migrate-winsync: Create user ID overrides in place of winsynced user entries

https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

ipaserver/winsync_migrate/base.py

@@ -27,6 +27,8 @@ from ipapython.dn import DN
 from ipapython.ipa_log_manager import log_mgr
 from ipaserver.plugins.ldap2 import ldap2
 
+DEFAULT_TRUST_VIEW_NAME = u'Default Trust View'
+
 
 class MigrateWinsync(admintool.AdminTool):
     """
@@ -44,6 +46,33 @@ class MigrateWinsync(admintool.AdminTool):
         "For more information, see `man ipa-migrate-winsync`."
         )
 
+    def create_id_user_override(self, entry):
+        """
+        Creates ID override corresponding to this user entry.
+        """
+
+        user_identifier = u"%s@%s" % (entry['uid'][0], self.options.realm)
+
+        kwargs = {
+            'uid': entry['uid'][0],
+            'uidnumber': entry['uidnumber'][0],
+            'gidnumber': entry['gidnumber'][0],
+            'gecos': entry['gecos'][0],
+            'loginshell': entry['loginshell'][0]
+        }
+
+        try:
+            result = api.Command['idoverrideuser_add'](
+                DEFAULT_TRUST_VIEW_NAME,
+                user_identifier,
+                **kwargs
+            )
+        except Exception as e:
+            self.log.warning("Migration failed: %s (%s)"
+                             % (user_identifier, str(e)))
+        else:
+            self.log.debug("Migrated: %s" % user_identifier)
+
     def find_winsync_users(self):
         """
         Finds all users that were mirrored from AD using winsync.
@@ -81,4 +110,7 @@ class MigrateWinsync(admintool.AdminTool):
         except errors.DatabaseError, e:
             sys.exit("Cannot connect to the LDAP database. Please check if IPA is running.")
 
+        # Create ID overrides replacing the user winsync entries
         entries = self.find_winsync_users()
+        for entry in entries:
+            self.create_id_user_override(entry)