[Freeipa-devel] [PATCH] 416 Use valid LDAP search base in migration plugin
Rich Megginson
rmeggins at redhat.com
Fri Jul 26 15:54:02 UTC 2013
On 07/26/2013 09:28 AM, Martin Kosek wrote:
> On 07/26/2013 04:04 PM, Rich Megginson wrote:
>> On 07/26/2013 05:43 AM, Martin Kosek wrote:
>>> One find_entry_by_attr call did not set a search base leading to
>>> LDAP search call with zero search base. This leads to false negative
>>> results from LDAP.
>>>
>>> ----
>>>
>>> Pushed to master, ipa-3-2 as a one-liner.
>> Does the migrate code correctly handle the search return? Before it was
>> working fine when it got the err=32 - it just assumed the user did not already
>> exist. With the correct search base, the search will return err=0, and will
>> return no search entries, which migration should assume means the user does not
>> already exist.
>>
> Thanks for double-checking this Rich. But our LDAP library raised exception
> when LDAP returns no entry, I double checked this particular call I changed:
>
>>>> conn.find_entry_by_attr('krbprincipalname', 'admin at EXAMPLE.COM',
> 'krbprincipalaux', [''], DN(api.env.container_user, api.env.basedn))
> LDAPEntry(ipapython.dn.DN('uid=admin,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com'),
> {})
>
>>>> conn.find_entry_by_attr('krbprincipalname', 'doesnotexist at EXAMPLE.COM',
> 'krbprincipalaux', [''], DN(api.env.container_user, api.env.basedn))
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1299, in
> find_entry_by_attr
> (entries, truncated) = self.find_entries(filter, attrs_list, base_dn)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1248, in
> find_entries
> raise errors.NotFound(reason='no such entry')
> ipalib.errors.NotFound: no such entry
>
> So the change should work correctly.
>
> Martin
ok - ack
More information about the Freeipa-devel
mailing list