Tree - rpms/ipa - CentOS Git server

rpms / ipa

Files

Commit: f79abd34f1c04f9dc82c34128d2faa64c17afe53
Blob Blame History Raw
From 6f0660a342320ecec805bc158ba31f43394f5ab2 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Wed, 23 Sep 2015 13:28:33 +0200
Subject: [PATCH] winsync-migrate: Properly handle collisions in the names of
 external groups

Since the names of the external groups containing the migrated users
must be stripped of characters which are not valid for use in group names,
two different groups might be mapped to one during this process.

Properly handle collisions in the names by adding an incremental
numeric suffix.

https://fedorahosted.org/freeipa/ticket/5319

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 ipaserver/install/ipa_winsync_migrate.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/ipa_winsync_migrate.py b/ipaserver/install/ipa_winsync_migrate.py
index 4dacde3f27ead341fd4d7d2a744d28f74d5c5b95..13c5ddef383204451cbc4bb662c8a1befc1d5f93 100644
--- a/ipaserver/install/ipa_winsync_migrate.py
+++ b/ipaserver/install/ipa_winsync_migrate.py
@@ -231,15 +231,26 @@ class WinsyncMigrate(admintool.AdminTool):
                 posixify(object_entry['cn'][0])
             )
 
-        def create_winsync_group(object_entry):
+        def create_winsync_group(object_entry, suffix=0):
             """
             Creates the group containing migrated external users that were
             previously available via winsync.
             """
 
             name = winsync_group_name(object_entry)
-            api.Command['group_add'](name, external=True)
-            api.Command[object_membership_command](object_entry['cn'][0], group=[name])
+
+            # Only non-trivial suffix is appended at the end
+            if suffix != 0:
+                name += str(suffix)
+
+            try:
+                api.Command['group_add'](name, external=True)
+            except errors.DuplicateEntry:
+                # If there is a collision, let's try again with a higher suffix
+                create_winsync_group(object_entry, suffix=suffix+1)
+            else:
+                # In case of no collision, add the membership
+                api.Command[object_membership_command](object_entry['cn'][0], group=[name])
 
         # Search for all objects containing the given user as a direct member
         member_filter = self.ldap.make_filter_from_attr(user_dn_attribute,
-- 
2.4.3
rpms / ipa

Source Code

Files
