On 12/23/20 10:19 AM, Jacquelin Charbonnel via FreeIPA-users wrote:
Hi everyone,
To create a nice new proper domain in CentOS8 (with a new name and
so), I use "ipa migrate-ds" on a fresh installed Centos8 server, to
retrieve entries from my current domain in CentOS7 :
ipa migrate-ds ldap://my_current_server:389
--user-container=cn=users,cn=compat,dc=ipa,dc=math
--bind-dn="cn=Directory Manager" --user-objectclass=posixAccount
--group-container=cn=groups,cn=compat,dc=ipa,dc=math
--group-objectclass=posixGroup
But "ipa migrate-ds" fails with this message for each user :
xxx: missing attribute "sn" required by object class
"organizationalPerson"
with a final :
No users/groups were migrated from ldap://...:389
I try with and without --with-compat option, and with
ipa-compat-manage enabled and disabled.
But when I look at ldap entries on the server in production, I see
however a sn record (containing the last name) for each user. So where
is the bug ?
Thanks,
Hi,
the command migrate-ds performs a search equivalent to
# ldapsearch -D "cn=Directory Manager" -W -b
cn=users,cn=compat,dc=ipa,dc=math "(objectclass=posixAccount)"
in order to find the users to migrate. As the specified base DN is the
compat tree (instead of cn=users,cn=accounts,dc=ipa,dc=math), only a
subset of the attributes are visible.
Can you retry with --user-container=cn=users,cn=accounts,dc=ipa,dc=math
and --group-container=cn=groups,cn=accounts,dc=ipa,dc=math?
flo
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
