From fda96988444c8c01115f0e992abe1b71192998d5 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Fri, 20 Mar 2015 18:00:19 +0100 Subject: [PATCH] migrate-ds: skip default group option New option --use-default-group=False could be used to disable adding of migrated users into default group. By default, the default group is no longer POSIX therefore it doesn't fulfill the original idea of providing GID and therefore it could be skipped during migration. https://fedorahosted.org/freeipa/ticket/4950 Reviewed-By: Martin Basti --- API.txt | 3 ++- VERSION | 4 ++-- ipalib/plugins/migration.py | 18 ++++++++++++++---- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/API.txt b/API.txt index f747765d7..346e35fda 100644 --- a/API.txt +++ b/API.txt @@ -2450,7 +2450,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) command: migrate_ds -args: 2,18,4 +args: 2,19,4 arg: Str('ldapuri', cli_name='ldap_uri') arg: Password('bindpw', cli_name='password', confirm=False) option: DNParam('basedn?', cli_name='base_dn') @@ -2466,6 +2466,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames')) option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False) option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307')) +option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True) option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people')) option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=()) option: Str('userignoreobjectclass*', autofill=True, cli_name='user_ignore_objectclass', csv=True, default=()) diff --git a/VERSION b/VERSION index b584eb458..8824bbfe4 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=116 -# Last change: tbordaz - Add stageuser_add command" +IPA_API_VERSION_MINOR=117 +# Last change: pvoborni - added --use-default-group option to migrate-ds diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index b89ddac3e..9846b3e2f 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -21,7 +21,7 @@ import re from ldap import MOD_ADD from ipalib import api, errors, output -from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File +from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool from ipalib.cli import to_cli from ipalib.plugable import Registry from ipalib.plugins.user import NO_UPG_MAGIC @@ -269,7 +269,8 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs def _post_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx): assert isinstance(dn, DN) - _update_default_group(ldap, ctx, False) + if 'def_group_dn' in ctx: + _update_default_group(ldap, ctx, False) if 'description' in entry_attrs and NO_UPG_MAGIC in entry_attrs['description']: entry_attrs['description'].remove(NO_UPG_MAGIC) @@ -602,6 +603,14 @@ class migrate_ds(Command): doc=_('Load CA certificate of LDAP server from FILE'), default=None ), + Bool('use_def_group?', + cli_name='use_default_group', + label=_('Add to default group'), + doc=_('Add migrated users without a group to a default group ' + '(default: true)'), + default=True, + autofill=True, + ), ) has_output = ( @@ -745,7 +754,7 @@ can use their Kerberos accounts.''') blacklists[blacklist] = tuple() # get default primary group for new users - if 'def_group_dn' not in context: + if 'def_group_dn' not in context and options.get('use_def_group'): def_group = config.get('ipadefaultprimarygroup') context['def_group_dn'] = api.Object.group.get_dn(def_group) try: @@ -836,7 +845,8 @@ can use their Kerberos accounts.''') api.log.info("%d %ss migrated. %s elapsed." % (migrate_cnt, ldap_obj_name, total_dur)) api.log.debug("%d %ss migrated, duration: %s (total %s)" % (migrate_cnt, ldap_obj_name, d, total_dur)) - _update_default_group(ldap, context, True) + if 'def_group_dn' in context: + _update_default_group(ldap, context, True) return (migrated, failed)