migrate-ds: skip default group option

New option --use-default-group=False could be used to disable adding of
migrated users into default group.

By default, the default group is no longer POSIX therefore it doesn't
fulfill the original idea of providing GID and therefore it could be
skipped during migration.

https://fedorahosted.org/freeipa/ticket/4950

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Petr Vobornik 2015-03-20 18:00:19 +01:00
parent 2c1bca3b0f
commit fda9698844
3 changed files with 18 additions and 7 deletions

View File

@ -2450,7 +2450,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: PrimaryKey('value', None, None)
command: migrate_ds
args: 2,18,4
args: 2,19,4
arg: Str('ldapuri', cli_name='ldap_uri')
arg: Password('bindpw', cli_name='password', confirm=False)
option: DNParam('basedn?', cli_name='base_dn')
@ -2466,6 +2466,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj
option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', csv=True, default=(u'groupOfUniqueNames', u'groupOfNames'))
option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False)
option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=(u'RFC2307bis', u'RFC2307'))
option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True)
option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people'))
option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', csv=True, default=())
option: Str('userignoreobjectclass*', autofill=True, cli_name='user_ignore_objectclass', csv=True, default=())

View File

@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=116
# Last change: tbordaz - Add stageuser_add command"
IPA_API_VERSION_MINOR=117
# Last change: pvoborni - added --use-default-group option to migrate-ds

View File

@ -21,7 +21,7 @@ import re
from ldap import MOD_ADD
from ipalib import api, errors, output
from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File
from ipalib import Command, Password, Str, Flag, StrEnum, DNParam, File, Bool
from ipalib.cli import to_cli
from ipalib.plugable import Registry
from ipalib.plugins.user import NO_UPG_MAGIC
@ -269,7 +269,8 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs
def _post_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx):
assert isinstance(dn, DN)
_update_default_group(ldap, ctx, False)
if 'def_group_dn' in ctx:
_update_default_group(ldap, ctx, False)
if 'description' in entry_attrs and NO_UPG_MAGIC in entry_attrs['description']:
entry_attrs['description'].remove(NO_UPG_MAGIC)
@ -602,6 +603,14 @@ class migrate_ds(Command):
doc=_('Load CA certificate of LDAP server from FILE'),
default=None
),
Bool('use_def_group?',
cli_name='use_default_group',
label=_('Add to default group'),
doc=_('Add migrated users without a group to a default group '
'(default: true)'),
default=True,
autofill=True,
),
)
has_output = (
@ -745,7 +754,7 @@ can use their Kerberos accounts.''')
blacklists[blacklist] = tuple()
# get default primary group for new users
if 'def_group_dn' not in context:
if 'def_group_dn' not in context and options.get('use_def_group'):
def_group = config.get('ipadefaultprimarygroup')
context['def_group_dn'] = api.Object.group.get_dn(def_group)
try:
@ -836,7 +845,8 @@ can use their Kerberos accounts.''')
api.log.info("%d %ss migrated. %s elapsed." % (migrate_cnt, ldap_obj_name, total_dur))
api.log.debug("%d %ss migrated, duration: %s (total %s)" % (migrate_cnt, ldap_obj_name, d, total_dur))
_update_default_group(ldap, context, True)
if 'def_group_dn' in context:
_update_default_group(ldap, context, True)
return (migrated, failed)