Sigbjorn Lie wrote:
On Fri, January 27, 2012 15:37, Rob Crittenden wrote:
Stephen Gallagher wrote:
On Fri, 2012-01-27 at 15:11 +0100, Sigbjorn Lie wrote:
Hi
The first naming context returned from the LDAP server is always chosen
when using migrate-ds. This makes my import fail when I attempt to import users
and groups from
a previous LDAP server having more than 1 naming contexts available.
The migrate-ds script should accept an option to specify what base_dn I
would like to import from.
Is there such an option today? I cannot find it...
Not currently. I noticed this earlier in the week and opened a ticket on
it, https://fedorahosted.org/freeipa/ticket/2314
Just to add to this request, if the original LDAP server has a
defaultNamingContext attribute, it should be honored for auto-detecting which
base to migrate.
I'll update the 2314 to ensure we don't forget about this. 389-ds just
added support for defaultNamingContext.
Ok, thank you.
Anything I can do to work around this issue today? I suppose there is just a
file that need to be
hacked to set a set a value instead of the auto-detected value... ?
/usr/lib/python*/site-packages/ipalib/plugins/migration.py
~line 620 you'll see a block starting with the comment "retrieve DS base
DN".
Comment out the next 8 lines by prefixing them with # (these query to
get the namingContext then pull the first value out).
Add:
ds_base_dn = 'dc=yourbasedn,dc=com'
Alternatively you could always just add the above line to override what
is detected. Commenting out just saves an LDAP lookup.
Restart Apache.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
