diff --git a/API.txt b/API.txt index f747765d7..346e35fda 100644 --- a/API.txt +++ b/API.txt @@ -2450,7 +2450,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) command: migrate_ds -args: 2,18,4 +args: 2,19,4 arg: Str('ldapuri', cli_name='ldap_uri') arg: Password('bindpw', cli_name='password', confirm=False) option: DNParam('basedn?', cli_name='base_dn') @@ -2466,6 +2466,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames')) option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False) option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307')) +option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True) option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people')) option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=()) option: Str('userignoreobjectclass*', autofill=True, cli_name='user_ignore_objectclass', csv=True, default=()) diff --git a/VERSION b/VERSION index b584eb458..8824bbfe4 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=116 -# Last change: tbordaz - Add stageuser_add command" +IPA_API_VERSION_MINOR=117 +# Last change: pvoborni - added --use-default-group option to migrate-ds diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index b89ddac3e..9846b3e2f 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -21,7 +21,7 @@ import re from ldap import MOD_ADD from ipalib import api, errors, output -from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File +from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool from ipalib.cli import to_cli from ipalib.plugable import Registry from ipalib.plugins.user import NO_UPG_MAGIC @@ -269,7 +269,8 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs def _post_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx): assert isinstance(dn, DN) - _update_default_group(ldap, ctx, False) + if 'def_group_dn' in ctx: + _update_default_group(ldap, ctx, False) if 'description' in entry_attrs and NO_UPG_MAGIC in entry_attrs['description']: entry_attrs['description'].remove(NO_UPG_MAGIC) @@ -602,6 +603,14 @@ class migrate_ds(Command): doc=_('Load CA certificate of LDAP server from FILE'), default=None ), + Bool('use_def_group?', + cli_name='use_default_group', + label=_('Add to default group'), + doc=_('Add migrated users without a group to a default group ' + '(default: true)'), + default=True, + autofill=True, + ), ) has_output = ( @@ -745,7 +754,7 @@ can use their Kerberos accounts.''') blacklists[blacklist] = tuple() # get default primary group for new users - if 'def_group_dn' not in context: + if 'def_group_dn' not in context and options.get('use_def_group'): def_group = config.get('ipadefaultprimarygroup') context['def_group_dn'] = api.Object.group.get_dn(def_group) try: @@ -836,7 +845,8 @@ can use their Kerberos accounts.''') api.log.info("%d %ss migrated. %s elapsed." % (migrate_cnt, ldap_obj_name, total_dur)) api.log.debug("%d %ss migrated, duration: %s (total %s)" % (migrate_cnt, ldap_obj_name, d, total_dur)) - _update_default_group(ldap, context, True) + if 'def_group_dn' in context: + _update_default_group(ldap, context, True) return (migrated, failed)