1150040 – ignoring user attributes in migrate-ds does not work if uppercase characters are returned by ldap

Bug 1150040 - ignoring user attributes in migrate-ds does not work if uppercase characters are returned by ldap

Summary: ignoring user attributes in migrate-ds does not work if uppercase characters ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	freeipa
Sub Component:
Version:	22
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1159816
TreeView+	depends on / blocked

Reported:	2014-10-07 10:18 UTC by david
Modified:	2015-03-05 12:38 UTC (History)
CC List:	6 users (show)
Fixed In Version:	freeipa-4.1.3-2.fc21
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1159816 (view as bug list)
Environment:
Last Closed:	2015-03-05 12:38:55 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description david 2014-10-07 10:18:27 UTC

Description of problem:
I tried to migrate a openldap based directory to FreeIPA, while removing several objectclasses. --user-ignore-attribute didn't work.

The Problem seems to be, that the LDAPEntry Object entry_attry in migration.py isn't lowercased while the blacklist is force to lower case by the script.

the problem can be resolved by replacing
        if attr in attr_blacklist:
with:
        if attr.lower() in attr_blacklist:

Version-Release number of selected component (if applicable): 4.0.3 on Fedora 20


How reproducible: use migrate-ds with --user-ignore-attribute

Steps to Reproduce:
1. 
2.
3.

Actual results:

error:
Failed user:
  xxx: attribute "shadowLastChange" not allowed
  xxx: attribute "shadowLastChange" not allowed


Expected results:
user is migrated


Additional info:

Comment 1 Martin Kosek 2014-10-07 10:59:28 UTC

Thanks for the bug report! I will clone it to upstream Trac. The change looks OK, would you consider sending it in form of a patch to freeipa-devel list? This way, your contribute could be recognized in FreeIPA git repository!

http://www.freeipa.org/page/Contribute/Code

Comment 2 Martin Kosek 2014-10-07 10:59:57 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4620

Comment 3 Petr Viktorin (pviktori) 2014-11-20 15:50:52 UTC

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/35dad9684b22819a2c848e7ebb78cfbc438a30e6
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/8ab85f161513b376c95094ccfe2b60202fe41baa

Comment 4 Fedora Update System 2015-02-23 14:40:58 UTC

freeipa-4.1.3-2.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/freeipa-4.1.3-2.fc21

Comment 5 Fedora Update System 2015-02-25 13:25:32 UTC

Package freeipa-4.1.3-2.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeipa-4.1.3-2.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-2482/freeipa-4.1.3-2.fc21
then log in and leave karma (feedback).

Comment 6 Jaroslav Reznik 2015-03-03 17:19:01 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 7 Fedora Update System 2015-03-05 12:38:55 UTC

freeipa-4.1.3-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.