One find_entry_by_attr call did not set a search base leading to
LDAP search call with zero search base. This leads to false negative
results from LDAP.

----

Pushed to master, ipa-3-2 as a one-liner.

Martin
From b9afa0e5aa730260d75cd11649258686ac6adea8 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Fri, 26 Jul 2013 13:39:42 +0200
Subject: [PATCH] Use valid LDAP search base in migration plugin

One find_entry_by_attr call did not set a search base leading to
LDAP search call with zero search base. This leads to false negative
results from LDAP.
---
 ipalib/plugins/migration.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index f57f0957e31be9ab92d6ddc855d4aec3456c1449..83bf40dbfa4cf2310b2501c28cf095299711331d 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -207,7 +207,8 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
     principal = u'%s@%s' % (pkey, api.env.realm)
     try:
         ldap.find_entry_by_attr(
-            'krbprincipalname', principal, 'krbprincipalaux', ['']
+            'krbprincipalname', principal, 'krbprincipalaux', [''],
+            DN(api.env.container_user, api.env.basedn)
         )
     except errors.NotFound:
         entry_attrs['krbprincipalname'] = principal
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to