s4:upgradeprovision - fix up the script regarding linked attributes

We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.

The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.

I personally don't see a good way how to do this better for now so I would leave
this as a manual step.

diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index e95977a258b3b112f7b21e969ba8c9e0a370b1fa..23980cd3da9b773ea9ba1aa15c7e28c20875d837 100755 (executable)
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -560,18 +560,52 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
 
        sam_ldb.transaction_start()
 
-       empty = ldb.Message()
-       message(SIMPLE,"There are %d missing objects"%(len(listMissing)))
-       for dn in listMissing:
-               reference = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
-               delta = sam_ldb.msg_diff(empty,reference[0])
-               for att in hashAttrNotCopied.keys():
-                       delta.remove(att)
-               for att in backlinked:
-                       delta.remove(att)
-               delta.dn = dn
-
-               sam_ldb.add(delta,["relax:0"])
+       err_num = 0
+       err_msg = ""
+       while len(listMissing) > 0:
+               listMissing2 = []
+
+               empty = ldb.Message()
+               message(SIMPLE,"There are still %d objects missing"%(len(listMissing)))
+
+               for dn in listMissing:
+                       reference = newsam_ldb.search(expression="dn=%s" % (str(dn)),
+                                                     base=basedn, scope=SCOPE_SUBTREE,
+                                                     controls=["search_options:1:2"])
+                       delta = sam_ldb.msg_diff(empty,reference[0])
+                       for att in hashAttrNotCopied.keys():
+                               delta.remove(att)
+                       for att in backlinked:
+                               delta.remove(att)
+                       delta.dn = dn
+
+                       try:
+                               sam_ldb.add(delta,["relax:0"])
+                               # This is needed here since otherwise the
+                               # "replmd_meta_data" module doesn't see the
+                               # updated data
+                               sam_ldb.transaction_commit()
+                               sam_ldb.transaction_start()
+                       except LdbError, (num, msg):
+                               # An exception can happen if a linked object
+                               # doesn't exist which can happen if it is also
+                               # to be added
+                               err_num = num
+                               err_msg = msg
+                               listMissing2.append(dn)
+
+               if len(listMissing2) == len(listMissing):
+                       # We couldn't add any object in this iteration ->
+                       # we have to resign and hope that the user manually
+                       # fixes the damage
+
+                       message(ERROR, "The script isn't capable to do the upgrade fully automatically!")
+                       message(ERROR, "Often this happens when important system objects moved their location. Please look for them (for example doable using the displayed 'sAMAccountName' attribute), backup if personally changed and remove them.")
+                       message(ERROR, "Reinvoke this script and reapply eventual modifications done before. It is possible to get this error more than once (for each problematic object).")
+
+                       raise LdbError(err_num, err_msg)
+
+               listMissing = listMissing2
 
        changed = 0
        for dn in listPresent: