On 02/06/15 22:32, Drew Erny wrote:
Sorry, the email address on that patch is wrong. It picked the old one off my personal box when I migrated my dotfiles. I don't know if that's important, but if the merger could s/dpe...@crimson.ua.edu/de...@redhat.com/g, that would be better. Sorry about that, I'll fix it in my next patch.

On 06/02/2015 04:23 PM, Drew Erny wrote:
Hi, all,

This is my first patch, which fixes Ticket #2547 at https://fedorahosted.org/freeipa/ticket/2547

It introduces a --scope option to "ipa migrate-ds" which allows the user to specify the search depth of a migration. The previous default behavior is the same as --scope=onelevel. To search nested OUs, the user uses --scope=subtree. --scope=base will cause the migrate script not to find anything, but has been included for completeness. Any other option is invalid and will cause the command to abort.

Please review this one carefully, because I'm only like 98% confident it doesn't break anything. The only thing I'm not sure about is that if you run ipa migrate-ds without --scope specified, it gives an interactive input for that option; I'm not sure if it's supposed to do that.


Drew Erny


thank you for your patch.

Please don't use backslash

+ doc=_('LDAP search scope for users and groups: base, onelevel, or '\
+                  'subtree. Defaults to onelevel'),

You can use dictionary:

_default_scope = 'onelevel'  # I do not like hardcoded index there
_supported_scopes = {'base': ldap.SCOPE_BASE, _default_scope: ldap.SCOPE_ONELEVEL, ...}


scope = _supported_scopes[options.get('scope', _default_scope)] # or autofill=True should be in StrEnum param for scope instead, I'm not sure, you must test it :-)

3) do not forget to change the email

PS: I did not test the code, it is just example.


Martin Basti

