When group/user is migrated, the attribute used for RDN may be multivalued. Make sure that we pick the value used in the RDN which should be the unique one and not just the first one.
https://fedorahosted.org/freeipa/ticket/1892
>From 1d570b611e5ff16022130405b708d135c8fd8aa4 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Thu, 29 Sep 2011 11:55:13 +0200 Subject: [PATCH] migrate process cannot handle multivalued pkey attribute When group/user is migrated, the attribute used for RDN may be multivalued. Make sure that we pick the value used in the RDN which should be the unique one and not just the first one. https://fedorahosted.org/freeipa/ticket/1892 --- ipalib/plugins/migration.py | 23 ++++++++++++++++++++++- 1 files changed, 22 insertions(+), 1 deletions(-) diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index f75612cef07eb06f4747d7989ee2d5d41c3bf8bd..95ccef1e1864b55d6afe718e8f4e59fb0d63f700 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -24,6 +24,7 @@ import ldap as _ldap from ipalib import api, errors, output from ipalib import Command, List, Password, Str, Flag, StrEnum from ipalib.cli import to_cli +from ipalib.dn import * if api.env.in_server and api.env.context in ['lite', 'server']: try: from ipaserver.plugins.ldap2 import ldap2 @@ -77,6 +78,8 @@ EXAMPLES: _krb_err_msg = _('Kerberos principal %s already exists. Use \'ipa user-mod\' to set it manually.') _grp_err_msg = _('Failed to add user to the default group. Use \'ipa group-add-member\' to add manually.') _ref_err_msg = _('Migration of LDAP search reference is not supported.') +_dn_err_msg = _('Malformed DN') +_rdn_err_msg = _('Cannot get valid RDN from object DN') _supported_schemas = (u'RFC2307bis', u'RFC2307') @@ -496,7 +499,25 @@ can use their Kerberos accounts.''') failed[ldap_obj_name][entry_attrs[0]] = unicode(_ref_err_msg) continue - pkey = entry_attrs[ldap_obj.primary_key.name][0].lower() + try: + dn = DN(dn) + except ValueError: + failed[ldap_obj_name][dn] = unicode(_dn_err_msg) + continue + + ava = dn[0][0] + if ava.attr == ldap_obj.primary_key.name: + # In case if pkey attribute is in the migrated object DN + # and the original LDAP is multivalued, make sure that + # we pick the correct value (the unique one stored in DN) + try: + pkey = dn[ldap_obj.primary_key.name].lower() + except KeyError: + failed[ldap_obj_name][str(dn)] = unicode(_rdn_err_msg) + continue + else: + pkey = entry_attrs[ldap_obj.primary_key.name][0].lower() + if pkey in exclude: continue -- 1.7.6.2
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
