[Freeipa-users] Re: Users won't migrate despite filters?

Thu, 23 Jul 2020 10:12:19 -0700 

Alfred Victor via FreeIPA-users wrote:
> Hi all,
> 
> We're performing some migrate-ds and noticed some missing users. We took
> a closer look and the errors are:
> 
>   <redacted user>: attribute "givenName" not allowed
>   <redacted user>: attribute "givenName" not allowed
>   <redacted user>: attribute "departmentNumber" not allowed
>   <redacted user>: attribute "departmentNumber" not allowed
>   <redacted user>: attribute "departmentNumber" not allowed

It means those attributes aren't provided by the available objectclasses.

You are ignoring a bunch of objectclasses required by IPA, notably
person, orginazationalPerson and inetOrgPerson. The things following
that in the user-ignore-objectclass are attributes.

rob

> 
> 
> This is odd, because this OU is being grabbed with some filters which
> should specifically ignore these attributes. The old environment is
> OpenLDAP and the migrate-ds command is as follows:
> 
> ipa migrate-ds --schema=RFC2307 --base-dn="dc=<redacted>,dc=com" 
> --bind-dn="cn=<redacted>,ou=<redacted>,dc=<redacted>,dc=com" 
> --ca-cert-file=/etc/ssl/certs/ca.crt ldaps://<redacted> 
> --user-container=ou=<redacted>
> --user-objectclass=posixaccount --group-container=ou=group
> --group-objectclass=posixgroup
> --user-ignore-attribute="sn,ldappublickey,sshpublickey,givenName,departmentNumber"
> --user-ignore-objectclass={person,organizationalPerson,inetOrgPerson,departmentNumber,givenName,ldappublickey,sshpublickey}
> 
> 
> Regards,
> Alfred
> 
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/[email protected]
> 
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to