[Freeipa-devel] [PATCH] 12 When migrating warn user if compat is enabled

Ondrej Hamada Thu, 16 Feb 2012 00:49:42 -0800

https://fedorahosted.org/freeipa/ticket/2274


Added check into migration plugin to warn user when compat is enabled.
If compat is enabled, the migration fails and user is warned that he
must turn the compat off or run the script with (the newly introduced)
option '--compat'.

'--compat' is just a flag, by default set to false. If it is set, thecompat check is skipped.


--
Regards,

Ondrej Hamada
FreeIPA team
jabber:oh...@jabbim.cz
IRC: ohamada

From 2b146dc28bdf35b5840cd193f59ff32db226548a Mon Sep 17 00:00:00 2001
From: Ondrej Hamada <oham...@redhat.com>
Date: Wed, 15 Feb 2012 14:56:39 +0100
Subject: [PATCH] Migration warning when compat enabled

Added check into migration plugin to warn user when compat is enabled.
If compat is enabled, the migration fails and user is warned that he
must turn the compat off or run the script with (the newly introduced)
option '--compat'.

'--compat' is new flag. If it is set, the compat status is ignored.

https://fedorahosted.org/freeipa/ticket/2274
---
 API.txt                     |    3 ++-
 ipalib/plugins/migration.py |   16 ++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletions(-)

diff --git a/API.txt b/API.txt
index 66713317c9b11057f12676c2afc7bc36d0ca3969..54573ca1ca514d048e62802667956d6bda0d3199 100644
--- a/API.txt
+++ b/API.txt
@@ -1925,7 +1925,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('value', <type 'unicode'>, None)
 command: migrate_ds
-args: 2,14,3
+args: 2,15,3
 arg: Str('ldapuri', cli_name='ldap_uri')
 arg: Password('bindpw', cli_name='password', confirm=False)
 option: Str('binddn?', autofill=True, cli_name='bind_dn', default=u'cn=directory manager')
@@ -1940,6 +1940,7 @@ option: Str('groupignoreattribute*', autofill=True, cli_name='group_ignore_attri
 option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False)
 option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307'))
 option: Flag('continue?', autofill=True, default=False)
+option: Flag('compat?', autofill=True, default=False)
 option: Str('exclude_groups*', autofill=True, cli_name='exclude_groups', csv=True, default=())
 option: Str('exclude_users*', autofill=True, cli_name='exclude_users', csv=True, default=())
 output: Output('result', <type 'dict'>, None)
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 688265fd3ea7f62bb22bf78abbc7f26e64f7470b..50254d8f34e9a1ada9b3b4bd45c2949079ccedf5 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -94,6 +94,8 @@ EXAMPLES:
        ldap://ds.example.com:389
 """)
 
+compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config"
+
 # USER MIGRATION CALLBACKS AND VARS
 
 _krb_err_msg = _('Kerberos principal %s already exists. Use \'ipa user-mod\' to set it manually.')
@@ -431,6 +433,11 @@ class migrate_ds(Command):
             doc=_('Continuous operation mode. Errors are reported but the process continues'),
             default=False,
         ),
+        Flag('compat?',
+            label=_('Ignore compat plugin'),
+            doc=_('Allows migration despite the usage of compat plugin'),
+            default=False,
+        ),
     )
 
     has_output = (
@@ -635,6 +642,12 @@ can use their Kerberos accounts.''')
         ds_ldap = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
         ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw)
 
+        #check whether the compat plugin is enabled
+        if not options.get('compat'):
+            (dn,check_compat) = ds_ldap.get_entry(compat_dn, normalize=False)
+            if check_compat is not None and check_compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
+                return dict(result={},failed={},enabled=True)
+
         # retrieve DS base DN
         (entries, truncated) = ds_ldap.find_entries(
             '', ['namingcontexts'], '', ds_ldap.SCOPE_BASE,
@@ -657,6 +670,9 @@ can use their Kerberos accounts.''')
         if not result['enabled']:
             textui.print_plain(self.migration_disabled_msg)
             return 1
+        if not result['result'] and not result['failed']:
+            textui.print_plain("Compat plugin is on. This might cause troubles during migration. Disable the compat plugin or run this script with \'--compat\' option.")
+            return 1
         textui.print_plain('Migrated:')
         textui.print_entry1(
             result['result'], attr_order=self.migrate_order,
-- 
1.7.6.5

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 12 When migrating warn user if compat is enabled

Reply via email to