Correct (depending on if your LDAP requires binding or not, you might not need '--bind-dn' at all)

Gabriel

On 10/9/2017 14:05, Andrew Meyer wrote:
Gabriel,
When I run the ipa -v migrate-ds I need to put in my OpenLDAP manager password, correct? Not my FreeIPA admin credentials.

Thank you,

On Monday, October 9, 2017, 12:33:53 PM CDT, Andrew Meyer via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:


Thank you!  I will take this and change it suit my network and let you know.

On Monday, October 9, 2017, 12:16:05 PM CDT, Gabriel Faber via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:


Here's what worked for me (all output removed):
# ipa-compat-manage disable
# systemctl restart dirsrv.target
# ipa config-mod --enable-migration=TRUE
# ipa -v migrate-ds --user-container='dc=melodis,dc=com' --group-container='ou=Group,dc=melodis,dc=com' --user-objectclass=posixAccount --group-objectclass=posixGroup --bind-dn='cn=Manager,dc=melodis,dc=com' ldap://ns1.sca.melodis.com:389
# ipa-compat-manage enable
# systemctl restart dirsrv.target
# ipa config-mod --enable-migration=FALSE

Note: As we added  ' ipaNTHash' for users (by running 'ipa-adtrust-install'), I had to add a 'Range' in the GUI before running these commands. That is probably not necessary otherwise.

Gabriel

On 10/9/2017 9:24, Andrew Meyer via FreeIPA-users wrote:
I'm heading down that route as well. But I would like to have both options available to the boss.

I'm not sure if my syntax is incorrect.  That's where I need help.

On Monday, October 9, 2017, 11:09:52 AM CDT, Mark Haney via FreeIPA-users <freeipa-users@lists.fedorahosted.org> <mailto:freeipa-users@lists.fedorahosted.org> wrote:


Honestly, we simply built a new IPA configuration rather than try to
migrate.  It's been far easier to move clients over by ripping the
OpenLDAP off and installing IPA-client than mucking with a conversion.


On 10/09/2017 11:50 AM, Andrew Meyer via FreeIPA-users wrote:
> Hello,
> I am planning to migrate from a OpenLDAP installation to FreeIPA.
>
> I have been following the directions and matching it to several blog
> posts about this however I am coming up with errors.
>
> [user@infra-test-ipa <mailto:user@infra-test-ipa> ~]$ ipa migrate-ds --user-container=users
> --group-container=group --user-objectclass=inetOrgPerson
> --group-objectclass=groupOfNames,groupOfUniqueNames
> ldap://my.host.name:389
> Password:
> ipa: ERROR: invalid 'group_container': malformed RDN string = "group"
> [user@infra-test-ipa <mailto:user@infra-test-ipa> ~]$ ipa migrate-ds --user-container=users
> --group-container=group ldap://my.host.name:389
> Password:
> ipa: ERROR: invalid 'group_container': malformed RDN string = "group"
> [user@infra-test-ipa <mailto:user@infra-test-ipa> ~]$ ipa migrate-ds --user-container=users
> --group-container=Group ldap://my.host.name:389
> Password:
> ipa: ERROR: invalid 'group_container': malformed RDN string = "Group"
> [user@infra-test-ipa <mailto:user@infra-test-ipa> ~]$ sudo kinit admin
> Password for ad...@mynewdomain.net <mailto:ad...@mynewdomain.net>:
> [user@infra-test-ipa <mailto:user@infra-test-ipa> ~]$ sudo ipa migrate-ds --user-container=users
> --group-container=Group ldap://my.host.name:389
> Password:
> ipa: ERROR: invalid 'group_container': malformed RDN string = "Group"
> [user@infra-test-ipa <mailto:user@infra-test-ipa> ~]$ sudo ipa migrate-ds --user-container="Users"
> --group-container=Group ldap://my.host.name:389
> Password:
> ipa: ERROR: invalid 'group_container': malformed RDN string = "Group"
> [user@infra-test-ipa <mailto:user@infra-test-ipa> ~]$ sudo ipa migrate-ds --user-container="Users"
> --base-dn="ou=Users,dc=olddomain,dc=local" --with-compat
> --group-container="Group" ldap://my.host.name:389
> Password:
> ipa: ERROR: invalid 'group_container': malformed RDN string = "Group"
>
>
> Has anyone run into this?
> I am running CentOS 7 w/ the latest version of everything.
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org <mailto:freeipa-users-le...@lists.fedorahosted.org>


--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.ha...@neonova.net <mailto:mark.ha...@neonova.net>
www.neonova.net <http://www.neonova.net>

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org <mailto:freeipa-users-le...@lists.fedorahosted.org>


_______________________________________________
FreeIPA-users mailing list --freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email tofreeipa-users-le...@lists.fedorahosted.org <mailto:freeipa-users-le...@lists.fedorahosted.org>

--
Gabriel Faber
Senior Operations Engineer
SoundHound Inc.
408-441-3267
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org <mailto:freeipa-users-le...@lists.fedorahosted.org>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org <mailto:freeipa-users-le...@lists.fedorahosted.org>

--
Gabriel Faber
Senior Operations Engineer
SoundHound Inc.
408-441-3267

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to