Re: [Freeipa-devel] [PATCH] 454 Migration does not add users to default group
On 01/31/2014 10:22 AM, Martin Kosek wrote: On 01/28/2014 02:18 PM, Petr Viktorin wrote: On 01/27/2014 12:32 PM, Martin Kosek wrote: When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 This needs a rebase for the new LDAP API. I tested primarily on ipa-3-3 branch, I will rebase when acked. I don't see the need for the second change, caching of len(new_members). On lists, len() is extremely fast. If you want to optimize, convert the list of existing members to a set before the for loop, instead of getting it from the entry and using the `in` operator (which is O(N) on lists) every time. Makes sense, done. Nitpicks: Instead of if len(container) 0: you should just use if container: (see PEP8). Fixed. Instead of: members = group_entry_attrs.get('member', []) ... group_entry_attrs['member'] = members you can use: members = group_entry_attrs.setdefault('member', []) ... Fixed. New patch attached (tested). Martin Works fine, ACK. You can rebase to master now. -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 454 Migration does not add users to default group
On 02/05/2014 03:25 PM, Petr Viktorin wrote: On 01/31/2014 10:22 AM, Martin Kosek wrote: On 01/28/2014 02:18 PM, Petr Viktorin wrote: On 01/27/2014 12:32 PM, Martin Kosek wrote: When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 This needs a rebase for the new LDAP API. I tested primarily on ipa-3-3 branch, I will rebase when acked. I don't see the need for the second change, caching of len(new_members). On lists, len() is extremely fast. If you want to optimize, convert the list of existing members to a set before the for loop, instead of getting it from the entry and using the `in` operator (which is O(N) on lists) every time. Makes sense, done. Nitpicks: Instead of if len(container) 0: you should just use if container: (see PEP8). Fixed. Instead of: members = group_entry_attrs.get('member', []) ... group_entry_attrs['member'] = members you can use: members = group_entry_attrs.setdefault('member', []) ... Fixed. New patch attached (tested). Martin Works fine, ACK. You can rebase to master now. Rebased the patch to master and pushed to master, ipa-3-3. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 454 Migration does not add users to default group
On 01/28/2014 02:18 PM, Petr Viktorin wrote: On 01/27/2014 12:32 PM, Martin Kosek wrote: When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 This needs a rebase for the new LDAP API. I tested primarily on ipa-3-3 branch, I will rebase when acked. I don't see the need for the second change, caching of len(new_members). On lists, len() is extremely fast. If you want to optimize, convert the list of existing members to a set before the for loop, instead of getting it from the entry and using the `in` operator (which is O(N) on lists) every time. Makes sense, done. Nitpicks: Instead of if len(container) 0: you should just use if container: (see PEP8). Fixed. Instead of: members = group_entry_attrs.get('member', []) ... group_entry_attrs['member'] = members you can use: members = group_entry_attrs.setdefault('member', []) ... Fixed. New patch attached (tested). Martin From 77adc17f6ac6be5eb21c3a4658812c5172e456a4 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 27 Jan 2014 12:28:12 +0100 Subject: [PATCH] Migration does not add users to default group When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 --- ipalib/plugins/migration.py | 17 ++--- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 83bf40dbfa4cf2310b2501c28cf095299711331d..0ed65f7015f458aa1cf96efb0e36e28c5019cbd2 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -286,19 +286,21 @@ def _update_default_group(ldap, pkey, config, ctx, force): searchfilter = ((objectclass=posixAccount)(!(memberof=%s))) % group_dn try: (result, truncated) = ldap.find_entries(searchfilter, -[''], api.env.container_user, scope=ldap.SCOPE_SUBTREE, -time_limit = -1) +[''], DN(api.env.container_user, api.env.basedn), +scope=ldap.SCOPE_SUBTREE, time_limit = -1) except errors.NotFound: +api.log.debug('All users have default group set') return new_members = [] (group_dn, group_entry_attrs) = ldap.get_entry(group_dn, ['member']) +existing_members = set(group_entry_attrs.get('member', [])) for m in result: -if m[0] not in group_entry_attrs.get('member', []): +if m[0] not in existing_members: new_members.append(m[0]) -if len(new_members) 0: -members = group_entry_attrs.get('member', []) + +if new_members: +members = group_entry_attrs.setdefault('member', []) members.extend(new_members) -group_entry_attrs['member'] = members try: ldap.update_entry(group_dn, group_entry_attrs) @@ -308,7 +310,8 @@ def _update_default_group(ldap, pkey, config, ctx, force): e = datetime.datetime.now() d = e - s mode = (forced) if force else -api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d)) +api.log.debug('Adding %d users to group%s duration %s', +len(new_members), mode, d) # GROUP MIGRATION CALLBACKS AND VARS -- 1.8.5.3 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 454 Migration does not add users to default group
On 01/27/2014 12:32 PM, Martin Kosek wrote: When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 This needs a rebase for the new LDAP API. I don't see the need for the second change, caching of len(new_members). On lists, len() is extremely fast. If you want to optimize, convert the list of existing members to a set before the for loop, instead of getting it from the entry and using the `in` operator (which is O(N) on lists) every time. Nitpicks: Instead of if len(container) 0: you should just use if container: (see PEP8). Instead of: members = group_entry_attrs.get('member', []) ... group_entry_attrs['member'] = members you can use: members = group_entry_attrs.setdefault('member', []) ... -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 454 Migration does not add users to default group
When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 -- Martin Kosek mko...@redhat.com Supervisor, Software Engineering - Identity Management Team Red Hat Inc. From 4ecb5f85e44f2f591504bb7f0d7f9ad64ccf6115 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 27 Jan 2014 12:28:12 +0100 Subject: [PATCH] Migration does not add users to default group When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 --- ipalib/plugins/migration.py | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 83bf40dbfa4cf2310b2501c28cf095299711331d..19032248b559be48ca08d8b1a14874df4cd0988a 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -286,16 +286,19 @@ def _update_default_group(ldap, pkey, config, ctx, force): searchfilter = ((objectclass=posixAccount)(!(memberof=%s))) % group_dn try: (result, truncated) = ldap.find_entries(searchfilter, -[''], api.env.container_user, scope=ldap.SCOPE_SUBTREE, -time_limit = -1) +[''], DN(api.env.container_user, api.env.basedn), +scope=ldap.SCOPE_SUBTREE, time_limit = -1) except errors.NotFound: +api.log.debug('All users have default group set') return new_members = [] (group_dn, group_entry_attrs) = ldap.get_entry(group_dn, ['member']) for m in result: if m[0] not in group_entry_attrs.get('member', []): new_members.append(m[0]) -if len(new_members) 0: + +new_members_cnt = len(new_members) +if new_members_cnt 0: members = group_entry_attrs.get('member', []) members.extend(new_members) group_entry_attrs['member'] = members @@ -308,7 +311,8 @@ def _update_default_group(ldap, pkey, config, ctx, force): e = datetime.datetime.now() d = e - s mode = (forced) if force else -api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d)) +api.log.debug('Adding %d users to group%s duration %s', +new_members_cnt, mode, d) # GROUP MIGRATION CALLBACKS AND VARS -- 1.8.4.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel