IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

winsync-migrate: Convert entity names to posix friendly strings

Browse Source 
During the migration from winsync replicated users to their
trusted identities, memberships are being preserved. However,
trusted users are external and as such cannot be added as
direct members to the IPA entities. External groups which
encapsulate the migrated users are added as members to those
entities instead.

The name of the external group is generated from the type
of the entity and its name. However, the entity's name can
contain characters which are invalid for use in the group
name.

Adds a helper function to convert a given string to a string
which would be valid for such use and leverages it in the
winsync-migrate tool.

https://fedorahosted.org/freeipa/ticket/5319

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Tomas Babej 2015-09-23 13:27:35 +02:00 committed by Jan Cholasta
parent 4c39561261
commit a758f16abe
2 changed files with 35 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ipapython/ipautil.py
View File

@ -1330,6 +1330,29 @@ def restore_hostname(statestore):
except CalledProcessError as e: except CalledProcessError as e:
print("Failed to set this machine hostname back to %s: %s" % (old_hostname, str(e)), file=sys.stderr) print("Failed to set this machine hostname back to %s: %s" % (old_hostname, str(e)), file=sys.stderr)
def posixify(string):
"""
Convert a string to a more strict alpha-numeric representation.
- Alpha-numeric, underscore, dot and dash characters are accepted
- Space is converted to underscore
- Other characters are omitted
- Leading dash is stripped
Note: This mapping is not one-to-one and may map different input to the
same result. When using posixify, make sure the you do not map two different
entities to one unintentionally.
"""
def valid_char(char):
return char.isalnum() or char in ('_', '.', '-')
# First replace space characters
replaced = string.replace(' ','_')
omitted = ''.join(filter(valid_char, replaced))
# Leading dash is not allowed
return omitted.lstrip('-')
@contextmanager @contextmanager
def private_ccache(path=None): def private_ccache(path=None):

15
ipaserver/install/ipa_winsync_migrate.py
View File

@ -26,7 +26,7 @@ from ipalib import api
from ipalib import errors from ipalib import errors
from ipapython import admintool from ipapython import admintool
from ipapython.dn import DN from ipapython.dn import DN
from ipapython.ipautil import realm_to_suffix from ipapython.ipautil import realm_to_suffix, posixify
from ipapython.ipa_log_manager import log_mgr from ipapython.ipa_log_manager import log_mgr
from ipaserver.plugins.ldap2 import ldap2 from ipaserver.plugins.ldap2 import ldap2
from ipaserver.install import replication from ipaserver.install import replication
@ -219,12 +219,21 @@ class WinsyncMigrate(admintool.AdminTool):
def winsync_group_name(object_entry): def winsync_group_name(object_entry):
""" """
Returns the generated name of group containing migrated external users Returns the generated name of group containing migrated external
users.
The group name is of the form:
"<prefix>_<object name>_winsync_external"
Object name is converted to posix-friendly string by omitting
and/or replacing characters. This may lead to collisions, i.e.
if both 'trust_admins' and 'trust admin' groups have winsync
users being migrated.
""" """
return u"{0}_{1}_winsync_external".format( return u"{0}_{1}_winsync_external".format(
winsync_group_prefix, winsync_group_prefix,
object_entry['cn'][0] posixify(object_entry['cn'][0])
) )
def create_winsync_group(object_entry): def create_winsync_group(object_entry):