URL: https://github.com/freeipa/freeipa/pull/126 Author: flo-renaud Title: #126: Fix ipa migrate-ds when it finds a search reference Action: opened
PR body: """ When ipa migrate-ds finds user entries and a search reference, it complains that the LDAP search did not return any result and does not migrate the entries or the groups. The issue comes from LDAPClient._convert_result which returns an empty result list when the input is a search reference. In turn LDAPClient.find_entries assumes that the empty result list corresponds to a Search Result Done and returns without any entry. The fix is to return a LDAPUrl inside _convert_result and properly process LDAPUrl in find_entries. https://fedorahosted.org/freeipa/ticket/6358 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/126/head:pr126 git checkout pr126
From 1996aed2da149fed87f6d64ba439bb99a0a03c0c Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Thu, 29 Sep 2016 13:46:05 +0200 Subject: [PATCH] Fix ipa migrate-ds when it finds a search reference When ipa migrate-ds finds user entries and a search reference, it complains that the LDAP search did not return any result and does not migrate the entries or the groups. The issue comes from LDAPClient._convert_result which returns an empty result list when the input is a search reference. In turn LDAPClient.find_entries assumes that the empty result list corresponds to a Search Result Done and returns without any entry. The fix is to return a LDAPUrl inside _convert_result and properly process LDAPUrl in find_entries. https://fedorahosted.org/freeipa/ticket/6358 --- ipapython/ipaldap.py | 15 ++++++++++----- ipaserver/plugins/migration.py | 6 ++++++ 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 2dfc5b3..4110121 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -906,7 +906,7 @@ def decode(self, val, attr): else: raise TypeError("attempt to pass unsupported type from ldap, value=%s type=%s" %(val, type(val))) - def _convert_result(self, result): + def _convert_result(self, result, search_refs=False): ''' result is a python-ldap result tuple of the form (dn, attrs), where dn is a string containing the dn (distinguished name) of @@ -924,10 +924,15 @@ def _convert_result(self, result): # original_dn is None if referral instead of an entry was # returned from the LDAP server, we need to skip this item + # if search_refs=False + # otherwise convert the ref to a LDAPUrl if original_dn is None: - log_msg = 'Referral entry ignored: {ref}'\ - .format(ref=str(original_attrs)) - self.log.debug(log_msg) + if search_refs: + ipa_result.append(ldapurl.LDAPUrl(original_attrs[0])) + else: + log_msg = 'Referral entry ignored: {ref}'\ + .format(ref=str(original_attrs)) + self.log.debug(log_msg) continue @@ -1385,7 +1390,7 @@ def find_entries(self, filter=None, attrs_list=None, base_dn=None, while True: result = self.conn.result3(id, 0) objtype, res_list, res_id, res_ctrls = result - res_list = self._convert_result(res_list) + res_list = self._convert_result(res_list, search_refs) if not res_list: break if (objtype == ldap.RES_SEARCH_ENTRY or diff --git a/ipaserver/plugins/migration.py b/ipaserver/plugins/migration.py index b1fcdea..425e693 100644 --- a/ipaserver/plugins/migration.py +++ b/ipaserver/plugins/migration.py @@ -20,6 +20,7 @@ import re from ldap import MOD_ADD from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE +import ldapurl import six @@ -800,6 +801,11 @@ def migrate(self, ldap, config, ds_ldap, ds_base_dn, options): context['migrate_cnt'] = migrate_cnt s = datetime.datetime.now() + if isinstance(entry_attrs, ldapurl.LDAPUrl): + failed[ldap_obj_name][str(entry_attrs)] = unicode( + _ref_err_msg) + continue + ava = entry_attrs.dn[0][0] if ava.attr == ldap_obj.primary_key.name: # In case if pkey attribute is in the migrated object DN
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
