5d90090676
- Resolves: RHEL-47294 SID generation task is failing when SELinux is in Enforcing mode - Resolves: RHEL-56472 Include latest fixes in python3-ipatests packages - Resolves: RHEL-56917 RFE add a tool to quickly detect and fix issues with IPA ID ranges - Resolves: RHEL-56965 Backport test fixes in python3-ipatests - Resolves: RHEL-58067 ipa replication installation fails in FIPS mode on rhel10 - Resolves: RHEL-59265 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode - Resolves: RHEL-59266 Also enable SSSD's ssh service when enabling sss_ssh_knownhosts Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
69 lines
3.1 KiB
Diff
69 lines
3.1 KiB
Diff
From 3b5a980f5b65b03b9fd7ad0cfbb6c87874d3ff24 Mon Sep 17 00:00:00 2001
|
|
From: Mark Reynolds <mreynolds@redhat.com>
|
|
Date: Tue, 3 Sep 2024 13:42:05 -0400
|
|
Subject: [PATCH] ipa-migrate - fix alternate entry search filter
|
|
|
|
Processing a filter like a DN can cause normalization issues that result
|
|
in an invalid filter. Make sure the filter is encapsulated with
|
|
parenthesis and we call replace_suffix_value() instead of
|
|
replace_suffix()
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9658
|
|
|
|
Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
|
|
|
|
Fix typo in test
|
|
|
|
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
|
---
|
|
ipaserver/install/ipa_migrate.py | 4 ++--
|
|
ipatests/test_integration/test_ipa_ipa_migration.py | 6 +++---
|
|
2 files changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/ipaserver/install/ipa_migrate.py b/ipaserver/install/ipa_migrate.py
|
|
index 78c530f24fe5d8c9f5de0f816df9904bf30c7b94..38356aa23ea435e2a616f48356feaea7b50dd1e4 100644
|
|
--- a/ipaserver/install/ipa_migrate.py
|
|
+++ b/ipaserver/install/ipa_migrate.py
|
|
@@ -1490,10 +1490,10 @@ class IPAMigrate():
|
|
if entry_type != "custom" and 'alt_id' in DB_OBJECTS[entry_type]:
|
|
attr = DB_OBJECTS[entry_type]['alt_id']['attr']
|
|
base = DB_OBJECTS[entry_type]['alt_id']['base']
|
|
- srch_filter = f'{attr}={entry_attrs[attr][0]}'
|
|
+ srch_filter = f'({attr}={entry_attrs[attr][0]})'
|
|
if DB_OBJECTS[entry_type]['alt_id']['isDN'] is True:
|
|
# Convert the filter to match the local suffix
|
|
- srch_filter = self.replace_suffix(srch_filter)
|
|
+ srch_filter = self.replace_suffix_value(srch_filter)
|
|
srch_base = base + str(self.local_suffix)
|
|
|
|
try:
|
|
diff --git a/ipatests/test_integration/test_ipa_ipa_migration.py b/ipatests/test_integration/test_ipa_ipa_migration.py
|
|
index f697bbfbfc6169309274db689501c99fe148cc70..288165e8a83a96e6f6bd4e52866f98617f497c56 100644
|
|
--- a/ipatests/test_integration/test_ipa_ipa_migration.py
|
|
+++ b/ipatests/test_integration/test_ipa_ipa_migration.py
|
|
@@ -610,7 +610,7 @@ class TestIPAMigrateScenario1(IntegrationTest):
|
|
MIGRATION_SCHEMA_LOG_MSG = "Migrating schema ...\n"
|
|
MIGRATION_CONFIG_LOG_MSG = "Migrating configuration ...\n"
|
|
IPA_UPGRADE_LOG_MSG = (
|
|
- "Running ipa-server-upgrade ... (this make take a while)\n"
|
|
+ "Running ipa-server-upgrade ... (this may take a while)\n"
|
|
)
|
|
SIDGEN_TASK_LOG_MSG = "Running SIDGEN task ...\n"
|
|
MIGRATION_COMPLETE_LOG_MSG = "Migration complete!\n"
|
|
@@ -641,10 +641,10 @@ class TestIPAMigrateScenario1(IntegrationTest):
|
|
tasks.kinit_admin(self.replicas[0])
|
|
MIGRATION_SCHEMA_LOG_MSG = "Migrating schema ...\n"
|
|
MIGRATION_DATABASE_LOG_MSG = (
|
|
- "Migrating database ... (this make take a while)\n"
|
|
+ "Migrating database ... (this may take a while)\n"
|
|
)
|
|
IPA_UPGRADE_LOG_MSG = (
|
|
- "Running ipa-server-upgrade ... (this make take a while)\n"
|
|
+ "Running ipa-server-upgrade ... (this may take a while)\n"
|
|
)
|
|
SIDGEN_TASK_LOG_MSG = "Running SIDGEN task ...\n"
|
|
result = run_migrate(
|
|
--
|
|
2.46.0
|
|
|