8b6d847e67
- Resolves: RHEL-47292 Include latest fixes in python3-ipatests packages - Resolves: RHEL-47146 Syntax error uninstalling the selinux-luna subpackage - Resolves: RHEL-46009 ipa-migrate with -Z option fails with ValueError: option error - Resolves: RHEL-46003 ipa-migrate -V options fails to display version - Resolves: RHEL-45463 ipa-migrate stage-mode is failing with error: Modifying a mapped attribute in a managed entry is not allowed - Resolves: RHEL-40890 ipa-server-install: token_password_file read in kra.install_check after calling hsm_validator in ca.install_check - Resolves: RHEL-40661 Adjust "ipa config-mod --addattr ipaconfigstring=EnforceLDAPOTP" to allow for non OTP users in some cases Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
47 lines
1.9 KiB
Diff
47 lines
1.9 KiB
Diff
From 85a853ba93c1d23d5bad13a1ae2bee802dc90131 Mon Sep 17 00:00:00 2001
|
|
From: Mark Reynolds <mreynolds@redhat.com>
|
|
Date: Mon, 8 Jul 2024 11:25:53 -0400
|
|
Subject: [PATCH] Issue 9621 - ipa-migrate - should not update mapped
|
|
attributes in managed entries
|
|
|
|
We should not migrate mmapped attributes (uidNumber, gidNumber) from
|
|
managed entries
|
|
|
|
We should also not migrate DNA ranges in staging mode
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9621
|
|
|
|
Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
|
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
---
|
|
ipaserver/install/ipa_migrate.py | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/ipaserver/install/ipa_migrate.py b/ipaserver/install/ipa_migrate.py
|
|
index 0e19b98b5be532c513876e165561f0af176baa27..20f59f84db21022b66c0aa1ffd696d99aef85a44 100644
|
|
--- a/ipaserver/install/ipa_migrate.py
|
|
+++ b/ipaserver/install/ipa_migrate.py
|
|
@@ -1322,6 +1322,9 @@ class IPAMigrate():
|
|
self.args.reset_range
|
|
or self.mode == "stage-mode"
|
|
) and attr.lower() in DNA_REGEN_ATTRS:
|
|
+ # Skip dna attributes from managed entries
|
|
+ if 'mepManagedBy' in local_entry:
|
|
+ break
|
|
# Ok, set the magic regen value
|
|
local_entry[attr] = [DNA_REGEN_VAL]
|
|
self.log_debug("Resetting the DNA range for: "
|
|
@@ -1816,6 +1819,9 @@ class IPAMigrate():
|
|
# processing the entries
|
|
for entry in remote_dse:
|
|
for dse_item in DS_CONFIG.items():
|
|
+ if dse_item[0] == "dna" and self.mode == "stage-mode":
|
|
+ # Do not migrate DNA ranges in staging mode
|
|
+ continue
|
|
dse = dse_item[1]
|
|
for dn in dse['dn']:
|
|
if DN(dn) == DN(entry['dn']):
|
|
--
|
|
2.45.2
|
|
|