[Freeipa-devel] [PATCH] 991/992 fix migration issues

Martin Kosek mkosek at redhat.com
Thu Mar 22 10:30:23 UTC 2012 

On Tue, 2012-03-20 at 22:58 -0400, Rob Crittenden wrote:
> Fix a couple of issues found with migration. I made a second patch just 
> to keep things separate even though its just a one-liner.
> 
> 991 fixes a problem where we have attributes which point to other 
> entries and these weren't being migrated. This is things like secretary 
> and manager. This was actually causing things to blow up badly.
> 
> 992 makes the primary key lower-case to match the rest of IPA.
> 
> I've attached an LDIF with a couple of users to demonstrate the fix.
> 
> rob


1) This is not very Pythonic:
+            for ind in xrange(len(entry_attrs[attr])):
+                value = entry_attrs[attr][ind]

This would be better:
+            for ind,value in enumerate(entry_attrs[attr]):

2) 992 lowers uid of users group, but you leave updated DNs
un-normalized, we may want to lower them as well:

# ayaz_kreiger, users, accounts, idm.lab.bos.redhat.com
dn: uid=ayaz_kreiger,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=co
m
uid: ayaz_kreiger
...
manager: uid=Mollee_Weisenberg,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=re
 dhat,dc=com
manager: cn=Doesnot Exist,ou=People,dc=greyoak,dc=com
...

3) We still crash if the DN does not exist (see above) and thus we don't
normalize it:
# ipa user-show ayaz_kreiger --allipa: ERROR: an internal error has
occurred

I think we should use the change that came up when I was reviewing
Petr3's sudo patch:
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index cf5d8d20eb27a0342f064086e0ee9d85c78c5bae..8f03a09827bd0ee6a08e594617ad8d4dff2b467b 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -487,7 +487,15 @@ class LDAPObject(Object):
             pass
         # DN object assures we're returning a decoded (unescaped) value
         dn = DN(dn)
-        return dn[self.primary_key.name]
+        try:
+            return dn[self.primary_key.name]
+        except KeyError:
+            # The primary key is not in the DN.
+            # This shouldn't happen, but we don't want a "show" command to
+            # crash.
+            # Just return the entire DN, it's all we have if the entry
+            # doesn't exist
+            return unicode(dn)

4) (minor) In function get_dn_syntax:
- if obj is None, the function will return None -> contradicts with the help
- I would name the function "is_dn_syntax" since we don't return DN syntax

Martin

More information about the Freeipa-devel mailing list