Re: [Freeipa-devel] [PATCH 0001 v2] Migrate now accepts scope as argument
On 06/05/2015 01:50 PM, Martin Basti wrote: On 04/06/15 21:36, Drew Erny wrote: Whoops, hit the wrong "reply". On 06/04/2015 03:34 PM, Drew Erny wrote: This is the same patch sort of manually rebased on the master branch. I couldn't get it to cleanly rebase using tools, so I apply my commit line-by-line; the only changes I made were pulling the "scope = _supported_scopes[options.get('scope')]" out of the for loop I'd accidentally left it in, and moving the import statement to a different spot. Everything else should be the same, excep I incremented VERSION and edited the comment. I do have to convert to tuple, because that argument is expected to be a tuple but .keys() returns a list. Oh right, Enum requires explicitly tuple On 06/04/2015 11:35 AM, Martin Basti wrote: On 03/06/15 20:40, Drew Erny wrote: Hi, all, This is an updated patch, with the code changes suggested by Martin Batsi in my test email. The biggest difference is that I had to do >> from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE To get access to those constants in the global scope. This seems like a fairly clean solution, but if it's a code smell, feel free to suggest improvements. This should have identical behavior to the last patch, except it will autofill scope and no longer prompt interactively. Thanks, Drew Erny de...@redhat.com Hello, please continue discussion in the same thread :) API.txt was changed, please update VERSION file, increment minor version +1 and edit comment there. I forgot to tell you yesterday. Can you rebase your patch to current master? This patch is supposed to go to IPA 4.2. Is the tuple conversion needed? values=tuple(_supported_scopes.keys()), Otherwise patch looks good. Martin^2 -- Martin Basti Thank you. ACK, it works as expected. Martin^2 Pushed to master: a57998f51eb8b62052fe021a68503eed4714c6d3 next time, please, include full link to the ticket, i.e., with protocol, otherwise it is not clickable and ipa push tool doesn't recognize the ticket. -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0001 v2] Migrate now accepts scope as argument
On 04/06/15 21:36, Drew Erny wrote: Whoops, hit the wrong "reply". On 06/04/2015 03:34 PM, Drew Erny wrote: This is the same patch sort of manually rebased on the master branch. I couldn't get it to cleanly rebase using tools, so I apply my commit line-by-line; the only changes I made were pulling the "scope = _supported_scopes[options.get('scope')]" out of the for loop I'd accidentally left it in, and moving the import statement to a different spot. Everything else should be the same, excep I incremented VERSION and edited the comment. I do have to convert to tuple, because that argument is expected to be a tuple but .keys() returns a list. Oh right, Enum requires explicitly tuple On 06/04/2015 11:35 AM, Martin Basti wrote: On 03/06/15 20:40, Drew Erny wrote: Hi, all, This is an updated patch, with the code changes suggested by Martin Batsi in my test email. The biggest difference is that I had to do >> from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE To get access to those constants in the global scope. This seems like a fairly clean solution, but if it's a code smell, feel free to suggest improvements. This should have identical behavior to the last patch, except it will autofill scope and no longer prompt interactively. Thanks, Drew Erny de...@redhat.com Hello, please continue discussion in the same thread :) API.txt was changed, please update VERSION file, increment minor version +1 and edit comment there. I forgot to tell you yesterday. Can you rebase your patch to current master? This patch is supposed to go to IPA 4.2. Is the tuple conversion needed? values=tuple(_supported_scopes.keys()), Otherwise patch looks good. Martin^2 -- Martin Basti Thank you. ACK, it works as expected. Martin^2 -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0001 v2] Migrate now accepts scope as argument
Whoops, hit the wrong "reply". On 06/04/2015 03:34 PM, Drew Erny wrote: This is the same patch sort of manually rebased on the master branch. I couldn't get it to cleanly rebase using tools, so I apply my commit line-by-line; the only changes I made were pulling the "scope = _supported_scopes[options.get('scope')]" out of the for loop I'd accidentally left it in, and moving the import statement to a different spot. Everything else should be the same, excep I incremented VERSION and edited the comment. I do have to convert to tuple, because that argument is expected to be a tuple but .keys() returns a list. On 06/04/2015 11:35 AM, Martin Basti wrote: On 03/06/15 20:40, Drew Erny wrote: Hi, all, This is an updated patch, with the code changes suggested by Martin Batsi in my test email. The biggest difference is that I had to do >> from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE To get access to those constants in the global scope. This seems like a fairly clean solution, but if it's a code smell, feel free to suggest improvements. This should have identical behavior to the last patch, except it will autofill scope and no longer prompt interactively. Thanks, Drew Erny de...@redhat.com Hello, please continue discussion in the same thread :) API.txt was changed, please update VERSION file, increment minor version +1 and edit comment there. I forgot to tell you yesterday. Can you rebase your patch to current master? This patch is supposed to go to IPA 4.2. Is the tuple conversion needed? values=tuple(_supported_scopes.keys()), Otherwise patch looks good. Martin^2 -- Martin Basti From 86618b48315c366d020fd1c6611d774602fb186d Mon Sep 17 00:00:00 2001 From: Drew Erny Date: Thu, 4 Jun 2015 14:02:12 -0400 Subject: [PATCH] Migration now accepts scope as argument Adds a new option to command ipa migrate-ds, --scope=[base,onelevel,subtree] which allows the user to specify LDAP search depth for users and groups. 'onelevel' was the hard-coded level before this patch and is still default. Specify 'subtree' to search nested OUs for users and groups. fedorahosted.org/freeipa/ticket/2547 --- API.txt | 3 ++- VERSION | 4 ++-- ipalib/plugins/migration.py | 19 ++- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/API.txt b/API.txt index c47d800b126dced80a3a90b89ac2f00b6764b836..eca4e302021316f9b02e543a9dc8b029286696cc 100644 --- a/API.txt +++ b/API.txt @@ -2522,7 +2522,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) command: migrate_ds -args: 2,19,4 +args: 2,20,4 arg: Str('ldapuri', cli_name='ldap_uri') arg: Password('bindpw', cli_name='password', confirm=False) option: DNParam('basedn?', cli_name='base_dn') @@ -2538,6 +2538,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames')) option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False) option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307')) +option: StrEnum('scope', autofill=True, cli_name='scope', default=u'onelevel', values=(u'base', u'subtree', u'onelevel')) option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True) option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people')) option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=()) diff --git a/VERSION b/VERSION index 6f6e363eb028027f789aff84256f58488d0a7964..fe746a7f5c47f02c838763bdda6cb1c61579f6ff 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=2010061412 # # IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=124 -# Last change: pvoborni - added topology management commands +IPA_API_VERSION_MINOR=125 +# Last change: derny - migration now accepts scope as argument diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 8b7dd9ef6c5e16ef39997f04ca935c4de3e56aa9..9dced137e5e8da5336c957ed567e3f26dd01d26a 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -19,6 +19,7 @@ import re from ldap import MOD_ADD +from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE from ipalib import api, errors, output from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool @@ -141,6 +142,10 @@ _dn_err_msg = _('Malformed DN') _supported_schemas = (u'RFC2307bis', u'RFC2307') +# search scopes for users and groups when migrating +_supported_scopes = {u'base': SCOPE_BASE, u'onelevel': SCOPE_ONELEVE
Re: [Freeipa-devel] [PATCH 0001 v2] Migrate now accepts scope as argument
On 03/06/15 20:40, Drew Erny wrote: Hi, all, This is an updated patch, with the code changes suggested by Martin Batsi in my test email. The biggest difference is that I had to do >> from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE To get access to those constants in the global scope. This seems like a fairly clean solution, but if it's a code smell, feel free to suggest improvements. This should have identical behavior to the last patch, except it will autofill scope and no longer prompt interactively. Thanks, Drew Erny de...@redhat.com Hello, please continue discussion in the same thread :) API.txt was changed, please update VERSION file, increment minor version +1 and edit comment there. I forgot to tell you yesterday. Can you rebase your patch to current master? This patch is supposed to go to IPA 4.2. Is the tuple conversion needed? values=tuple(_supported_scopes.keys()), Otherwise patch looks good. Martin^2 -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 0001 v2] Migrate now accepts scope as argument
Hi, all, This is an updated patch, with the code changes suggested by Martin Batsi in my test email. The biggest difference is that I had to do >> from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE To get access to those constants in the global scope. This seems like a fairly clean solution, but if it's a code smell, feel free to suggest improvements. This should have identical behavior to the last patch, except it will autofill scope and no longer prompt interactively. Thanks, Drew Erny de...@redhat.com From 168e910aef41bd1df661317168236287b2994822 Mon Sep 17 00:00:00 2001 From: Drew Erny Date: Wed, 27 May 2015 09:52:42 -0400 Subject: [PATCH] Migration now accepts scope as argument Adds a new option to command ipa migrate-ds, --scope=[base,onelevel,subtree], which allows the user to specify LDAP search depth for users and groups. 'onelevel' was the previous default level. Specify 'subtree' to to search nested OUs for users and groups. fedorahosted.org/freeipa/ticket/2547 --- API.txt | 3 ++- ipalib/plugins/migration.py | 18 +- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/API.txt b/API.txt index d987bc949948a280018f0f20d5af93838ecaeb20..da124c2d659510cf81d25a5708835cf8ed176efa 100644 --- a/API.txt +++ b/API.txt @@ -2450,7 +2450,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) command: migrate_ds -args: 2,18,4 +args: 2,19,4 arg: Str('ldapuri', cli_name='ldap_uri') arg: Password('bindpw', cli_name='password', confirm=False) option: DNParam('basedn?', cli_name='base_dn') @@ -2466,6 +2466,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames')) option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False) option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307')) +option: StrEnum('scope', autofill=True, cli_name='scope', default=u'onelevel', values=(u'base', u'subtree', u'onelevel')) option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people')) option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=()) option: Str('userignoreobjectclass*', autofill=True, cli_name='user_ignore_objectclass', csv=True, default=()) diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index c8379420d539ac35901d99f981b4c8e2f0f89ffc..d922d67cbf1a91a201b3b985af36a34e7956300a 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -35,6 +35,8 @@ from ipapython.ipautil import write_tmp_file import datetime from ipaplatform.paths import paths +from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE + __doc__ = _(""" Migration to IPA @@ -140,6 +142,9 @@ _dn_err_msg = _('Malformed DN') _supported_schemas = (u'RFC2307bis', u'RFC2307') +# search scopes for users and groups when migrating +_supported_scopes = {u'base': SCOPE_BASE, u'onelevel': SCOPE_ONELEVEL, u'subtree': SCOPE_SUBTREE} +_default_scope = u'onelevel' def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs): assert isinstance(dn, DN) @@ -607,6 +612,15 @@ class migrate_ds(Command): doc=_('Load CA certificate of LDAP server from FILE'), default=None ), +StrEnum('scope', +cli_name='scope', +label=_('Search scope'), +doc=_('LDAP search scope for users and groups: base, onelevel, or ' + 'subtree. Defaults to onelevel'), +values=tuple(_supported_scopes.keys()), +default=_default_scope, +autofill=True, +), ) has_output = ( @@ -711,13 +725,15 @@ can use their Kerberos accounts.''') exclude = options['exclude_%ss' % to_cli(ldap_obj_name)] context = dict(ds_ldap = ds_ldap) +scope = _supported_scopes[options.get('scope')] + migrated[ldap_obj_name] = [] failed[ldap_obj_name] = {} try: entries, truncated = ds_ldap.find_entries( search_filter, ['*'], search_bases[ldap_obj_name], -ds_ldap.SCOPE_ONELEVEL, +scope, time_limit=0, size_limit=-1, search_refs=True# migrated DS may contain search references ) -- 2.4.2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code