On Tue, May 31, 2011 at 13:41, Rob Crittenden <rcrit...@redhat.com> wrote:
> Dmitri Pal wrote:
>>  On 05/31/2011 10:45 AM, tomasz.napier...@allegro.pl wrote:
>>> Hi,
>>> I'm trying to migrate data form our current FreeIPA install (v1) and I'm
>>> having problems with nonexistant objectClass in v2, which seems to be by
>>> default present in v1:
>>> ipa migrate-ds --user-container=cn=users,cn=accounts
>>> --group-container=cn=groups,cn=accountsldap://ipaserverv1:389
>>> Failed user:
>>>   username: unknown object class "radiusprofile"
>>> Also groups that are memboers of other groups are having problems too:
>>> groupname: attribute "memberofindirect" not allowed
>>> Is there any way to avoid this errors during migration?
>> I do not think we tried this migration.
>> Do you have any radius data populated in the v1? It seems that this is
>> in come way getting in the way.
>> The second issue is more worrying. We will see what can be done.
>> Please file two tickets and we will try to look at them.
> The second problem is fixed upstream.
> The objectclass problem is a bit trickier. We don't currently offer e
> mechanism for adding/dropping objectclasses on-the-fly.
> The best fix would be to remove the OC from all users in the v1 server then
> do the migration. This is assuming you aren't using radius in v1.
> An alternative fix would be to drop the file 60radius.ldif into the v2
> schema directory and restart dirsrv:
> On your v1 server it is in /etc/dirsrv/slapd-INSTANCE/schema. Copy this to
> the equivalent location on the v2 server.

Sorry to jump on this so late.

Do you know if the fix for "groupname: attribute "memberofindirect"
not allowed" has been released yet? I'm running Fedora 15 with the
latest updates from updates-testing and trying to migrate from FreeIPA
1.2. I've fixed the Radius issue by adding the 60radius.ldif file to
the FreeIPA 2.0 schema as suggested. Now, I'm getting "groupname:
attribute "memberofindirect" not allowed" for all of my members. The
groups all appear to migrate successfully.



Freeipa-users mailing list

Reply via email to