Issue 5495 - RFE - skip dds during migration. (389ds#5496)

Bug Description: We don't directly support dynamic directory services per openldap, so we need to skip these values in migration. The admin must review these changes. Fix Description: Skip the values. fixes: 389ds#5495 Author: William Brown <william@blackhats.net.au> Review by: @droideck @mreynolds389
mreynolds389 · Oct 21, 2022 · 8fedec0 · 8fedec0
1 parent b53941e
commit 8fedec0
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/src/lib389/lib389/migrate/plan.py b/src/lib389/lib389/migrate/plan.py
@@ -101,6 +101,7 @@ class ImportTransformer(LDIFParser):
     def __init__(self, f_import, f_outport, exclude_attributes_set, exclude_objectclass_set):
         self.exclude_attributes_set = exclude_attributes_set
         # Already all lowered by the db ldif import
+
         self.exclude_objectclass_set = exclude_objectclass_set
         self.f_outport = f_outport
         self.writer = LDIFWriter(self.f_outport)
@@ -540,6 +541,14 @@ def __init__(self, inst, olschema=None, oldatabases=None, ldifs=None, skip_schem
             '1.3.6.1.4.1.42.2.27.8.1.13', # pwdMustChange
             '1.3.6.1.4.1.42.2.27.8.1.14', # pwdAllowUserChange
             '1.3.6.1.4.1.42.2.27.8.2.1', # pwdPolicy objectClass
+            # Openldap supplies some schema which conflicts to ours, skip them
+            'NetscapeLDAPattributeType:198', # memberUrl
+            'NetscapeLDAPobjectClass:33', # groupOfURLs
+
+            # Dynamic Directory Services can't be supported due to missing syntax oid below, so we
+            # exclude the "otherwise" supported attrs / ocs
+            'DynGroupAttr:1', # dgIdentity
+            'DynGroupOC:1', # dgIdentityAux
         ] + skip_schema_oids)
         self._schema_oid_unsupported = set([
             # RFC4517 othermailbox syntax is not supported on 389.
@@ -561,6 +570,9 @@ def __init__(self, inst, olschema=None, oldatabases=None, ldifs=None, skip_schem
             '1.3.6.1.4.1.42.2.27.8.1.15', # pwdSafeModify
             '1.3.6.1.4.1.4754.1.99.1', # pwdCheckModule
             '1.3.6.1.4.1.42.2.27.8.1.30', # pwdMaxRecordedFailure
+            # OpenLDAP dynamic directory services defines an internal
+            # oid ( 1.3.6.1.4.1.4203.666.2.7 )for dynamic group authz, but has very little docs about this.
+            'DynGroupAttr:2', # dgAuthz
         ])
 
         self._skip_entry_attributes = set(
@@ -574,12 +586,17 @@ def __init__(self, inst, olschema=None, oldatabases=None, ldifs=None, skip_schem
                 'pwdsafemodify',
                 'pwdcheckmodule',
                 'pwdmaxrecordedfailure',
+                # dds attributes we don't support
+                'dgidentity',
+                'dgauthz'
             ] +
             [x.lower() for x in skip_entry_attributes]
         )
-        self._skip_entry_objectclasses = set(
+        # These tend to be be from overlays we don't support
+        self._skip_entry_objectclasses = set([
             'pwdpolicy',
-        )
+            'dgidentityaux'
+        ])
 
         self._gen_migration_plan()