Fix ipa migrate-ds when it finds a search reference

When ipa migrate-ds finds user entries and a search reference, it complains that the LDAP search did not return any result and does not migrate the entries or the groups. The issue comes from LDAPClient._convert_result which returns an empty result list when the input is a search reference. In turn LDAPClient.find_entries assumes that the empty result list corresponds to a Search Result Done and returns without any entry. The fix examines first the objtype returned by self.conn.result3. If it is a search result done, then the loop can be exited. Otherwise (referral or entry), _convert_result is called and the result (if not empty) is appended to the list of returned entries. https://fedorahosted.org/freeipa/ticket/6358 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-09-29 13:46:05 +02:00
parent ce2bb47cca
commit efb3700389
2 changed files with 5 additions and 10 deletions
--- a/ipaserver/plugins/migration.py
+++ b/ipaserver/plugins/migration.py
@@ -746,8 +746,7 @@ migration process might be incomplete\n''')
                entries, truncated = ds_ldap.find_entries(
                    search_filter, ['*'], search_bases[ldap_obj_name],
                    scope,
-                    time_limit=0, size_limit=-1,
-                    search_refs=True    # migrated DS may contain search references
+                    time_limit=0, size_limit=-1
                )
            except errors.NotFound:
                if not options.get('continue',False):