Re: [Freeipa-devel] [PATCH] 454 Migration does not add users to default group
On 01/31/2014 10:22 AM, Martin Kosek wrote:
On 01/28/2014 02:18 PM, Petr Viktorin wrote:
On 01/27/2014 12:32 PM, Martin Kosek wrote:
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.
https://fedorahosted.org/freeipa/ticket/4141
This needs a rebase for the new LDAP API.
I tested primarily on ipa-3-3 branch, I will rebase when acked.
I don't see the need for the second change, caching of len(new_members). On
lists, len() is extremely fast.
If you want to optimize, convert the list of existing members to a set before
the for loop, instead of getting it from the entry and using the `in` operator
(which is O(N) on lists) every time.
Makes sense, done.
Nitpicks:
Instead of if len(container) 0: you should just use if container: (see
PEP8).
Fixed.
Instead of:
members = group_entry_attrs.get('member', [])
...
group_entry_attrs['member'] = members
you can use:
members = group_entry_attrs.setdefault('member', [])
...
Fixed.
New patch attached (tested).
Martin
Works fine, ACK. You can rebase to master now.
--
PetrĀ³
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 454 Migration does not add users to default group
On 02/05/2014 03:25 PM, Petr Viktorin wrote:
On 01/31/2014 10:22 AM, Martin Kosek wrote:
On 01/28/2014 02:18 PM, Petr Viktorin wrote:
On 01/27/2014 12:32 PM, Martin Kosek wrote:
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.
https://fedorahosted.org/freeipa/ticket/4141
This needs a rebase for the new LDAP API.
I tested primarily on ipa-3-3 branch, I will rebase when acked.
I don't see the need for the second change, caching of len(new_members). On
lists, len() is extremely fast.
If you want to optimize, convert the list of existing members to a set
before
the for loop, instead of getting it from the entry and using the `in`
operator
(which is O(N) on lists) every time.
Makes sense, done.
Nitpicks:
Instead of if len(container) 0: you should just use if container: (see
PEP8).
Fixed.
Instead of:
members = group_entry_attrs.get('member', [])
...
group_entry_attrs['member'] = members
you can use:
members = group_entry_attrs.setdefault('member', [])
...
Fixed.
New patch attached (tested).
Martin
Works fine, ACK. You can rebase to master now.
Rebased the patch to master and pushed to master, ipa-3-3.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 454 Migration does not add users to default group
On 01/28/2014 02:18 PM, Petr Viktorin wrote:
On 01/27/2014 12:32 PM, Martin Kosek wrote:
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.
https://fedorahosted.org/freeipa/ticket/4141
This needs a rebase for the new LDAP API.
I tested primarily on ipa-3-3 branch, I will rebase when acked.
I don't see the need for the second change, caching of len(new_members). On
lists, len() is extremely fast.
If you want to optimize, convert the list of existing members to a set before
the for loop, instead of getting it from the entry and using the `in` operator
(which is O(N) on lists) every time.
Makes sense, done.
Nitpicks:
Instead of if len(container) 0: you should just use if container: (see
PEP8).
Fixed.
Instead of:
members = group_entry_attrs.get('member', [])
...
group_entry_attrs['member'] = members
you can use:
members = group_entry_attrs.setdefault('member', [])
...
Fixed.
New patch attached (tested).
Martin
From 77adc17f6ac6be5eb21c3a4658812c5172e456a4 Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Mon, 27 Jan 2014 12:28:12 +0100
Subject: [PATCH] Migration does not add users to default group
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.
https://fedorahosted.org/freeipa/ticket/4141
---
ipalib/plugins/migration.py | 17 ++---
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 83bf40dbfa4cf2310b2501c28cf095299711331d..0ed65f7015f458aa1cf96efb0e36e28c5019cbd2 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -286,19 +286,21 @@ def _update_default_group(ldap, pkey, config, ctx, force):
searchfilter = ((objectclass=posixAccount)(!(memberof=%s))) % group_dn
try:
(result, truncated) = ldap.find_entries(searchfilter,
-[''], api.env.container_user, scope=ldap.SCOPE_SUBTREE,
-time_limit = -1)
+[''], DN(api.env.container_user, api.env.basedn),
+scope=ldap.SCOPE_SUBTREE, time_limit = -1)
except errors.NotFound:
+api.log.debug('All users have default group set')
return
new_members = []
(group_dn, group_entry_attrs) = ldap.get_entry(group_dn, ['member'])
+existing_members = set(group_entry_attrs.get('member', []))
for m in result:
-if m[0] not in group_entry_attrs.get('member', []):
+if m[0] not in existing_members:
new_members.append(m[0])
-if len(new_members) 0:
-members = group_entry_attrs.get('member', [])
+
+if new_members:
+members = group_entry_attrs.setdefault('member', [])
members.extend(new_members)
-group_entry_attrs['member'] = members
try:
ldap.update_entry(group_dn, group_entry_attrs)
@@ -308,7 +310,8 @@ def _update_default_group(ldap, pkey, config, ctx, force):
e = datetime.datetime.now()
d = e - s
mode = (forced) if force else
-api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d))
+api.log.debug('Adding %d users to group%s duration %s',
+len(new_members), mode, d)
# GROUP MIGRATION CALLBACKS AND VARS
--
1.8.5.3
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 454 Migration does not add users to default group
On 01/27/2014 12:32 PM, Martin Kosek wrote:
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.
https://fedorahosted.org/freeipa/ticket/4141
This needs a rebase for the new LDAP API.
I don't see the need for the second change, caching of len(new_members).
On lists, len() is extremely fast.
If you want to optimize, convert the list of existing members to a set
before the for loop, instead of getting it from the entry and using the
`in` operator (which is O(N) on lists) every time.
Nitpicks:
Instead of if len(container) 0: you should just use if container:
(see PEP8).
Instead of:
members = group_entry_attrs.get('member', [])
...
group_entry_attrs['member'] = members
you can use:
members = group_entry_attrs.setdefault('member', [])
...
--
PetrĀ³
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 454 Migration does not add users to default group
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.
https://fedorahosted.org/freeipa/ticket/4141
--
Martin Kosek mko...@redhat.com
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
From 4ecb5f85e44f2f591504bb7f0d7f9ad64ccf6115 Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Mon, 27 Jan 2014 12:28:12 +0100
Subject: [PATCH] Migration does not add users to default group
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.
https://fedorahosted.org/freeipa/ticket/4141
---
ipalib/plugins/migration.py | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 83bf40dbfa4cf2310b2501c28cf095299711331d..19032248b559be48ca08d8b1a14874df4cd0988a 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -286,16 +286,19 @@ def _update_default_group(ldap, pkey, config, ctx, force):
searchfilter = ((objectclass=posixAccount)(!(memberof=%s))) % group_dn
try:
(result, truncated) = ldap.find_entries(searchfilter,
-[''], api.env.container_user, scope=ldap.SCOPE_SUBTREE,
-time_limit = -1)
+[''], DN(api.env.container_user, api.env.basedn),
+scope=ldap.SCOPE_SUBTREE, time_limit = -1)
except errors.NotFound:
+api.log.debug('All users have default group set')
return
new_members = []
(group_dn, group_entry_attrs) = ldap.get_entry(group_dn, ['member'])
for m in result:
if m[0] not in group_entry_attrs.get('member', []):
new_members.append(m[0])
-if len(new_members) 0:
+
+new_members_cnt = len(new_members)
+if new_members_cnt 0:
members = group_entry_attrs.get('member', [])
members.extend(new_members)
group_entry_attrs['member'] = members
@@ -308,7 +311,8 @@ def _update_default_group(ldap, pkey, config, ctx, force):
e = datetime.datetime.now()
d = e - s
mode = (forced) if force else
-api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d))
+api.log.debug('Adding %d users to group%s duration %s',
+new_members_cnt, mode, d)
# GROUP MIGRATION CALLBACKS AND VARS
--
1.8.4.2
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
