Migration now accepts scope as argument

Adds a new option to command ipa migrate-ds, --scope=[base,onelevel,subtree] which allows the user to specify LDAP search depth for users and groups. 'onelevel' was the hard-coded level before this patch and is still default. Specify 'subtree' to search nested OUs for users and groups. https://fedorahosted.org/freeipa/ticket/2547 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-06-04 14:02:12 -04:00 · 2015-06-04 14:02:12 -04:00 · a57998f51e
commit a57998f51e
parent 13700d9d3f
3 changed files with 22 additions and 4 deletions
--- a/API.txt
+++ b/API.txt
@ -2522,7 +2522,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: migrate_ds
-args: 2,19,4
+args: 2,20,4
 arg: Str('ldapuri', cli_name='ldap_uri')
 arg: Password('bindpw', cli_name='password', confirm=False)
 option: DNParam('basedn?', cli_name='base_dn')
@ -2538,6 +2538,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj
 option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
 option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False)
 option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307'))
+option: StrEnum('scope', autofill=True, cli_name='scope', default=u'onelevel', values=(u'base', u'subtree', u'onelevel'))
 option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True)
 option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people'))
 option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=())
--- a/4
+++ b/4
@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=124
-# Last change: pvoborni - added topology management commands
+IPA_API_VERSION_MINOR=125
+# Last change: derny - migration now accepts scope as argument 
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@ -19,6 +19,7 @@

 import re
 from ldap import MOD_ADD
+from ldap import SCOPE_BASE, SCOPE_ONELEVEL, SCOPE_SUBTREE

 from ipalib import api, errors, output
 from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool
@ -141,6 +142,10 @@ _dn_err_msg = _('Malformed DN')

 _supported_schemas = (u'RFC2307bis', u'RFC2307')

+# search scopes for users and groups when migrating
+_supported_scopes = {u'base': SCOPE_BASE, u'onelevel': SCOPE_ONELEVEL, u'subtree': SCOPE_SUBTREE}
+_default_scope = u'onelevel'
+

 def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs):
    assert isinstance(dn, DN)
@ -611,6 +616,15 @@ class migrate_ds(Command):
            default=True,
            autofill=True,
        ),
+        StrEnum('scope',
+            cli_name='scope',
+            label=_('Search scope'),
+            doc=_('LDAP search scope for users and groups: base, onelevel, or '
+                  'subtree. Defaults to onelevel'),
+            values=tuple(_supported_scopes.keys()),
+            default=_default_scope,
+            autofill=True,
+        ),
    )

    has_output = (
@ -705,6 +719,9 @@ can use their Kerberos accounts.''')
        failed = {} # {'OBJ': {'PKEY1': 'Failed 'cos blabla', ...}, ...}
        search_bases = self._get_search_bases(options, ds_base_dn, self.migrate_order)
        migration_start = datetime.datetime.now()
+
+        scope = _supported_scopes[options.get('scope')]
+
        for ldap_obj_name in self.migrate_order:
            ldap_obj = self.api.Object[ldap_obj_name]

@ -721,7 +738,7 @@ can use their Kerberos accounts.''')
            try:
                entries, truncated = ds_ldap.find_entries(
                    search_filter, ['*'], search_bases[ldap_obj_name],
-                    ds_ldap.SCOPE_ONELEVEL,
+                    scope,
                    time_limit=0, size_limit=-1,
                    search_refs=True    # migrated DS may contain search references
                )