Mitchell Smith via FreeIPA-users wrote:
> Hi List,
>
> I am trying to migrate an old FreeIPA 4.3.1 server running on Ubuntu
> 16.04 to a new FreeIPA 4.5.4 server running on Centos 7.
>
> I am doing the migration via the "ipa migrate-ds" command, the command
> is running successfully and the users get migrated, even the custom
> schema attributes come over which is nice, but everything is getting
> converted to lowercase, even things like object classes, which is
> causing some issues for things talking to LDAP and expecting specific
> values.
>
> A very simplistic example without going in to our custom schema is
>
> ObjectClass: posixAccount
>
> and after the migration
>
> ObjectClass: posixaccount
>
> I have tweaked /usr/lib/python2.7/site-packages/ipaserver/plugins/migration.py
> as follows to try and work around this however the migration is still
> lowercasing everything.
>
> If anyone could please suggest where else in the code I should start
> digging where the migration might be getting normalized into
> lowercase, I would really appreciate any feedback.
Sorry, I don't know what might be doing this. It could be in the ldap2
module itself.
But, relying on case in an objectclass is not a good idea. The RFC isn't
very specific about the matching criteria but 389-ds has it implemented
as case insensitive.
I guess another question would be why not create a 4.5.4 replica based
on your current master and then eventually retire the old one?
rob
rob
>
> --- migration.orig 2018-11-22 00:50:07.335290536 +0000
> +++ migration.py 2018-11-22 00:51:40.938290536 +0000
> @@ -284,7 +284,7 @@
> continue
>
> api.log.debug('converting DN value %s for %s in %s' %
> (value, attr, dn))
> - rdnval = remote_entry[primary_key][0].lower()
> + rdnval = remote_entry[primary_key][0]
> entry_attrs[attr][ind] = DN((primary_key, rdnval),
> container, api.env.basedn)
>
> return dn
> @@ -697,7 +697,7 @@
> for name in names:
> if options[name]:
> options[name] = tuple(
> - v.lower() for v in options[name]
> + v for v in options[name]
> )
> else:
> options[name] = tuple()
> @@ -801,9 +801,9 @@
> # In case if pkey attribute is in the migrated object DN
> # and the original LDAP is multivalued, make sure that
> # we pick the correct value (the unique one stored in DN)
> - pkey = ava.value.lower()
> + pkey = ava.value
> else:
> - pkey = entry_attrs[ldap_obj.primary_key.name][0].lower()
> + pkey = entry_attrs[ldap_obj.primary_key.name][0]
>
> if pkey in exclude:
> continue
> @@ -813,10 +813,10 @@
> set(
> config.get(
> ldap_obj.object_class_config,
> ldap_obj.object_class
> - ) + [o.lower() for o in entry_attrs['objectclass']]
> + ) + [o for o in entry_attrs['objectclass']]
> )
> )
> - entry_attrs[ldap_obj.primary_key.name][0] =
> entry_attrs[ldap_obj.primary_key.name][0].lower()
> + entry_attrs[ldap_obj.primary_key.name][0] =
> entry_attrs[ldap_obj.primary_key.name][0]
>
> callback =
> self.migrate_objects[ldap_obj_name]['pre_callback']
> if callable(callback):
>
> Thanks for any suggestions.
>
> Cheers
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
