[Freeipa-devel] [PATCH] 991/992 fix migration issues
Rob Crittenden
rcritten at redhat.com
Thu Mar 22 19:17:16 UTC 2012
Martin Kosek wrote:
> On Tue, 2012-03-20 at 22:58 -0400, Rob Crittenden wrote:
>> Fix a couple of issues found with migration. I made a second patch just
>> to keep things separate even though its just a one-liner.
>>
>> 991 fixes a problem where we have attributes which point to other
>> entries and these weren't being migrated. This is things like secretary
>> and manager. This was actually causing things to blow up badly.
>>
>> 992 makes the primary key lower-case to match the rest of IPA.
>>
>> I've attached an LDIF with a couple of users to demonstrate the fix.
>>
>> rob
>
>
> 1) This is not very Pythonic:
> + for ind in xrange(len(entry_attrs[attr])):
> + value = entry_attrs[attr][ind]
>
> This would be better:
> + for ind,value in enumerate(entry_attrs[attr]):
>
> 2) 992 lowers uid of users group, but you leave updated DNs
> un-normalized, we may want to lower them as well:
>
> # ayaz_kreiger, users, accounts, idm.lab.bos.redhat.com
> dn: uid=ayaz_kreiger,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=co
> m
> uid: ayaz_kreiger
> ...
> manager: uid=Mollee_Weisenberg,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=re
> dhat,dc=com
> manager: cn=Doesnot Exist,ou=People,dc=greyoak,dc=com
> ...
>
> 3) We still crash if the DN does not exist (see above) and thus we don't
> normalize it:
> # ipa user-show ayaz_kreiger --allipa: ERROR: an internal error has
> occurred
>
> I think we should use the change that came up when I was reviewing
> Petr3's sudo patch:
> diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
> index cf5d8d20eb27a0342f064086e0ee9d85c78c5bae..8f03a09827bd0ee6a08e594617ad8d4dff2b467b 100644
> --- a/ipalib/plugins/baseldap.py
> +++ b/ipalib/plugins/baseldap.py
> @@ -487,7 +487,15 @@ class LDAPObject(Object):
> pass
> # DN object assures we're returning a decoded (unescaped) value
> dn = DN(dn)
> - return dn[self.primary_key.name]
> + try:
> + return dn[self.primary_key.name]
> + except KeyError:
> + # The primary key is not in the DN.
> + # This shouldn't happen, but we don't want a "show" command to
> + # crash.
> + # Just return the entire DN, it's all we have if the entry
> + # doesn't exist
> + return unicode(dn)
>
> 4) (minor) In function get_dn_syntax:
> - if obj is None, the function will return None -> contradicts with the help
> - I would name the function "is_dn_syntax" since we don't return DN syntax
>
> Martin
>
For 4 I added a None check. I only want this to return True/False. I
don't want to get too clever and try to see if the value is a dn if we
don't have schema for it.
Updated patch atached.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-991-2-migration.patch
Type: text/x-diff
Size: 4712 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120322/f008f792/attachment.bin>
More information about the Freeipa-devel
mailing list