From 528a21996734467be193673e4f987e7e3acc3ad9 Mon Sep 17 00:00:00 2001

From: Alexander Bokovoy <abokovoy@redhat.com>

Date: Sat, 11 May 2019 11:54:40 +0300

Subject: [PATCH] upgrade: adtrust - catch empty result when retrieving list of

 trusts

Upgrade failure when ipa-server-upgrade is being run on a system with no

trust established but trust configured

Fixes: https://pagure.io/freeipa/issue/7939

---

 ipaserver/install/plugins/adtrust.py | 16 +++++++++++-----

 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py

index 6b4e2caa2..cdc3a8b04 100644

--- a/ipaserver/install/plugins/adtrust.py

+++ b/ipaserver/install/plugins/adtrust.py

@@ -609,11 +609,17 @@ class update_tdo_to_new_layout(Updater):

         trusts_dn = self.api.env.container_adtrusts + self.api.env.basedn

-        trusts = ldap.get_entries(

-            base_dn=trusts_dn,

-            scope=ldap.SCOPE_ONELEVEL,

-            filter=self.trust_filter,

-            attrs_list=self.trust_attrs)

+        # We might be in a situation when no trusts exist yet

+        # In such case there is nothing to upgrade but we have to catch

+        # an exception or it will abort the whole upgrade process

+        try:

+            trusts = ldap.get_entries(

+                base_dn=trusts_dn,

+                scope=ldap.SCOPE_ONELEVEL,

+                filter=self.trust_filter,

+                attrs_list=self.trust_attrs)

+        except errors.EmptyResult:

+            trusts = []

         # For every trust, retrieve its principals and convert

         for t_entry in trusts:

-- 

2.21.0