On 03/19/2012 08:56 AM, Marco Pizzoli wrote: > > > On Mon, Mar 19, 2012 at 1:43 PM, Simo Sorce <[email protected] > <mailto:[email protected]>> wrote: > > On Sun, 2012-03-18 at 18:33 +0100, Marco Pizzoli wrote: > > > > > > On Sun, Mar 18, 2012 at 5:49 PM, Dmitri Pal <[email protected] > <mailto:[email protected]>> wrote: > > On 03/17/2012 07:36 AM, Marco Pizzoli wrote: > > > Hi guys, > > > I'm trying to migrate my ldap user base to freeipa. I'm > > > using the last Release Candidate. > > > > > > I already changed "ipa config-mod --enable-migration=TRUE" > > > This is what I have: > > > > > > ipa -v migrate-ds > > > --bind-dn="cn=manager,dc=mydc1,dc=mydc2.it > <http://mydc2.it>" > > > --user-container="ou=people,dc=mydc1,dc=mydc2.it > <http://mydc2.it>" > > > --user-objectclass=inetOrgPerson > > > --group-container="ou=groups,dc=mydc1,dc=mydc2.it > <http://mydc2.it>" > > > --group-objectclass=posixGroup > > > --base-dn="dc=mydc1,dc=mydc2.it <http://mydc2.it>" > --with-compat ldap://ldap01 > > > ipa: INFO: trying > https://freeipa01.unix.mydomain.it/ipa/xml > > > Password: > > > ipa: INFO: Forwarding 'migrate_ds' to server > > > u'http://freeipa01.unix.mydomain.it/ipa/xml' > > > ipa: ERROR: Container for group not found at > > > ou=groups,dc=mydc1,dc=mydc2.it <http://mydc2.it> > > > > > > I looked at my ldap server logs and I found out that the > > > search executed has scope=1. Actually both for users and > > > groups. This is a problem for me, in having a lot of > > > subtrees (ou) in which my users and groups are. Is there a > > > way to manage this? > > > > > > Thanks in advance > > > Marco > > > > > > P.s. As a side note, I suppose there's a typo in the > verbose > > > message I obtain in my output: > > > ipa: INFO: Forwarding 'migrate_ds' to server > > > u'http://freeipa01.unix.mydomain.it/ipa/xml' > > > > > > Please open tickets for both issues. > > > > > > Done: > > https://fedorahosted.org/freeipa/ticket/2547 > > https://fedorahosted.org/freeipa/ticket/2546 > > > > Do you have a hint on how to manage to do this import in the > meantime? > > Every manual step is ok for me. > > Maybe you can try performing a new migration for each of the subtrees > you have in your source tree, assuming it is a reasonable number, by > reconfiguring the migrate-ds bases between each run. > > > Yes, I was thinking the same... :-) > To be able to script "ipa migrate-ds", I would need a parameter for > setting the password on the CLI. I suppose it isn't there by design, > right? >
Will it handle the case when the group has members from different levels and some of the users are not picked by the search? In this case I suspect the user group membership might be lost. I am not sure that this is the case. Just something to pay attention. > Thanks again > Marco > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
