Since the names of the external groups containing the migrated users
must be stripped of characters which are not valid for use in group names,
two different groups might be mapped to one during this process.
Properly handle collisions in the names by adding an incremental
numeric suffix.
https://fedorahosted.org/freeipa/ticket/5319
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
During the migration from winsync replicated users to their
trusted identities, memberships are being preserved. However,
trusted users are external and as such cannot be added as
direct members to the IPA entities. External groups which
encapsulate the migrated users are added as members to those
entities instead.
The name of the external group is generated from the type
of the entity and its name. However, the entity's name can
contain characters which are invalid for use in the group
name.
Adds a helper function to convert a given string to a string
which would be valid for such use and leverages it in the
winsync-migrate tool.
https://fedorahosted.org/freeipa/ticket/5319
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The six way of doing this is to replace all occurences of "unicode"
with "six.text_type". However, "unicode" is non-ambiguous and
(arguably) easier to read. Also, using it makes the patches smaller,
which should help with backporting.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
python-krbV library is deprecated and doesn't work with python 3. Replacing all
it's usages with python-gssapi.
- Removed Backend.krb and KRB5_CCache classes
They were wrappers around krbV classes that cannot really work without them
- Added few utility functions for querying GSSAPI credentials
in krb_utils module. They provide replacements for KRB5_CCache.
- Merged two kinit_keytab functions
- Changed ldap plugin connection defaults to match ipaldap
- Unified getting default realm
Using api.env.realm instead of krbV call
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
