Hi guys,
I set up freeipa 4.0.0 on a brand new Fedora 20 box, from your copr repos.
Install and config went fine. Kinit: fine. Trying to migrate from my old ldap
setup: problem. Old ldap setup primarily had accounts for web apps
(inetOrgPerson) and a few accounts with everything needed for login
(posixAccount).
"Ipa migrate-ds" for the existing posixAccounts: works fine.
Migrating the web only accounts requires a bit more manual labor, and isn't
working yet. I extracted a csv of my "web-only" accounts and made a script to
upgrade them with posix attributes and add them to freeipa. Each line looks
like:
ipa user-add "bill.mathews" --last="Mathews" --first="William" --email="blah"
--phone="xxx-yyy-zzzz" --setattr userpassword="{SHA}bunchajunka" --setattr
o="University of Tweedle" --gidnumber=65534 --uid=2000063
And I get:
ERROR: Constraint violation: invalid password syntax - passwords with storage
scheme are not allowed
I was inspired to include the password this way from:
http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
Is there any password preserving way to migrate my web-only accounts using "ipa
user-add"? If there's no easy answer, I'll probably just add the attributes in
the current ldap, then let "ipa migrate-ds" work its magic. But I want to see
user-add work if its possible.
Thanks,
Bryce
PS: I believe all instances of "service dirsrv restart" on
http://www.freeipa.org/docs/master/html-desktop/index.html#finding-excluding-entries
need to be changed to "systemctl restart dirsrv.target", since there is no
"dirsrv.service".
This electronic message contains information generated by the USDA solely for
the intended recipients. Any unauthorized interception of this message or the
use or disclosure of the information it contains may violate the law and
subject the violator to civil or criminal penalties. If you believe you have
received this message in error, please notify the sender and delete the email
immediately.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
