mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
migrate-ds: fix compat plugin check
After ACI refactoring, admin cannot read Schema Compatibility plugin configuration and therefore migrade-ds won't find if compat plugin is enabled. Now the check si done by looking if cn=compat subtree is present. https://fedorahosted.org/freeipa/ticket/4825 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
parent
727f8099af
commit
e6beaaccce
@ -140,7 +140,6 @@ _dn_err_msg = _('Malformed DN')
|
||||
|
||||
_supported_schemas = (u'RFC2307bis', u'RFC2307')
|
||||
|
||||
_compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config'))
|
||||
|
||||
def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs):
|
||||
assert isinstance(dn, DN)
|
||||
@ -879,10 +878,8 @@ can use their Kerberos accounts.''')
|
||||
#check whether the compat plugin is enabled
|
||||
if not options.get('compat'):
|
||||
try:
|
||||
check_compat = ldap.get_entry(_compat_dn)
|
||||
if check_compat is not None and \
|
||||
check_compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
|
||||
return dict(result={}, failed={}, enabled=True, compat=False)
|
||||
ldap.get_entry(DN(('cn', 'compat'), (api.env.basedn)))
|
||||
return dict(result={}, failed={}, enabled=True, compat=False)
|
||||
except errors.NotFound:
|
||||
pass
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user