[Freeipa-devel] [PATCH] Make the migration plugin more configurable
Rob Crittenden
rcritten at redhat.com
Wed Nov 24 21:54:19 UTC 2010
Jakub Hrozek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/22/2010 04:21 PM, Jakub Hrozek wrote:
>> On 11/22/2010 04:16 PM, Jakub Hrozek wrote:
>>> The code handles it (I just ran a quick test with --schema=RFC2307bis).
>>
>>> It just iterates through all members of a group -- be it user member of
>>> group member, it's just a DN for the plugin.
>>
>>> Jakub
>>
>> Sorry, I found another bug in the plugin. I'll send a new patch shortly,
>> so please don't waste time reviewing this one.
>
> New patch is attached. It fixes two more bugs of the original plugin -
> determines whether a group member is a user or a nested group by
> checking the DN, not just the RDN attribute name and does not hardcode
> primary keys.
Will this blow up in convert_members_rfc2307bis() if a member isn't
contained in the users and groups containers? Should there be a failsafe
to skip over things that don't match (along with appropriate reporting)?
Or if one of users or groups search bases isn't provided?
It definitely doesn't like this:
# ipa migrate-ds --user-container=''
--group-container='cn=groups,cn=accounts' ldap://ds.example.com:389
When passed the right set of options it does seem to do the right thing.
rob
More information about the Freeipa-devel
mailing list