Whoops, hit the wrong "reply".
On 06/04/2015 03:34 PM, Drew Erny wrote:
This is the same patch sort of manually rebased on the master branch.
I couldn't get it to cleanly rebase using tools, so I apply my commit
line-by-line; the only changes I made were pulling the "scope =
_supported_scopes[options.get('scope')]" out of the for loop I'd
accidentally left it in, and moving the import statement to a
different spot. Everything else should be the same, excep I
incremented VERSION and edited the comment.
I do have to convert to tuple, because that argument is expected to be
a tuple but .keys() returns a list.
On 06/04/2015 11:35 AM, Martin Basti wrote:
On 03/06/15 20:40, Drew Erny wrote:
Hi, all,
This is an updated patch, with the code changes suggested by Martin
Batsi in my test email. The biggest difference is that I had to do
>> from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE
To get access to those constants in the global scope. This seems
like a fairly clean solution, but if it's a code smell, feel free to
suggest improvements. This should have identical behavior to the
last patch, except it will autofill scope and no longer prompt
interactively.
Thanks,
Drew Erny
de...@redhat.com
Hello,
please continue discussion in the same thread :)
API.txt was changed, please update VERSION file, increment minor
version +1 and edit comment there. I forgot to tell you yesterday.
Can you rebase your patch to current master?
This patch is supposed to go to IPA 4.2.
Is the tuple conversion needed?
values=tuple(_supported_scopes.keys()),
Otherwise patch looks good.
Martin^2
--
Martin Basti
From 86618b48315c366d020fd1c6611d774602fb186d Mon Sep 17 00:00:00 2001
From: Drew Erny <de...@redhat.com>
Date: Thu, 4 Jun 2015 14:02:12 -0400
Subject: [PATCH] Migration now accepts scope as argument
Adds a new option to command ipa migrate-ds, --scope=[base,onelevel,subtree]
which allows the user to specify LDAP search depth for users and groups.
'onelevel' was the hard-coded level before this patch and is still
default. Specify 'subtree' to search nested OUs for users and groups.
fedorahosted.org/freeipa/ticket/2547
---
API.txt | 3 ++-
VERSION | 4 ++--
ipalib/plugins/migration.py | 19 ++++++++++++++++++-
3 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/API.txt b/API.txt
index c47d800b126dced80a3a90b89ac2f00b6764b836..eca4e302021316f9b02e543a9dc8b029286696cc 100644
--- a/API.txt
+++ b/API.txt
@@ -2522,7 +2522,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: PrimaryKey('value', None, None)
command: migrate_ds
-args: 2,19,4
+args: 2,20,4
arg: Str('ldapuri', cli_name='ldap_uri')
arg: Password('bindpw', cli_name='password', confirm=False)
option: DNParam('basedn?', cli_name='base_dn')
@@ -2538,6 +2538,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj
option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False)
option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307'))
+option: StrEnum('scope', autofill=True, cli_name='scope', default=u'onelevel', values=(u'base', u'subtree', u'onelevel'))
option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True)
option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people'))
option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=())
diff --git a/VERSION b/VERSION
index 6f6e363eb028027f789aff84256f58488d0a7964..fe746a7f5c47f02c838763bdda6cb1c61579f6ff 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=124
-# Last change: pvoborni - added topology management commands
+IPA_API_VERSION_MINOR=125
+# Last change: derny - migration now accepts scope as argument
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 8b7dd9ef6c5e16ef39997f04ca935c4de3e56aa9..9dced137e5e8da5336c957ed567e3f26dd01d26a 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -19,6 +19,7 @@
import re
from ldap import MOD_ADD
+from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE
from ipalib import api, errors, output
from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool
@@ -141,6 +142,10 @@ _dn_err_msg = _('Malformed DN')
_supported_schemas = (u'RFC2307bis', u'RFC2307')
+# search scopes for users and groups when migrating
+_supported_scopes = {u'base': SCOPE_BASE, u'onelevel': SCOPE_ONELEVEL, u'subtree': SCOPE_SUBTREE}
+_default_scope = u'onelevel'
+
def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs):
assert isinstance(dn, DN)
@@ -611,6 +616,15 @@ class migrate_ds(Command):
default=True,
autofill=True,
),
+ StrEnum('scope',
+ cli_name='scope',
+ label=_('Search scope'),
+ doc=_('LDAP search scope for users and groups: base, onelevel, or '
+ 'subtree. Defaults to onelevel'),
+ values=tuple(_supported_scopes.keys()),
+ default=_default_scope,
+ autofill=True,
+ ),
)
has_output = (
@@ -705,6 +719,9 @@ can use their Kerberos accounts.''')
failed = {} # {'OBJ': {'PKEY1': 'Failed 'cos blabla', ...}, ...}
search_bases = self._get_search_bases(options, ds_base_dn, self.migrate_order)
migration_start = datetime.datetime.now()
+
+ scope = _supported_scopes[options.get('scope')]
+
for ldap_obj_name in self.migrate_order:
ldap_obj = self.api.Object[ldap_obj_name]
@@ -721,7 +738,7 @@ can use their Kerberos accounts.''')
try:
entries, truncated = ds_ldap.find_entries(
search_filter, ['*'], search_bases[ldap_obj_name],
- ds_ldap.SCOPE_ONELEVEL,
+ scope,
time_limit=0, size_limit=-1,
search_refs=True # migrated DS may contain search references
)
--
2.4.2
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code