On 07/28/2016 10:56 AM, Martin Babinsky wrote:
Fixes https://fedorahosted.org/freeipa/ticket/6101

I have also noticed that the principal aliases are not preserved during
migration from FreeIPA 4.4.

That, however, requires more powerful runes to transform the realm of
all values and warrants a separate ticket if we even want to support
migration of user aliases.



Hi Martin,

thanks for your patch. From a technical standpoint, it looks good to me as I tested the following scenarios:

1/ without --user-ignore-attribute
- call ipa migrate-ds without specifying any attributes to ignore
The user entries are migrated, and contain a migrated krbprincipalname and krbcanonicalname. At this point kinit fails but this is expected as the krb attributes were not re-generated. Login to the web https://hostname/ipa/ui also fails as expected.
- login to https://hostname/ipa/migration with the user credentials
- perform kinit => OK
- login to https://hostname/ipa/ui => OK

2/ with --user-ignore-attribute={krbPrincipalName,krbextradata,...} as explained in the Migration page [1]
At this point kinit fails as expected, as well as login to the web ipa/ui.
- login to https://hostname/ipa/migration with the user credentials
- perform kinit => OK
- login to https://hostname/ipa/ui => OK


But the patch produces new pep8 complaints:
./ipaserver/plugins/migration.py:39:1: E402 module level import not at top of file

Flo.

----
[1] https://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to