Alfred Victor wrote: > Hi Rob, > > I am now only seeing two users get skipped but the rest has come over! > This is why in the remaining users case, I have tried to resolve with > more options or removing further options but no luck. Please advise: > > <redacted>: unknown object class "ldappublickey" > > <redacted>: unknown object class "ldappublickey"
I don't know what's stored in that but --user-ignore-objectclass=ldappublickey should fix it. rob > > > Alfred > > > On Thu, Jul 23, 2020 at 1:49 PM Alfred Victor <[email protected] > <mailto:[email protected]>> wrote: > > Apologies, you are correct. I misread this as a colleague set these > options originally, so I had assumed it was an attempt to solve this > issue and misinterpreted the RHEL article. I will give it a try, thanks! > > Alfred > > On Thu, Jul 23, 2020 at 1:21 PM Rob Crittenden <[email protected] > <mailto:[email protected]>> wrote: > > Alfred Victor wrote: > > Hi Rob, > > > > Thanks for your prompt response. I will remove the attributes > from the > > objectclass list, I think they only wound up there because I was > > confused about what was happening. The rest were added because > that is > > listed as the solution for the same (givenName, etc) attribute not > > allowed errors below, though appears this does not extend to > OpenLDAP as > > the directory source. Is there something I can do to import > the users > > successfully? > > > > https://access.redhat.com/solutions/3245371 > > That article states that dropping the --user-ignore-objectclass line > resolved the issue. > > rob > > > > > Regards, > > > > Alfred > > > > On Thu, Jul 23, 2020 at 12:11 PM Rob Crittenden > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > Alfred Victor via FreeIPA-users wrote: > > > Hi all, > > > > > > We're performing some migrate-ds and noticed some > missing users. > > We took > > > a closer look and the errors are: > > > > > > <redacted user>: attribute "givenName" not allowed > > > <redacted user>: attribute "givenName" not allowed > > > <redacted user>: attribute "departmentNumber" not allowed > > > <redacted user>: attribute "departmentNumber" not allowed > > > <redacted user>: attribute "departmentNumber" not allowed > > > > It means those attributes aren't provided by the available > > objectclasses. > > > > You are ignoring a bunch of objectclasses required by IPA, > notably > > person, orginazationalPerson and inetOrgPerson. The things > following > > that in the user-ignore-objectclass are attributes. > > > > rob > > > > > > > > > > > This is odd, because this OU is being grabbed with some > filters which > > > should specifically ignore these attributes. The old > environment is > > > OpenLDAP and the migrate-ds command is as follows: > > > > > > ipa migrate-ds --schema=RFC2307 > --base-dn="dc=<redacted>,dc=com" > > --bind-dn="cn=<redacted>,ou=<redacted>,dc=<redacted>,dc=com" > > --ca-cert-file=/etc/ssl/certs/ca.crt ldaps://<redacted> > > --user-container=ou=<redacted> > > > --user-objectclass=posixaccount --group-container=ou=group > > > --group-objectclass=posixgroup > > > > > > > --user-ignore-attribute="sn,ldappublickey,sshpublickey,givenName,departmentNumber" > > > > > > > --user-ignore-objectclass={person,organizationalPerson,inetOrgPerson,departmentNumber,givenName,ldappublickey,sshpublickey} > > > > > > > > > Regards, > > > Alfred > > > > > > _______________________________________________ > > > FreeIPA-users mailing list -- > [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > > To unsubscribe send an email to > > [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > > > https://lists.fedorahosted.org/archives/list/[email protected] > > > > > > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
