URL: https://github.com/freeipa/freeipa/pull/126 Author: flo-renaud Title: #126: Fix ipa migrate-ds when it finds a search reference Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/126/head:pr126 git checkout pr126
From e4a3f389fb9e73915f8b3edaf4c0a4f783d82eff Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Thu, 29 Sep 2016 13:46:05 +0200 Subject: [PATCH] Fix ipa migrate-ds when it finds a search reference When ipa migrate-ds finds user entries and a search reference, it complains that the LDAP search did not return any result and does not migrate the entries or the groups. The issue comes from LDAPClient._convert_result which returns an empty result list when the input is a search reference. In turn LDAPClient.find_entries assumes that the empty result list corresponds to a Search Result Done and returns without any entry. The fix examines first the objtype returned by self.conn.result3. If it is a search result done, then the loop can be exited. Otherwise (referral or entry), _convert_result is called and the result (if not empty) is appended to the list of returned entries. https://fedorahosted.org/freeipa/ticket/6358 --- ipapython/ipaldap.py | 12 ++++-------- ipaserver/plugins/migration.py | 3 +-- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index bbaeedc..3778b58 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -1309,7 +1309,7 @@ def get_entries(self, base_dn, scope=ldap.SCOPE_SUBTREE, filter=None, def find_entries(self, filter=None, attrs_list=None, base_dn=None, scope=ldap.SCOPE_SUBTREE, time_limit=None, - size_limit=None, search_refs=False, paged_search=False): + size_limit=None, paged_search=False): """ Return a list of entries and indication of whether the results were truncated ([(dn, entry_attrs)], truncated) matching specified search @@ -1323,8 +1323,6 @@ def find_entries(self, filter=None, attrs_list=None, base_dn=None, time_limit -- time limit in seconds (default unlimited) size_limit -- size (number of entries returned) limit (default unlimited) - search_refs -- allow search references to be returned - (default skips these entries) paged_search -- search using paged results control :raises: errors.NotFound if result set is empty @@ -1379,12 +1377,10 @@ def find_entries(self, filter=None, attrs_list=None, base_dn=None, while True: result = self.conn.result3(id, 0) objtype, res_list, _res_id, res_ctrls = result - res_list = self._convert_result(res_list) - if not res_list: + if objtype == ldap.RES_SEARCH_RESULT: break - if (objtype == ldap.RES_SEARCH_ENTRY or - (search_refs and - objtype == ldap.RES_SEARCH_REFERENCE)): + res_list = self._convert_result(res_list) + if res_list: res.append(res_list[0]) if paged_search: diff --git a/ipaserver/plugins/migration.py b/ipaserver/plugins/migration.py index b61ef96..0af4dc0 100644 --- a/ipaserver/plugins/migration.py +++ b/ipaserver/plugins/migration.py @@ -746,8 +746,7 @@ def migrate(self, ldap, config, ds_ldap, ds_base_dn, options): entries, truncated = ds_ldap.find_entries( search_filter, ['*'], search_bases[ldap_obj_name], scope, - time_limit=0, size_limit=-1, - search_refs=True # migrated DS may contain search references + time_limit=0, size_limit=-1 ) except errors.NotFound: if not options.get('continue',False):
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
