On Mon, Feb 18, 2013 at 12:16:33AM -0500, Dmitri Pal wrote: > On 02/17/2013 03:55 PM, Jan-Frode Myklebust wrote: > > On Sun, Feb 17, 2013 at 09:48:10PM +0100, Jan-Frode Myklebust wrote: > >> (Sun Feb 17 21:40:07 2013) [sssd[be[IPALDAP]]] [sdap_fill_memberships] > >> (7): member #2 (uid=emilb,cn=users,cn=accounts,dc=example,dc=net): not > >> found! > >> > > <snip> > > > >> This user was migrated saturday, using: > >> > >> ipa migrate-ds --user-ignore-objectclass=ldapPublic Key > >> --user-ignore-attribute=sshPublicKey --user-container=ou=People > >> --group-cont ou=Groups ldap://sim1.example.net:389 --with-compat > >> > >> I don't know what --with-compat does, but it migrate-ds seemed to require > >> it > >> this time. Earlier migrations hasn't needed it.. > >> > > I see now that all the users I migrated saturday are logged as "not > > found!". Maybe they need to log in and get fully migrated before they > > show up in the groups? (We're running IPA in migration mode). > > > > > > -jf > Please do the ldap search of the user and post it here. > I bet some attribute or object class is missing. > But SSSD should see users that are just migrated. > Did you use migrate-ds or loaded LDIF manually?
Are only the users you migrated not showing up? Does getent passwd emilb work? Given that you explicitly configured cache_credentials=false can you log in (to verify SSSD is able to correctly connect to the remote server) ? _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
