06 21:28:49 2011] [error] result =
self.Command[name](*args, **options)
[Thu Oct 06 21:28:49 2011] [error] File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 432, in __call__
[Thu Oct 06 21:28:49 2011] [error] ret = self.run(*args, **options)
[Thu Oct 06 21:28:49 2011] [error] File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 738, in run
[Thu Oct 06 21:28:49 2011] [error] return self.execute(*args, **options)
[Thu Oct 06 21:28:49 2011] [error] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py", line
633, in execute
[Thu Oct 06 21:28:49 2011] [error] ldap, config, ds_ldap,
ds_base_dn, options
[Thu Oct 06 21:28:49 2011] [error] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py", line
602, in migrate
[Thu Oct 06 21:28:49 2011] [error] options = options,
[Thu Oct 06 21:28:49 2011] [error] TypeError: _post_migrate_user() got
an unexpected keyword argument 'options'
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
