Whoops, hit the wrong "reply".

On 06/04/2015 03:34 PM, Drew Erny wrote:
This is the same patch sort of manually rebased on the master branch. I couldn't get it to cleanly rebase using tools, so I apply my commit line-by-line; the only changes I made were pulling the "scope = _supported_scopes[options.get('scope')]" out of the for loop I'd accidentally left it in, and moving the import statement to a different spot. Everything else should be the same, excep I incremented VERSION and edited the comment.

I do have to convert to tuple, because that argument is expected to be a tuple but .keys() returns a list.

On 06/04/2015 11:35 AM, Martin Basti wrote:
On 03/06/15 20:40, Drew Erny wrote:
Hi, all,

This is an updated patch, with the code changes suggested by Martin Batsi in my test email. The biggest difference is that I had to do


To get access to those constants in the global scope. This seems like a fairly clean solution, but if it's a code smell, feel free to suggest improvements. This should have identical behavior to the last patch, except it will autofill scope and no longer prompt interactively.


Drew Erny


please continue discussion in the same thread :)

API.txt was changed, please update VERSION file, increment minor version +1 and edit comment there. I forgot to tell you yesterday.

Can you rebase your patch to current master?
This patch is supposed to go to IPA 4.2.

Is the tuple conversion needed?

Otherwise patch looks good.

Martin Basti

From 86618b48315c366d020fd1c6611d774602fb186d Mon Sep 17 00:00:00 2001
From: Drew Erny <de...@redhat.com>
Date: Thu, 4 Jun 2015 14:02:12 -0400
Subject: [PATCH] Migration now accepts scope as argument

Adds a new option to command ipa migrate-ds, --scope=[base,onelevel,subtree]
which allows the user to specify LDAP search depth for users and groups.
'onelevel' was the hard-coded level before this patch and is still
default. Specify 'subtree' to search nested OUs for users and groups.

 API.txt                     |  3 ++-
 VERSION                     |  4 ++--
 ipalib/plugins/migration.py | 19 ++++++++++++++++++-
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/API.txt b/API.txt
index c47d800b126dced80a3a90b89ac2f00b6764b836..eca4e302021316f9b02e543a9dc8b029286696cc 100644
--- a/API.txt
+++ b/API.txt
@@ -2522,7 +2522,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: migrate_ds
-args: 2,19,4
+args: 2,20,4
 arg: Str('ldapuri', cli_name='ldap_uri')
 arg: Password('bindpw', cli_name='password', confirm=False)
 option: DNParam('basedn?', cli_name='base_dn')
@@ -2538,6 +2538,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj
 option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
 option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False)
 option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307'))
+option: StrEnum('scope', autofill=True, cli_name='scope', default=u'onelevel', values=(u'base', u'subtree', u'onelevel'))
 option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True)
 option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people'))
 option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=())
diff --git a/VERSION b/VERSION
index 6f6e363eb028027f789aff84256f58488d0a7964..fe746a7f5c47f02c838763bdda6cb1c61579f6ff 100644
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
-# Last change: pvoborni - added topology management commands
+# Last change: derny - migration now accepts scope as argument 
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 8b7dd9ef6c5e16ef39997f04ca935c4de3e56aa9..9dced137e5e8da5336c957ed567e3f26dd01d26a 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -19,6 +19,7 @@
 import re
 from ldap import MOD_ADD
 from ipalib import api, errors, output
 from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool
@@ -141,6 +142,10 @@ _dn_err_msg = _('Malformed DN')
 _supported_schemas = (u'RFC2307bis', u'RFC2307')
+# search scopes for users and groups when migrating
+_supported_scopes = {u'base': SCOPE_BASE, u'onelevel': SCOPE_ONELEVEL, u'subtree': SCOPE_SUBTREE}
+_default_scope = u'onelevel'
 def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs):
     assert isinstance(dn, DN)
@@ -611,6 +616,15 @@ class migrate_ds(Command):
+        StrEnum('scope',
+            cli_name='scope',
+            label=_('Search scope'),
+            doc=_('LDAP search scope for users and groups: base, onelevel, or '
+                  'subtree. Defaults to onelevel'),
+            values=tuple(_supported_scopes.keys()),
+            default=_default_scope,
+            autofill=True,
+        ),
     has_output = (
@@ -705,6 +719,9 @@ can use their Kerberos accounts.''')
         failed = {} # {'OBJ': {'PKEY1': 'Failed 'cos blabla', ...}, ...}
         search_bases = self._get_search_bases(options, ds_base_dn, self.migrate_order)
         migration_start = datetime.datetime.now()
+        scope = _supported_scopes[options.get('scope')]
         for ldap_obj_name in self.migrate_order:
             ldap_obj = self.api.Object[ldap_obj_name]
@@ -721,7 +738,7 @@ can use their Kerberos accounts.''')
                 entries, truncated = ds_ldap.find_entries(
                     search_filter, ['*'], search_bases[ldap_obj_name],
-                    ds_ldap.SCOPE_ONELEVEL,
+                    scope,
                     time_limit=0, size_limit=-1,
                     search_refs=True    # migrated DS may contain search references

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to