On 15/03/16 17:22, Rob Crittenden wrote:
lejeczek wrote:
On 15/03/16 14:14, lejeczek wrote:
On 15/03/16 13:42, Rob Crittenden wrote:
lejeczek wrote:
On 14/03/16 17:06, Rob Crittenden wrote:
lejeczek wrote:
with...
ipa: ERROR: group LDAP search did not return any
result (search base:
ou=groups,dc=ccnr,dc=biotechnology, objectclass:
groupofuniquenames,
groupofnames)
I see users went in but later I realized that
current samba's ou was
"group" not groups.
Can I just re-run migrations?
Yes. It will skip over anything that already exists
in IPA.
thanks Rob, may I ask why process by defaults looks up
only
objectclass:
groupofuniquenames, groupofnames?
It is conservative but this is why it can be overridden.
Is there a reason it skips ldap+samba typical
posixGroup &
sambaGroupMapping?
We haven't had many (any?) reports of migrating from
ldap+samba.
Lastly, is there a way to preserve account
locked/disabled status for
posix/samba?
I don't know how it is stored but as lon
g as the schema is available in
IPA then the values should be preserved on migration
unless the
attributes are associated with a blacklisted objectclass.
rob
last - this must most FAQ people wonder - can IPA's 389
backend be
used in the same/similar fashion samba uses ldap?
skipping all the
kerberos bits? (samba & IPA on the same one box)
this might be more 389-ds related - in old days I
remember DS had
mozldap dedicated toolset, how is it these days? How do
users deal
with 389-ds IPA-related bits?
many thanks
now when I've groups migrated I see mappings user-group
are lost. Would
it be because my groups did not go in first time together
with users?
Need more info. What do you mean by mappings are lost?
yes, sorry, supplementary groups, these are there but I
don't see id command confirms user is a member.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
