rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0135-winsync-migrate-Properly-handle-collisions-in-the-na.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   aa60fb364aa859659fdb242b66651eeb82dd656d
  2.   SOURCES
  3.   0135-winsync-migrate-Properly-handle-collisions-in-the-na.patch
Blob History Raw
590d18 
From 6f0660a342320ecec805bc158ba31f43394f5ab2 Mon Sep 17 00:00:00 2001
590d18 
From: Tomas Babej <tbabej@redhat.com>
590d18 
Date: Wed, 23 Sep 2015 13:28:33 +0200
590d18 
Subject: [PATCH] winsync-migrate: Properly handle collisions in the names of
590d18 
 external groups
590d18
590d18 
Since the names of the external groups containing the migrated users
590d18 
must be stripped of characters which are not valid for use in group names,
590d18 
two different groups might be mapped to one during this process.
590d18
590d18 
Properly handle collisions in the names by adding an incremental
590d18 
numeric suffix.
590d18
590d18 
https://fedorahosted.org/freeipa/ticket/5319
590d18
590d18 
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
590d18 
---
590d18 
 ipaserver/install/ipa_winsync_migrate.py | 17 ++++++++++++++---
590d18 
 1 file changed, 14 insertions(+), 3 deletions(-)
590d18
590d18 
diff --git a/ipaserver/install/ipa_winsync_migrate.py b/ipaserver/install/ipa_winsync_migrate.py
590d18 
index 4dacde3f27ead341fd4d7d2a744d28f74d5c5b95..13c5ddef383204451cbc4bb662c8a1befc1d5f93 100644
590d18 
--- a/ipaserver/install/ipa_winsync_migrate.py
590d18 
+++ b/ipaserver/install/ipa_winsync_migrate.py
590d18 
@@ -231,15 +231,26 @@ class WinsyncMigrate(admintool.AdminTool):
590d18 
                 posixify(object_entry['cn'][0])
590d18 
             )
590d18
590d18 
-        def create_winsync_group(object_entry):
590d18 
+        def create_winsync_group(object_entry, suffix=0):
590d18 
             """
590d18 
             Creates the group containing migrated external users that were
590d18 
             previously available via winsync.
590d18 
             """
590d18
590d18 
             name = winsync_group_name(object_entry)
590d18 
-            api.Command['group_add'](name, external=True)
590d18 
-            api.Command[object_membership_command](object_entry['cn'][0], group=[name])
590d18 
+
590d18 
+            # Only non-trivial suffix is appended at the end
590d18 
+            if suffix != 0:
590d18 
+                name += str(suffix)
590d18 
+
590d18 
+            try:
590d18 
+                api.Command['group_add'](name, external=True)
590d18 
+            except errors.DuplicateEntry:
590d18 
+                # If there is a collision, let's try again with a higher suffix
590d18 
+                create_winsync_group(object_entry, suffix=suffix+1)
590d18 
+            else:
590d18 
+                # In case of no collision, add the membership
590d18 
+                api.Command[object_membership_command](object_entry['cn'][0], group=[name])
590d18
590d18 
         # Search for all objects containing the given user as a direct member
590d18 
         member_filter = self.ldap.make_filter_from_attr(user_dn_attribute,
590d18 
--
590d18 
2.4.3
590d18

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation