Mitchell Smith via FreeIPA-users wrote: > Hi List, > > I am trying to migrate an old FreeIPA 4.3.1 server running on Ubuntu > 16.04 to a new FreeIPA 4.5.4 server running on Centos 7. > > I am doing the migration via the "ipa migrate-ds" command, the command > is running successfully and the users get migrated, even the custom > schema attributes come over which is nice, but everything is getting > converted to lowercase, even things like object classes, which is > causing some issues for things talking to LDAP and expecting specific > values. > > A very simplistic example without going in to our custom schema is > > ObjectClass: posixAccount > > and after the migration > > ObjectClass: posixaccount > > I have tweaked /usr/lib/python2.7/site-packages/ipaserver/plugins/migration.py > as follows to try and work around this however the migration is still > lowercasing everything. > > If anyone could please suggest where else in the code I should start > digging where the migration might be getting normalized into > lowercase, I would really appreciate any feedback.
Sorry, I don't know what might be doing this. It could be in the ldap2 module itself. But, relying on case in an objectclass is not a good idea. The RFC isn't very specific about the matching criteria but 389-ds has it implemented as case insensitive. I guess another question would be why not create a 4.5.4 replica based on your current master and then eventually retire the old one? rob rob > > --- migration.orig 2018-11-22 00:50:07.335290536 +0000 > +++ migration.py 2018-11-22 00:51:40.938290536 +0000 > @@ -284,7 +284,7 @@ > continue > > api.log.debug('converting DN value %s for %s in %s' % > (value, attr, dn)) > - rdnval = remote_entry[primary_key][0].lower() > + rdnval = remote_entry[primary_key][0] > entry_attrs[attr][ind] = DN((primary_key, rdnval), > container, api.env.basedn) > > return dn > @@ -697,7 +697,7 @@ > for name in names: > if options[name]: > options[name] = tuple( > - v.lower() for v in options[name] > + v for v in options[name] > ) > else: > options[name] = tuple() > @@ -801,9 +801,9 @@ > # In case if pkey attribute is in the migrated object DN > # and the original LDAP is multivalued, make sure that > # we pick the correct value (the unique one stored in DN) > - pkey = ava.value.lower() > + pkey = ava.value > else: > - pkey = entry_attrs[ldap_obj.primary_key.name][0].lower() > + pkey = entry_attrs[ldap_obj.primary_key.name][0] > > if pkey in exclude: > continue > @@ -813,10 +813,10 @@ > set( > config.get( > ldap_obj.object_class_config, > ldap_obj.object_class > - ) + [o.lower() for o in entry_attrs['objectclass']] > + ) + [o for o in entry_attrs['objectclass']] > ) > ) > - entry_attrs[ldap_obj.primary_key.name][0] = > entry_attrs[ldap_obj.primary_key.name][0].lower() > + entry_attrs[ldap_obj.primary_key.name][0] = > entry_attrs[ldap_obj.primary_key.name][0] > > callback = > self.migrate_objects[ldap_obj_name]['pre_callback'] > if callable(callback): > > Thanks for any suggestions. > > Cheers > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org