Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1150040

Summary: ignoring user attributes in migrate-ds does not work if uppercase characters are returned by ldap
Product: [Fedora] Fedora Reporter: david
Component: freeipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 22CC: abokovoy, mkosek, pviktori, pvoborni, rcritten, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-4.1.3-2.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1159816 (view as bug list) Environment:
Last Closed: 2015-03-05 12:38:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1159816    

Description david 2014-10-07 10:18:27 UTC
Description of problem:
I tried to migrate a openldap based directory to FreeIPA, while removing several objectclasses. --user-ignore-attribute didn't work.

The Problem seems to be, that the LDAPEntry Object entry_attry in migration.py isn't lowercased while the blacklist is force to lower case by the script.

the problem can be resolved by replacing
        if attr in attr_blacklist:
with:
        if attr.lower() in attr_blacklist:

Version-Release number of selected component (if applicable): 4.0.3 on Fedora 20


How reproducible: use migrate-ds with --user-ignore-attribute

Steps to Reproduce:
1. 
2.
3.

Actual results:

error:
Failed user:
  xxx: attribute "shadowLastChange" not allowed
  xxx: attribute "shadowLastChange" not allowed


Expected results:
user is migrated


Additional info:

Comment 1 Martin Kosek 2014-10-07 10:59:28 UTC
Thanks for the bug report! I will clone it to upstream Trac. The change looks OK, would you consider sending it in form of a patch to freeipa-devel list? This way, your contribute could be recognized in FreeIPA git repository!

http://www.freeipa.org/page/Contribute/Code

Comment 2 Martin Kosek 2014-10-07 10:59:57 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4620

Comment 4 Fedora Update System 2015-02-23 14:40:58 UTC
freeipa-4.1.3-2.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/freeipa-4.1.3-2.fc21

Comment 5 Fedora Update System 2015-02-25 13:25:32 UTC
Package freeipa-4.1.3-2.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeipa-4.1.3-2.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-2482/freeipa-4.1.3-2.fc21
then log in and leave karma (feedback).

Comment 6 Jaroslav Reznik 2015-03-03 17:19:01 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 7 Fedora Update System 2015-03-05 12:38:55 UTC
freeipa-4.1.3-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.