On 01/30/2012 09:23 AM, Simo Sorce wrote:
> On Mon, 2012-01-30 at 09:06 -0500, Rob Crittenden wrote:
>> Like I said, this  error is triggered before ignore is evaluated so
>> if 
>> an unknown binary attribute is getting decoded it will cause this 
>> failure. The only solutions we have right now is to either load the 
>> schema into IPA temporarily for the migration, rremove it on the
>> remote 
>> side or you could modify the query we make to find the remote entries
>> to 
>> pull only certain attributes. This last one would be tricky to get
>> right.
>> The code looks like:
>>                  (entries, truncated) = ds_ldap.find_entries(
>>                      search_filter, ['*'],
>> search_bases[ldap_obj_name],
>>                      ds_ldap.SCOPE_ONELEVEL,
>>                      time_limit=0, size_limit=-1,
>>                      search_refs=True    # migrated DS may contain 
>> search references
>>                  )
>> You'd want to replace ['*'] with ['attr1','attr2','attr3',...]. It
>> would 
>> be a rather long list and would need to cover both users and groups.
> TBH I think we should turn the code around and do this by default.
> We have no idea how to manage extra attributes anyway so we shouldn't
> get them all, only get those we understand. And turn the exclusion list
> into an inclusion list, so that if someone wants to import more data
> because they added additional schema to FreeIPA they are free to do so.
> The current way looks brittle.
> Simo.
Agree, we need to open a BZ and ticket on this one.

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to