On 01/28/2014 02:18 PM, Petr Viktorin wrote: > On 01/27/2014 12:32 PM, Martin Kosek wrote: >> When users with missing default group were searched, IPA suffix was >> not passed so these users were searched in a wrong base DN. Thus, >> no user was detected and added to default group. >> >> https://fedorahosted.org/freeipa/ticket/4141 > > This needs a rebase for the new LDAP API.
I tested primarily on ipa-3-3 branch, I will rebase when acked. > I don't see the need for the second change, caching of len(new_members). On > lists, len() is extremely fast. > If you want to optimize, convert the list of existing members to a set before > the for loop, instead of getting it from the entry and using the `in` operator > (which is O(N) on lists) every time. Makes sense, done. > > > Nitpicks: > > Instead of "if len(container) > 0:" you should just use "if container:" (see > PEP8). Fixed. > > Instead of: > members = group_entry_attrs.get('member', []) > ... > group_entry_attrs['member'] = members > you can use: > members = group_entry_attrs.setdefault('member', []) > ... Fixed. New patch attached (tested). Martin
From 77adc17f6ac6be5eb21c3a4658812c5172e456a4 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Mon, 27 Jan 2014 12:28:12 +0100 Subject: [PATCH] Migration does not add users to default group When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 --- ipalib/plugins/migration.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 83bf40dbfa4cf2310b2501c28cf095299711331d..0ed65f7015f458aa1cf96efb0e36e28c5019cbd2 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -286,19 +286,21 @@ def _update_default_group(ldap, pkey, config, ctx, force): searchfilter = "(&(objectclass=posixAccount)(!(memberof=%s)))" % group_dn try: (result, truncated) = ldap.find_entries(searchfilter, - [''], api.env.container_user, scope=ldap.SCOPE_SUBTREE, - time_limit = -1) + [''], DN(api.env.container_user, api.env.basedn), + scope=ldap.SCOPE_SUBTREE, time_limit = -1) except errors.NotFound: + api.log.debug('All users have default group set') return new_members = [] (group_dn, group_entry_attrs) = ldap.get_entry(group_dn, ['member']) + existing_members = set(group_entry_attrs.get('member', [])) for m in result: - if m[0] not in group_entry_attrs.get('member', []): + if m[0] not in existing_members: new_members.append(m[0]) - if len(new_members) > 0: - members = group_entry_attrs.get('member', []) + + if new_members: + members = group_entry_attrs.setdefault('member', []) members.extend(new_members) - group_entry_attrs['member'] = members try: ldap.update_entry(group_dn, group_entry_attrs) @@ -308,7 +310,8 @@ def _update_default_group(ldap, pkey, config, ctx, force): e = datetime.datetime.now() d = e - s mode = " (forced)" if force else "" - api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d)) + api.log.debug('Adding %d users to group%s duration %s', + len(new_members), mode, d) # GROUP MIGRATION CALLBACKS AND VARS -- 1.8.5.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel