mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
migrate-ds: skip default group option
New option --use-default-group=False could be used to disable adding of migrated users into default group. By default, the default group is no longer POSIX therefore it doesn't fulfill the original idea of providing GID and therefore it could be skipped during migration. https://fedorahosted.org/freeipa/ticket/4950 Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
parent
2c1bca3b0f
commit
fda9698844
3
API.txt
3
API.txt
@ -2450,7 +2450,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
|
||||
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
||||
output: PrimaryKey('value', None, None)
|
||||
command: migrate_ds
|
||||
args: 2,18,4
|
||||
args: 2,19,4
|
||||
arg: Str('ldapuri', cli_name='ldap_uri')
|
||||
arg: Password('bindpw', cli_name='password', confirm=False)
|
||||
option: DNParam('basedn?', cli_name='base_dn')
|
||||
@ -2466,6 +2466,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj
|
||||
option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
|
||||
option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False)
|
||||
option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307'))
|
||||
option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True)
|
||||
option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people'))
|
||||
option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=())
|
||||
option: Str('userignoreobjectclass*', autofill=True, cli_name='user_ignore_objectclass', csv=True, default=())
|
||||
|
4
VERSION
4
VERSION
@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
|
||||
# #
|
||||
########################################################
|
||||
IPA_API_VERSION_MAJOR=2
|
||||
IPA_API_VERSION_MINOR=116
|
||||
# Last change: tbordaz - Add stageuser_add command"
|
||||
IPA_API_VERSION_MINOR=117
|
||||
# Last change: pvoborni - added --use-default-group option to migrate-ds
|
||||
|
@ -21,7 +21,7 @@ import re
|
||||
from ldap import MOD_ADD
|
||||
|
||||
from ipalib import api, errors, output
|
||||
from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File
|
||||
from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool
|
||||
from ipalib.cli import to_cli
|
||||
from ipalib.plugable import Registry
|
||||
from ipalib.plugins.user import NO_UPG_MAGIC
|
||||
@ -269,7 +269,8 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
|
||||
def _post_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx):
|
||||
assert isinstance(dn, DN)
|
||||
|
||||
_update_default_group(ldap, ctx, False)
|
||||
if 'def_group_dn' in ctx:
|
||||
_update_default_group(ldap, ctx, False)
|
||||
|
||||
if 'description' in entry_attrs and NO_UPG_MAGIC in entry_attrs['description']:
|
||||
entry_attrs['description'].remove(NO_UPG_MAGIC)
|
||||
@ -602,6 +603,14 @@ class migrate_ds(Command):
|
||||
doc=_('Load CA certificate of LDAP server from FILE'),
|
||||
default=None
|
||||
),
|
||||
Bool('use_def_group?',
|
||||
cli_name='use_default_group',
|
||||
label=_('Add to default group'),
|
||||
doc=_('Add migrated users without a group to a default group '
|
||||
'(default: true)'),
|
||||
default=True,
|
||||
autofill=True,
|
||||
),
|
||||
)
|
||||
|
||||
has_output = (
|
||||
@ -745,7 +754,7 @@ can use their Kerberos accounts.''')
|
||||
blacklists[blacklist] = tuple()
|
||||
|
||||
# get default primary group for new users
|
||||
if 'def_group_dn' not in context:
|
||||
if 'def_group_dn' not in context and options.get('use_def_group'):
|
||||
def_group = config.get('ipadefaultprimarygroup')
|
||||
context['def_group_dn'] = api.Object.group.get_dn(def_group)
|
||||
try:
|
||||
@ -836,7 +845,8 @@ can use their Kerberos accounts.''')
|
||||
api.log.info("%d %ss migrated. %s elapsed." % (migrate_cnt, ldap_obj_name, total_dur))
|
||||
api.log.debug("%d %ss migrated, duration: %s (total %s)" % (migrate_cnt, ldap_obj_name, d, total_dur))
|
||||
|
||||
_update_default_group(ldap, context, True)
|
||||
if 'def_group_dn' in context:
|
||||
_update_default_group(ldap, context, True)
|
||||
|
||||
return (migrated, failed)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user