[Freeipa-devel] [PATCH] 270 Improve migration NotFound error

Mon, 04 Jun 2012 05:42:19 -0700 

When no user/group was found, migration plugin reported an ambiguous
error about invalid container. But the root cause may be for example
in a wrong list of user/group objectclasses. Report both in the error
message to avoid user confusion.

User/group objectclass attribute is now also marked as required.
Without the list of objectclasses, an invalid LDAP search is
produced.

https://fedorahosted.org/freeipa/ticket/2206


>From 802450d88f7104cae6922a8a548ba69821d526a4 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Mon, 4 Jun 2012 14:25:41 +0200
Subject: [PATCH] Improve migration NotFound error

When no user/group was found, migration plugin reported an ambiguous
error about invalid container. But the root cause may be for example
in a wrong list of user/group objectclasses. Report both in the error
message to avoid user confusion.

User/group objectclass attribute is now also marked as required.
Without the list of objectclasses, an invalid LDAP search is
produced.

https://fedorahosted.org/freeipa/ticket/2206
---
 API.txt                     |    4 ++--
 VERSION                     |    2 +-
 ipalib/plugins/migration.py |   17 ++++++++++++-----
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/API.txt b/API.txt
index ba5aa1037e5d9b8661326afe4e6f984d52cc3cc8..ba368bd6c478d3690c3b36bf559b6975e86d6e4a 100644
--- a/API.txt
+++ b/API.txt
@@ -1909,8 +1909,8 @@ arg: Password('bindpw', cli_name='password', confirm=False)
 option: Str('binddn?', autofill=True, cli_name='bind_dn', default=u'cn=directory manager')
 option: Str('usercontainer', autofill=True, cli_name='user_container', default=u'ou=people')
 option: Str('groupcontainer', autofill=True, cli_name='group_container', default=u'ou=groups')
-option: Str('userobjectclass*', autofill=True, cli_name='user_objectclass', csv=True, default=(u'person',))
-option: Str('groupobjectclass*', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
+option: Str('userobjectclass+', autofill=True, cli_name='user_objectclass', csv=True, default=(u'person',))
+option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
 option: Str('userignoreobjectclass*', autofill=True, cli_name='user_ignore_objectclass', csv=True, default=())
 option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=())
 option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_objectclass', csv=True, default=())
diff --git a/VERSION b/VERSION
index 9e14c8cf46b8d39f955be952ce62173f4d9d453c..77340e02e91c91b45e5431810aac2a5c9d6237b6 100644
--- a/VERSION
+++ b/VERSION
@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=37
+IPA_API_VERSION_MINOR=38
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index a7b0789756cc12cf976a83579fbc6bbc80cf0623..d2231c246392059f8704677426537658c701a59e 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -444,7 +444,7 @@ class migrate_ds(Command):
             default=u'ou=groups',
             autofill=True,
         ),
-        Str('userobjectclass*',
+        Str('userobjectclass+',
             cli_name='user_objectclass',
             label=_('User object class'),
             doc=_('Comma-separated list of objectclasses used to search for user entries in DS'),
@@ -452,7 +452,7 @@ class migrate_ds(Command):
             default=(u'person',),
             autofill=True,
         ),
-        Str('groupobjectclass*',
+        Str('groupobjectclass+',
             cli_name='group_objectclass',
             label=_('Group object class'),
             doc=_('Comma-separated list of objectclasses used to search for group entries in DS'),
@@ -619,8 +619,10 @@ can use their Kerberos accounts.''')
         for ldap_obj_name in self.migrate_order:
             ldap_obj = self.api.Object[ldap_obj_name]
 
-            search_filter = construct_filter(self.migrate_objects[ldap_obj_name]['filter_template'],
-                                             options[to_cli(self.migrate_objects[ldap_obj_name]['oc_option'])])
+            template = self.migrate_objects[ldap_obj_name]['filter_template']
+            oc_list = options[to_cli(self.migrate_objects[ldap_obj_name]['oc_option'])]
+            search_filter = construct_filter(template, oc_list)
+
             exclude = options['exclude_%ss' % to_cli(ldap_obj_name)]
             context = dict(ds_ldap = ds_ldap)
 
@@ -637,7 +639,12 @@ can use their Kerberos accounts.''')
             except errors.NotFound:
                 if not options.get('continue',False):
                     raise errors.NotFound(
-                        reason=_('Container for %(container)s not found at %(search_base)s') % {'container': ldap_obj_name, 'search_base': search_bases[ldap_obj_name]}
+                        reason=_('%(container)s LDAP search did not return any result '
+                                 '(search base: %(search_base)s, '
+                                 'objectclass: %(objectclass)s)'
+                                 % {'container': ldap_obj_name,
+                                    'search_base': search_bases[ldap_obj_name],
+                                    'objectclass': ', '.join(oc_list)})
                     )
                 else:
                     truncated = False
-- 
1.7.7.6


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to