I'm trying to test out migration from an Apple Open Directory Server to FreeIPA (unstable) The command I'm running is:
ipa config-mod --enable-migration=true ipa -d migrate-ds --user-container='cn=users,dc=xxx,dc=xxxx,dc=com' --group-container='cn=groups,dc=xxx,dc=xxxx,dc=com' ldap://10.10.10.10:389 It prompts me for a password twice, then gives me a invalid credentials error ipa: INFO: Created connection context.xmlclient Password: Enter Password again to verify: ipa: DEBUG: raw: migrate_ds(u'ldap://10.10.10.10:389', u'********', usercontainer=u'cn=users,dc=xxx,dc=xxxx,dc=com', groupcontainer=u'cn=groups,dc=xxx,dc=xxxx,dc=com') ipa: INFO: migrate_ds(u'ldap://10.10.10.10:389', u'********', binddn=u'cn=directory manager', usercontainer=u'cn=users,dc=xxx,dc=xxxx,dc=com', groupcontainer=u'cn=groups,dc=xxx,dc=xxxx,dc=com', userobjectclass=(u'person',), groupobjectclass=(u'groupOfUniqueNames', u'groupOfNames'), schema=u'RFC2307bis', continue=False, exclude_groups=None, exclude_users=None) ipa: INFO: Forwarding 'migrate_ds' to server u'https://ipa0.xxxx.com/ipa/xml' ipa: DEBUG: NSSConnection init ipa0.xxxx.com ipa: DEBUG: connect: host=ipa0.xxxx.com port=443 ipa: DEBUG: connect: 10.10.10.11:443 ... ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer ipa: DEBUG: cert valid True for "CN=ipa0.xxxx.com,O=XXXX.COM" ipa: DEBUG: handshake complete, peer = 10.10.10.11:443 ipa: DEBUG: Caught fault 2100 from server https://ipa0.xxx.com/ipa/xml: Insufficient access: Invalid credentials ipa: INFO: Destroyed connection context.xmlclient ipa: ERROR: Insufficient access: Invalid credentials I'm able to connect to LDAP using the same password for cn="Directory Manager" which it appears to be the user it's asking the password for. Is this user error or a bug? If user error what am I doing wrong? Thanks. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
