Finn Fysj via FreeIPA-users wrote: > Having a closer look at https://www.freeipa.org/page/Howto/Migration > A ipa migrate-ds command is provided: > > $ echo Secret123 | ipa migrate-ds --bind-dn="cn=Directory Manager" > --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts > --group-objectclass=posixgroup > --user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry} > --user-ignore-objectclass=mepOriginEntry --with-compat > ldap://migrated.freeipa.server.test > > I look at this site as a recommendation of how to use ipa migrate-ds, however > following error arises for multiple users: > test_user: attribute \"mepManagedEntry\" not allowed" > > I have not been having any issues with "mine" ipa migrate-ds command, but I > look at the provided ipa migrate-ds command as "best practice" or at least > recommendation.
mepOriginEntry is how private groups are implemented. For more information on migrated private groups see https://rcritten.wordpress.com/2018/09/05/migration-and-user-private-groups/ rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
