Migration does not add users to default group

When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-01-27 12:28:12 +01:00 · 2014-01-27 12:28:12 +01:00 · 03ba31b8ca
commit 03ba31b8ca
parent 1601860023
1 changed files with 10 additions and 7 deletions
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@ -288,19 +288,21 @@ def _update_default_group(ldap, pkey, config, ctx, force):
        searchfilter = "(&(objectclass=posixAccount)(!(memberof=%s)))" % group_dn
        try:
            (result, truncated) = ldap.find_entries(searchfilter,
-                [''], api.env.container_user, scope=ldap.SCOPE_SUBTREE,
-                time_limit = -1)
+                [''], DN(api.env.container_user, api.env.basedn),
+                scope=ldap.SCOPE_SUBTREE, time_limit = -1)
        except errors.NotFound:
+            api.log.debug('All users have default group set')
            return
        new_members = []
        group_entry_attrs = ldap.get_entry(group_dn, ['member'])
+        existing_members = set(group_entry_attrs.get('member', []))
        for m in result:
-            if m.dn not in group_entry_attrs.get('member', []):
+            if m.dn not in existing_members:
                new_members.append(m.dn)
-        if len(new_members) > 0:
-            members = group_entry_attrs.get('member', [])
+
+        if new_members:
+            members = group_entry_attrs.setdefault('member', [])
            members.extend(new_members)
-            group_entry_attrs['member'] = members

            try:
                ldap.update_entry(group_entry_attrs)
@ -310,7 +312,8 @@ def _update_default_group(ldap, pkey, config, ctx, force):
        e = datetime.datetime.now()
        d = e - s
        mode = " (forced)" if force else ""
-        api.log.debug('Adding %d users to group%s duration %s' % (len(new_members), mode, d))
+        api.log.debug('Adding %d users to group%s duration %s',
+                len(new_members), mode, d)

 # GROUP MIGRATION CALLBACKS AND VARS