On 01/28/2014 02:18 PM, Petr Viktorin wrote:
> On 01/27/2014 12:32 PM, Martin Kosek wrote:
>> When users with missing default group were searched, IPA suffix was
>> not passed so these users were searched in a wrong base DN. Thus,
>> no user was detected and added to default group.
>>
>> https://fedorahosted.org/freeipa/ticket/4141
>
> This needs a rebase for the new LDAP API.
I tested primarily on ipa-3-3 branch, I will rebase when acked.
> I don't see the need for the second change, caching of len(new_members). On
> lists, len() is extremely fast.
> If you want to optimize, convert the list of existing members to a set before
> the for loop, instead of getting it from the entry and using the `in` operator
> (which is O(N) on lists) every time.
Makes sense, done.
>
>
> Nitpicks:
>
> Instead of "if len(container) > 0:" you should just use "if container:" (see
> PEP8).
Fixed.
>
> Instead of:
> members = group_entry_attrs.get('member', [])
> ...
> group_entry_attrs['member'] = members
> you can use:
> members = group_entry_attrs.setdefault('member', [])
> ...
Fixed.
New patch attached (tested).
Martin
From 77adc17f6ac6be5eb21c3a4658812c5172e456a4 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Mon, 27 Jan 2014 12:28:12 +0100
Subject: [PATCH] Migration does not add users to default group
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.
https://fedorahosted.org/freeipa/ticket/4141
---
ipalib/plugins/migration.py | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 83bf40dbfa4cf2310b2501c28cf095299711331d..0ed65f7015f458aa1cf96efb0e36e28c5019cbd2 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -286,19 +286,21 @@ def _update_default_group(ldap, pkey, config, ctx, force):
searchfilter = "(&(objectclass=posixAccount)(!(memberof=%s)))" % group_dn
try:
(result, truncated) = ldap.find_entries(searchfilter,
- [''], api.env.container_user, scope=ldap.SCOPE_SUBTREE,
- time_limit = -1)
+ [''], DN(api.env.container_user, api.env.basedn),
+ scope=ldap.SCOPE_SUBTREE, time_limit = -1)
except errors.NotFound:
+ api.log.debug('All users have default group set')
return
new_members = []
(group_dn, group_entry_attrs) = ldap.get_entry(group_dn, ['member'])
+ existing_members = set(group_entry_attrs.get('member', []))
for m in result:
- if m[0] not in group_entry_attrs.get('member', []):
+ if m[0] not in existing_members:
new_members.append(m[0])
- if len(new_members) > 0:
- members = group_entry_attrs.get('member', [])
+
+ if new_members:
+ members = group_entry_attrs.setdefault('member', [])
members.extend(new_members)
- group_entry_attrs['member'] = members
try:
ldap.update_entry(group_dn, group_entry_attrs)
@@ -308,7 +310,8 @@ def _update_default_group(ldap, pkey, config, ctx, force):
e = datetime.datetime.now()
d = e - s
mode = " (forced)" if force else ""
- api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d))
+ api.log.debug('Adding %d users to group%s duration %s',
+ len(new_members), mode, d)
# GROUP MIGRATION CALLBACKS AND VARS
--
1.8.5.3
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
