From 85a853ba93c1d23d5bad13a1ae2bee802dc90131 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Jul 17 2024 07:17:17 +0000 Subject: Issue 9621 - ipa-migrate - should not update mapped attributes in managed entries We should not migrate mmapped attributes (uidNumber, gidNumber) from managed entries We should also not migrate DNA ranges in staging mode Fixes: https://pagure.io/freeipa/issue/9621 Signed-off-by: Mark Reynolds Reviewed-By: Rob Crittenden --- diff --git a/ipaserver/install/ipa_migrate.py b/ipaserver/install/ipa_migrate.py index 0e19b98..20f59f8 100644 --- a/ipaserver/install/ipa_migrate.py +++ b/ipaserver/install/ipa_migrate.py @@ -1322,6 +1322,9 @@ class IPAMigrate(): self.args.reset_range or self.mode == "stage-mode" ) and attr.lower() in DNA_REGEN_ATTRS: + # Skip dna attributes from managed entries + if 'mepManagedBy' in local_entry: + break # Ok, set the magic regen value local_entry[attr] = [DNA_REGEN_VAL] self.log_debug("Resetting the DNA range for: " @@ -1816,6 +1819,9 @@ class IPAMigrate(): # processing the entries for entry in remote_dse: for dse_item in DS_CONFIG.items(): + if dse_item[0] == "dna" and self.mode == "stage-mode": + # Do not migrate DNA ranges in staging mode + continue dse = dse_item[1] for dn in dse['dn']: if DN(dn) == DN(entry['dn']):