I don't know the goal of the compat mode. But with accounts in place of
compat, it's works !
Thank you, and happy new year !
Jacquelin
Le 23/12/2020 à 16:07, Rob Crittenden a écrit :
Jacquelin Charbonnel via FreeIPA-users wrote:
Hi everyone,
To create a nice new proper domain in CentOS8 (with a new name and
so), I use "ipa migrate-ds" on a fresh installed Centos8 server, to
retrieve entries from my current domain in CentOS7 :
ipa migrate-ds ldap://my_current_server:389
--user-container=cn=users,cn=compat,dc=ipa,dc=math
--bind-dn="cn=Directory Manager" --user-objectclass=posixAccount
--group-container=cn=groups,cn=compat,dc=ipa,dc=math
--group-objectclass=posixGroup
But "ipa migrate-ds" fails with this message for each user :
xxx: missing attribute "sn" required by object class
"organizationalPerson"
with a final :
No users/groups were migrated from ldap://...:389
I try with and without --with-compat option, and with
ipa-compat-manage enabled and disabled.
But when I look at ldap entries on the server in production, I see
however a sn record (containing the last name) for each user. So where
is the bug ?
I don't believe this is related but why are you using the compat
containers for users and groups? I'd suggest s/cn=compat/cn=accounts/.
rob
--
Jacquelin Charbonnel - (+33)2 4173 5397
CNRS Mathrice/LAREMA - Campus universitaire d'Angers
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
