On 07/26/2013 04:04 PM, Rich Megginson wrote: > On 07/26/2013 05:43 AM, Martin Kosek wrote: >> One find_entry_by_attr call did not set a search base leading to >> LDAP search call with zero search base. This leads to false negative >> results from LDAP. >> >> ---- >> >> Pushed to master, ipa-3-2 as a one-liner. > > Does the migrate code correctly handle the search return? Before it was > working fine when it got the err=32 - it just assumed the user did not already > exist. With the correct search base, the search will return err=0, and will > return no search entries, which migration should assume means the user does > not > already exist. >
Thanks for double-checking this Rich. But our LDAP library raised exception when LDAP returns no entry, I double checked this particular call I changed: >>> conn.find_entry_by_attr('krbprincipalname', 'ad...@example.com', 'krbprincipalaux', [''], DN(api.env.container_user, api.env.basedn)) LDAPEntry(ipapython.dn.DN('uid=admin,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com'), {}) >>> conn.find_entry_by_attr('krbprincipalname', 'doesnotex...@example.com', 'krbprincipalaux', [''], DN(api.env.container_user, api.env.basedn)) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1299, in find_entry_by_attr (entries, truncated) = self.find_entries(filter, attrs_list, base_dn) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1248, in find_entries raise errors.NotFound(reason='no such entry') ipalib.errors.NotFound: no such entry So the change should work correctly. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel