On 07/28/2016 10:56 AM, Martin Babinsky wrote:
Fixes https://fedorahosted.org/freeipa/ticket/6101
I have also noticed that the principal aliases are not preserved during
migration from FreeIPA 4.4.
That, however, requires more powerful runes to transform the realm of
all values and warrants a separate ticket if we even want to support
migration of user aliases.
Hi Martin,
thanks for your patch. From a technical standpoint, it looks good to me
as I tested the following scenarios:
1/ without --user-ignore-attribute
- call ipa migrate-ds without specifying any attributes to ignore
The user entries are migrated, and contain a migrated krbprincipalname
and krbcanonicalname.
At this point kinit fails but this is expected as the krb attributes
were not re-generated. Login to the web https://hostname/ipa/ui also
fails as expected.
- login to https://hostname/ipa/migration with the user credentials
- perform kinit => OK
- login to https://hostname/ipa/ui => OK
2/ with --user-ignore-attribute={krbPrincipalName,krbextradata,...} as
explained in the Migration page [1]
At this point kinit fails as expected, as well as login to the web ipa/ui.
- login to https://hostname/ipa/migration with the user credentials
- perform kinit => OK
- login to https://hostname/ipa/ui => OK
But the patch produces new pep8 complaints:
./ipaserver/plugins/migration.py:39:1: E402 module level import not at
top of file
Flo.
----
[1]
https://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
