Re: [Freeipa-devel] [PATCH] 972 fix migration

Rob Crittenden Wed, 29 Feb 2012 07:32:41 -0800

Martin Kosek wrote:

On Tue, 2012-02-28 at 17:36 -0500, Rob Crittenden wrote:

We were setting the GID of migrated users to that of the default user's
group (ipausers) when it should have been the same as the UID unless UPG
was disabled.


This does the right thing and fixes migration which was broken when we
made ipausers a non-posix group.

rob


NACK

This is a good start, but you missed a case when UPGs are disabled. We
crash in that case:

# ipa-managed-entries -e 'UPG Definition' disable
Disabling Plugin
# ipa migrate-ds --user-container=ou=People --group-container=ou=Groups
ldap://vm-054.idm.lab.bos.redhat.com --bind-dn="cn=Directory Manager"
Password:
ipa: ERROR: an internal error has occurred

/var/log/httpd/error_log:
[Wed Feb 29 09:15:36 2012] [error] ipa: ERROR: non-public: KeyError: 'gidnumber'
[Wed Feb 29 09:15:36 2012] [error] Traceback (most recent call last):
[Wed Feb 29 09:15:36 2012] [error]   File 
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py",   line 314, in 
wsgi_execute
[Wed Feb 29 09:15:36 2012] [error]     result = self.Command[name](*args, 
**options)
[Wed Feb 29 09:15:36 2012] [error]   File 
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line  443, in __call__
[Wed Feb 29 09:15:36 2012] [error]     ret = self.run(*args, **options)
[Wed Feb 29 09:15:36 2012] [error]   File 
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line  721, in run
[Wed Feb 29 09:15:36 2012] [error]     return self.execute(*args, **options)
[Wed Feb 29 09:15:36 2012] [error]   File 
"/usr/lib/python2.7/site-packages/ipalib/plugins/migration.  py", line 667, in 
execute
[Wed Feb 29 09:15:36 2012] [error]     ldap, config, ds_ldap, ds_base_dn, 
options
[Wed Feb 29 09:15:36 2012] [error]   File 
"/usr/lib/python2.7/site-packages/ipalib/plugins/migration.  py", line 605, in 
migrate
[Wed Feb 29 09:15:36 2012] [error]     **blacklists
[Wed Feb 29 09:15:36 2012] [error]   File 
"/usr/lib/python2.7/site-packages/ipalib/plugins/migration.  py", line 125, in 
_pre_migrate_user
[Wed Feb 29 09:15:36 2012] [error]     ctx['def_group_gid'] = 
g_attrs['gidnumber'][0]
[Wed Feb 29 09:15:36 2012] [error] KeyError: 'gidnumber'
[Wed Feb 29 09:15:36 2012] [error] ipa: INFO: ad...@idm.lab.bos.redhat.com: 
migrate_ds(u'ldap://vm-054.idm.lab.bos.redhat.com', u'********', 
binddn=u'cn=Directory Manager', usercontainer=u'ou=People',      
groupcontainer=u'ou=Groups', userobjectclass=(u'person',), 
groupobjectclass=(u'groupOfUniqueNames',    u'groupOfNames'), 
userignoreobjectclass=None, userignoreattribute=None, 
groupignoreobjectclass=None,   groupignoreattribute=None, 
groupoverwritegid=False, schema=u'RFC2307bis', continue=False,              
exclude_groups=None, exclude_users=None): KeyError


Martin

Updated. Will now report an error if the default group is not POSIX andUPG is disabled.

rob

>From 5dc9c28a5dbaa5595ccce0567574b088b54c8f46 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 28 Feb 2012 17:34:14 -0500
Subject: [PATCH] Don't set migrated user's GID to that of default users
 group.

The GID should be the UID unless UPG is disabled.

https://fedorahosted.org/freeipa/ticket/2430
---
 ipalib/plugins/migration.py |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index ab4e523e5b505577f83be4f95724bd9a9a50f8b6..a3724abd650a5e098b987798fe259e1149a434bb 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -126,9 +126,13 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
         try:
             (g_dn, g_attrs) = ldap.get_entry(ctx['def_group_dn'], ['gidnumber'])
         except errors.NotFound:
-            error_msg = 'Default group for new users not found.'
+            error_msg = _('Default group for new users not found.')
             raise errors.NotFound(reason=error_msg)
-        ctx['def_group_gid'] = g_attrs['gidnumber'][0]
+        if not ldap.has_upg():
+            if 'gidnumber' in g_attrs:
+                ctx['def_group_gid'] = g_attrs['gidnumber'][0]
+            else:
+                raise errors.NotFound(reason=_('User Private Groups are disabled and the default users group is not POSIX'))
 
     # fill in required attributes by IPA
     entry_attrs['ipauniqueid'] = 'autogenerate'
@@ -137,7 +141,8 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
         home_dir = '%s/%s' % (homes_root, pkey)
         home_dir = home_dir.replace('//', '/').rstrip('/')
         entry_attrs['homedirectory'] = home_dir
-    entry_attrs.setdefault('gidnumber', ctx['def_group_gid'])
+    if 'def_group_gid' in ctx:
+        entry_attrs.setdefault('gidnumber', ctx['def_group_gid'])
 
     # do not migrate all attributes
     for attr in entry_attrs.keys():
-- 
1.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 972 fix migration

Reply via email to