Dmitri Pal wrote:
  On 05/31/2011 10:45 AM, tomasz.napier...@allegro.pl wrote:
Hi,
I'm trying to migrate data form our current FreeIPA install (v1) and I'm having 
problems with nonexistant objectClass in v2, which seems to be by default 
present in v1:

ipa migrate-ds --user-container=cn=users,cn=accounts 
--group-container=cn=groups,cn=accountsldap://ipaserverv1:389
Failed user:
   username: unknown object class "radiusprofile"

Also groups that are memboers of other groups are having problems too:
groupname: attribute "memberofindirect" not allowed

Is there any way to avoid this errors during migration?

I do not think we tried this migration.

Do you have any radius data populated in the v1? It seems that this is
in come way getting in the way.
The second issue is more worrying. We will see what can be done.

Please file two tickets and we will try to look at them.

The second problem is fixed upstream.

The objectclass problem is a bit trickier. We don't currently offer e mechanism for adding/dropping objectclasses on-the-fly.

The best fix would be to remove the OC from all users in the v1 server then do the migration. This is assuming you aren't using radius in v1.

An alternative fix would be to drop the file 60radius.ldif into the v2 schema directory and restart dirsrv:

On your v1 server it is in /etc/dirsrv/slapd-INSTANCE/schema. Copy this to the equivalent location on the v2 server.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to