Jacquelin Charbonnel via FreeIPA-users wrote: > Hi everyone, > > To create a nice new proper domain in CentOS8 (with a new name and > so), I use "ipa migrate-ds" on a fresh installed Centos8 server, to > retrieve entries from my current domain in CentOS7 : > > ipa migrate-ds ldap://my_current_server:389 > --user-container=cn=users,cn=compat,dc=ipa,dc=math > --bind-dn="cn=Directory Manager" --user-objectclass=posixAccount > --group-container=cn=groups,cn=compat,dc=ipa,dc=math > --group-objectclass=posixGroup > > But "ipa migrate-ds" fails with this message for each user : > > xxx: missing attribute "sn" required by object class > "organizationalPerson" > > with a final : > > No users/groups were migrated from ldap://...:389 > > I try with and without --with-compat option, and with > ipa-compat-manage enabled and disabled. > > But when I look at ldap entries on the server in production, I see > however a sn record (containing the last name) for each user. So where > is the bug ?
I don't believe this is related but why are you using the compat containers for users and groups? I'd suggest s/cn=compat/cn=accounts/. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
