Hi Rob, I am now only seeing two users get skipped but the rest has come over! This is why in the remaining users case, I have tried to resolve with more options or removing further options but no luck. Please advise:
<redacted>: unknown object class "ldappublickey" <redacted>: unknown object class "ldappublickey" Alfred On Thu, Jul 23, 2020 at 1:49 PM Alfred Victor <[email protected]> wrote: > Apologies, you are correct. I misread this as a colleague set these > options originally, so I had assumed it was an attempt to solve this issue > and misinterpreted the RHEL article. I will give it a try, thanks! > > Alfred > > On Thu, Jul 23, 2020 at 1:21 PM Rob Crittenden <[email protected]> > wrote: > >> Alfred Victor wrote: >> > Hi Rob, >> > >> > Thanks for your prompt response. I will remove the attributes from the >> > objectclass list, I think they only wound up there because I was >> > confused about what was happening. The rest were added because that is >> > listed as the solution for the same (givenName, etc) attribute not >> > allowed errors below, though appears this does not extend to OpenLDAP as >> > the directory source. Is there something I can do to import the users >> > successfully? >> > >> > https://access.redhat.com/solutions/3245371 >> >> That article states that dropping the --user-ignore-objectclass line >> resolved the issue. >> >> rob >> >> > >> > Regards, >> > >> > Alfred >> > >> > On Thu, Jul 23, 2020 at 12:11 PM Rob Crittenden <[email protected] >> > <mailto:[email protected]>> wrote: >> > >> > Alfred Victor via FreeIPA-users wrote: >> > > Hi all, >> > > >> > > We're performing some migrate-ds and noticed some missing users. >> > We took >> > > a closer look and the errors are: >> > > >> > > <redacted user>: attribute "givenName" not allowed >> > > <redacted user>: attribute "givenName" not allowed >> > > <redacted user>: attribute "departmentNumber" not allowed >> > > <redacted user>: attribute "departmentNumber" not allowed >> > > <redacted user>: attribute "departmentNumber" not allowed >> > >> > It means those attributes aren't provided by the available >> > objectclasses. >> > >> > You are ignoring a bunch of objectclasses required by IPA, notably >> > person, orginazationalPerson and inetOrgPerson. The things following >> > that in the user-ignore-objectclass are attributes. >> > >> > rob >> > >> > > >> > > >> > > This is odd, because this OU is being grabbed with some filters >> which >> > > should specifically ignore these attributes. The old environment >> is >> > > OpenLDAP and the migrate-ds command is as follows: >> > > >> > > ipa migrate-ds --schema=RFC2307 --base-dn="dc=<redacted>,dc=com" >> > --bind-dn="cn=<redacted>,ou=<redacted>,dc=<redacted>,dc=com" >> > --ca-cert-file=/etc/ssl/certs/ca.crt ldaps://<redacted> >> > --user-container=ou=<redacted> >> > > --user-objectclass=posixaccount --group-container=ou=group >> > > --group-objectclass=posixgroup >> > > >> > >> >> --user-ignore-attribute="sn,ldappublickey,sshpublickey,givenName,departmentNumber" >> > > >> > >> >> --user-ignore-objectclass={person,organizationalPerson,inetOrgPerson,departmentNumber,givenName,ldappublickey,sshpublickey} >> > > >> > > >> > > Regards, >> > > Alfred >> > > >> > > _______________________________________________ >> > > FreeIPA-users mailing list -- >> [email protected] >> > <mailto:[email protected]> >> > > To unsubscribe send an email to >> > [email protected] >> > <mailto:[email protected]> >> > > Fedora Code of Conduct: >> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> > > List Guidelines: >> > https://fedoraproject.org/wiki/Mailing_list_guidelines >> > > List Archives: >> > >> https://lists.fedorahosted.org/archives/list/[email protected] >> > > >> > >> >>
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
