When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.

https://fedorahosted.org/freeipa/ticket/4141

-- 
Martin Kosek <mko...@redhat.com>
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
From 4ecb5f85e44f2f591504bb7f0d7f9ad64ccf6115 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Mon, 27 Jan 2014 12:28:12 +0100
Subject: [PATCH] Migration does not add users to default group

When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.

https://fedorahosted.org/freeipa/ticket/4141
---
 ipalib/plugins/migration.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 83bf40dbfa4cf2310b2501c28cf095299711331d..19032248b559be48ca08d8b1a14874df4cd0988a 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -286,16 +286,19 @@ def _update_default_group(ldap, pkey, config, ctx, force):
         searchfilter = "(&(objectclass=posixAccount)(!(memberof=%s)))" % group_dn
         try:
             (result, truncated) = ldap.find_entries(searchfilter,
-                [''], api.env.container_user, scope=ldap.SCOPE_SUBTREE,
-                time_limit = -1)
+                [''], DN(api.env.container_user, api.env.basedn),
+                scope=ldap.SCOPE_SUBTREE, time_limit = -1)
         except errors.NotFound:
+            api.log.debug('All users have default group set')
             return
         new_members = []
         (group_dn, group_entry_attrs) = ldap.get_entry(group_dn, ['member'])
         for m in result:
             if m[0] not in group_entry_attrs.get('member', []):
                 new_members.append(m[0])
-        if len(new_members) > 0:
+
+        new_members_cnt = len(new_members)
+        if new_members_cnt > 0:
             members = group_entry_attrs.get('member', [])
             members.extend(new_members)
             group_entry_attrs['member'] = members
@@ -308,7 +311,8 @@ def _update_default_group(ldap, pkey, config, ctx, force):
         e = datetime.datetime.now()
         d = e - s
         mode = " (forced)" if force else ""
-        api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d))
+        api.log.debug('Adding %d users to group%s duration %s',
+                new_members_cnt, mode, d)
 
 # GROUP MIGRATION CALLBACKS AND VARS
 
-- 
1.8.4.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to