URL: https://github.com/freeipa/freeipa/pull/126
Author: flo-renaud
 Title: #126: Fix ipa migrate-ds when it finds a search reference
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/126/head:pr126
git checkout pr126
From 56071a952f2121ca7d1994ab88c6b7f3631b0987 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <f...@redhat.com>
Date: Thu, 29 Sep 2016 13:46:05 +0200
Subject: [PATCH] Fix ipa migrate-ds when it finds a search reference

When ipa migrate-ds finds user entries and a search reference, it complains
that the LDAP search did not return any result and does not migrate the
entries or the groups.

The issue comes from LDAPClient._convert_result which returns an empty result
list when the input is a search reference. In turn LDAPClient.find_entries
assumes that the empty result list corresponds to a Search Result Done and
returns without any entry.

The fix examines first the objtype returned by self.conn.result3. If it is
a search result done, then the loop can be exited. Otherwise (referral or
entry), _convert_result is called and the result (if not empty) is appended
to the list of returned entries.

 ipapython/ipaldap.py           | 12 ++++--------
 ipaserver/plugins/migration.py |  3 +--
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 2dfc5b3..6feeec2 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -1315,7 +1315,7 @@ def get_entries(self, base_dn, scope=ldap.SCOPE_SUBTREE, filter=None,
     def find_entries(self, filter=None, attrs_list=None, base_dn=None,
                      scope=ldap.SCOPE_SUBTREE, time_limit=None,
-                     size_limit=None, search_refs=False, paged_search=False):
+                     size_limit=None, paged_search=False):
         Return a list of entries and indication of whether the results were
         truncated ([(dn, entry_attrs)], truncated) matching specified search
@@ -1329,8 +1329,6 @@ def find_entries(self, filter=None, attrs_list=None, base_dn=None,
         time_limit -- time limit in seconds (default unlimited)
         size_limit -- size (number of entries returned) limit
             (default unlimited)
-        search_refs -- allow search references to be returned
-            (default skips these entries)
         paged_search -- search using paged results control
         :raises: errors.NotFound if result set is empty
@@ -1385,12 +1383,10 @@ def find_entries(self, filter=None, attrs_list=None, base_dn=None,
                     while True:
                         result = self.conn.result3(id, 0)
                         objtype, res_list, res_id, res_ctrls = result
-                        res_list = self._convert_result(res_list)
-                        if not res_list:
+                        if objtype == ldap.RES_SEARCH_RESULT:
-                        if (objtype == ldap.RES_SEARCH_ENTRY or
-                                (search_refs and
-                                    objtype == ldap.RES_SEARCH_REFERENCE)):
+                        res_list = self._convert_result(res_list)
+                        if res_list:
                     if paged_search:
diff --git a/ipaserver/plugins/migration.py b/ipaserver/plugins/migration.py
index b1fcdea..a08ce4c 100644
--- a/ipaserver/plugins/migration.py
+++ b/ipaserver/plugins/migration.py
@@ -749,8 +749,7 @@ def migrate(self, ldap, config, ds_ldap, ds_base_dn, options):
                 entries, truncated = ds_ldap.find_entries(
                     search_filter, ['*'], search_bases[ldap_obj_name],
-                    time_limit=0, size_limit=-1,
-                    search_refs=True    # migrated DS may contain search references
+                    time_limit=0, size_limit=-1
             except errors.NotFound:
                 if not options.get('continue',False):
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to