Whoops, hit the wrong "reply".

On 06/04/2015 03:34 PM, Drew Erny wrote:
This is the same patch sort of manually rebased on the master branch. I couldn't get it to cleanly rebase using tools, so I apply my commit line-by-line; the only changes I made were pulling the "scope = _supported_scopes[options.get('scope')]" out of the for loop I'd accidentally left it in, and moving the import statement to a different spot. Everything else should be the same, excep I incremented VERSION and edited the comment.


I do have to convert to tuple, because that argument is expected to be a tuple but .keys() returns a list.


On 06/04/2015 11:35 AM, Martin Basti wrote:
On 03/06/15 20:40, Drew Erny wrote:
Hi, all,

This is an updated patch, with the code changes suggested by Martin Batsi in my test email. The biggest difference is that I had to do

>> from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE

To get access to those constants in the global scope. This seems like a fairly clean solution, but if it's a code smell, feel free to suggest improvements. This should have identical behavior to the last patch, except it will autofill scope and no longer prompt interactively.

Thanks,

Drew Erny
de...@redhat.com


Hello,

please continue discussion in the same thread :)

API.txt was changed, please update VERSION file, increment minor version +1 and edit comment there. I forgot to tell you yesterday.

Can you rebase your patch to current master?
This patch is supposed to go to IPA 4.2.

Is the tuple conversion needed?
values=tuple(_supported_scopes.keys()),

Otherwise patch looks good.

Martin^2
--
Martin Basti


From 86618b48315c366d020fd1c6611d774602fb186d Mon Sep 17 00:00:00 2001
From: Drew Erny <de...@redhat.com>
Date: Thu, 4 Jun 2015 14:02:12 -0400
Subject: [PATCH] Migration now accepts scope as argument

Adds a new option to command ipa migrate-ds, --scope=[base,onelevel,subtree]
which allows the user to specify LDAP search depth for users and groups.
'onelevel' was the hard-coded level before this patch and is still
default. Specify 'subtree' to search nested OUs for users and groups.

fedorahosted.org/freeipa/ticket/2547
---
 API.txt                     |  3 ++-
 VERSION                     |  4 ++--
 ipalib/plugins/migration.py | 19 ++++++++++++++++++-
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/API.txt b/API.txt
index c47d800b126dced80a3a90b89ac2f00b6764b836..eca4e302021316f9b02e543a9dc8b029286696cc 100644
--- a/API.txt
+++ b/API.txt
@@ -2522,7 +2522,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: migrate_ds
-args: 2,19,4
+args: 2,20,4
 arg: Str('ldapuri', cli_name='ldap_uri')
 arg: Password('bindpw', cli_name='password', confirm=False)
 option: DNParam('basedn?', cli_name='base_dn')
@@ -2538,6 +2538,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj
 option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
 option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False)
 option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307'))
+option: StrEnum('scope', autofill=True, cli_name='scope', default=u'onelevel', values=(u'base', u'subtree', u'onelevel'))
 option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True)
 option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people'))
 option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=())
diff --git a/VERSION b/VERSION
index 6f6e363eb028027f789aff84256f58488d0a7964..fe746a7f5c47f02c838763bdda6cb1c61579f6ff 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=124
-# Last change: pvoborni - added topology management commands
+IPA_API_VERSION_MINOR=125
+# Last change: derny - migration now accepts scope as argument 
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 8b7dd9ef6c5e16ef39997f04ca935c4de3e56aa9..9dced137e5e8da5336c957ed567e3f26dd01d26a 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -19,6 +19,7 @@
 
 import re
 from ldap import MOD_ADD
+from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE
 
 from ipalib import api, errors, output
 from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool
@@ -141,6 +142,10 @@ _dn_err_msg = _('Malformed DN')
 
 _supported_schemas = (u'RFC2307bis', u'RFC2307')
 
+# search scopes for users and groups when migrating
+_supported_scopes = {u'base': SCOPE_BASE, u'onelevel': SCOPE_ONELEVEL, u'subtree': SCOPE_SUBTREE}
+_default_scope = u'onelevel'
+
 
 def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs):
     assert isinstance(dn, DN)
@@ -611,6 +616,15 @@ class migrate_ds(Command):
             default=True,
             autofill=True,
         ),
+        StrEnum('scope',
+            cli_name='scope',
+            label=_('Search scope'),
+            doc=_('LDAP search scope for users and groups: base, onelevel, or '
+                  'subtree. Defaults to onelevel'),
+            values=tuple(_supported_scopes.keys()),
+            default=_default_scope,
+            autofill=True,
+        ),
     )
 
     has_output = (
@@ -705,6 +719,9 @@ can use their Kerberos accounts.''')
         failed = {} # {'OBJ': {'PKEY1': 'Failed 'cos blabla', ...}, ...}
         search_bases = self._get_search_bases(options, ds_base_dn, self.migrate_order)
         migration_start = datetime.datetime.now()
+
+        scope = _supported_scopes[options.get('scope')]
+
         for ldap_obj_name in self.migrate_order:
             ldap_obj = self.api.Object[ldap_obj_name]
 
@@ -721,7 +738,7 @@ can use their Kerberos accounts.''')
             try:
                 entries, truncated = ds_ldap.find_entries(
                     search_filter, ['*'], search_bases[ldap_obj_name],
-                    ds_ldap.SCOPE_ONELEVEL,
+                    scope,
                     time_limit=0, size_limit=-1,
                     search_refs=True    # migrated DS may contain search references
                 )
-- 
2.4.2

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to