From 85a853ba93c1d23d5bad13a1ae2bee802dc90131 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 8 Jul 2024 11:25:53 -0400
Subject: [PATCH] Issue 9621 - ipa-migrate - should not update mapped
 attributes in managed entries

We should not migrate mmapped attributes (uidNumber, gidNumber) from
managed entries

We should also not migrate DNA ranges in staging mode

Fixes: https://pagure.io/freeipa/issue/9621

Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 ipaserver/install/ipa_migrate.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ipaserver/install/ipa_migrate.py b/ipaserver/install/ipa_migrate.py
index 0e19b98b5be532c513876e165561f0af176baa27..20f59f84db21022b66c0aa1ffd696d99aef85a44 100644
--- a/ipaserver/install/ipa_migrate.py
+++ b/ipaserver/install/ipa_migrate.py
@@ -1322,6 +1322,9 @@ class IPAMigrate():
                             self.args.reset_range
                             or self.mode == "stage-mode"
                         ) and attr.lower() in DNA_REGEN_ATTRS:
+                            # Skip dna attributes from managed entries
+                            if 'mepManagedBy' in local_entry:
+                                break
                             # Ok, set the magic regen value
                             local_entry[attr] = [DNA_REGEN_VAL]
                             self.log_debug("Resetting the DNA range for: "
@@ -1816,6 +1819,9 @@ class IPAMigrate():
         # processing the entries
         for entry in remote_dse:
             for dse_item in DS_CONFIG.items():
+                if dse_item[0] == "dna" and self.mode == "stage-mode":
+                    # Do not migrate DNA ranges in staging mode
+                    continue
                 dse = dse_item[1]
                 for dn in dse['dn']:
                     if DN(dn) == DN(entry['dn']):
-- 
2.45.2