On Mon, Mar 19, 2012 at 2:42 PM, Rob Crittenden <[email protected]> wrote:
> Dmitri Pal wrote: > >> On 03/17/2012 07:36 AM, Marco Pizzoli wrote: >> >>> Hi guys, >>> I'm trying to migrate my ldap user base to freeipa. I'm using the last >>> Release Candidate. >>> >>> I already changed "ipa config-mod --enable-migration=TRUE" >>> This is what I have: >>> >>> ipa -v migrate-ds --bind-dn="cn=manager,dc=**mydc1,dc=mydc2.it >>> <http://mydc2.it>" --user-container="ou=people,**dc=mydc1,dc=mydc2.it >>> <http://mydc2.it>" --user-objectclass=**inetOrgPerson >>> --group-container="ou=groups,**dc=mydc1,dc=mydc2.it <http://mydc2.it>" >>> --group-objectclass=posixGroup >>> --base-dn="dc=mydc1,dc=mydc2.**it<http://mydc2.it> >>> <http://mydc2.it>" --with-compat ldap://ldap01 >>> >>> ipa: INFO: trying >>> https://freeipa01.unix.**mydomain.it/ipa/xml<https://freeipa01.unix.mydomain.it/ipa/xml> >>> Password: >>> ipa: INFO: Forwarding 'migrate_ds' to server >>> u'http://freeipa01.unix.**mydomain.it/ipa/xml<http://freeipa01.unix.mydomain.it/ipa/xml> >>> ' >>> ipa: ERROR: Container for group not found at >>> ou=groups,dc=mydc1,dc=mydc2.it <http://mydc2.it> >>> >>> >>> I looked at my ldap server logs and I found out that the search >>> executed has scope=1. Actually both for users and groups. This is a >>> problem for me, in having a lot of subtrees (ou) in which my users and >>> groups are. Is there a way to manage this? >>> >>> Thanks in advance >>> Marco >>> >>> P.s. As a side note, I suppose there's a typo in the verbose message I >>> obtain in my output: >>> ipa: INFO: Forwarding 'migrate_ds' to server >>> *u*'http://freeipa01.unix.**mydomain.it/ipa/xml<http://freeipa01.unix.mydomain.it/ipa/xml> >>> ' >>> >> >> Please open tickets for both issues. >> > > Well, I don't think either is a bug. > > If you have users/groups in multiple places you'll need to migrate them > individually for now. It is safe to run migrate-ds multiple times, existing > users are not migrated. > I just re-executed by specifing a nested ou for my groups. This is what I got: ipa: INFO: trying https://freeipa01.unix.csebo.it/ipa/xml ipa: INFO: Forwarding 'migrate_ds' to server u' http://freeipa01.unix.csebo.it/ipa/xml' ----------- migrate-ds: ----------- Migrated: Failed user: fw03075_no: Type or value exists: [other users listed] Failed group: pdbac32: Type or value exists: [other groups listed] ---------- Passwords have been migrated in pre-hashed format. IPA is unable to generate Kerberos keys unless provided with clear text passwords. All migrated users need to login at https://your.domain/ipa/migration/ before they can use their Kerberos accounts. I don't understand what it's trying to telling me. On my FreeIPA ldap server I don't see any imported user. What's my fault here? > > The u is a python-ism for unicode. This is not a bug. > Please, could you give a little more detail on this? It's only a hint on what that data represents in a Python variable? Thanks again Marco > > rob > > > ______________________________**_________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users> >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
