Hi, On Tue, May 31, 2011 at 13:41, Rob Crittenden <rcrit...@redhat.com> wrote: > Dmitri Pal wrote: >> >> On 05/31/2011 10:45 AM, tomasz.napier...@allegro.pl wrote: >>> >>> Hi, >>> I'm trying to migrate data form our current FreeIPA install (v1) and I'm >>> having problems with nonexistant objectClass in v2, which seems to be by >>> default present in v1: >>> >>> ipa migrate-ds --user-container=cn=users,cn=accounts >>> --group-container=cn=groups,cn=accountsldap://ipaserverv1:389 >>> Failed user: >>> username: unknown object class "radiusprofile" >>> >>> Also groups that are memboers of other groups are having problems too: >>> groupname: attribute "memberofindirect" not allowed >>> >>> Is there any way to avoid this errors during migration? >> >> I do not think we tried this migration. >> >> Do you have any radius data populated in the v1? It seems that this is >> in come way getting in the way. >> The second issue is more worrying. We will see what can be done. >> >> Please file two tickets and we will try to look at them. > > The second problem is fixed upstream. > > The objectclass problem is a bit trickier. We don't currently offer e > mechanism for adding/dropping objectclasses on-the-fly. > > The best fix would be to remove the OC from all users in the v1 server then > do the migration. This is assuming you aren't using radius in v1. > > An alternative fix would be to drop the file 60radius.ldif into the v2 > schema directory and restart dirsrv: > > On your v1 server it is in /etc/dirsrv/slapd-INSTANCE/schema. Copy this to > the equivalent location on the v2 server.
Sorry to jump on this so late. Do you know if the fix for "groupname: attribute "memberofindirect" not allowed" has been released yet? I'm running Fedora 15 with the latest updates from updates-testing and trying to migrate from FreeIPA 1.2. I've fixed the Radius issue by adding the 60radius.ldif file to the FreeIPA 2.0 schema as suggested. Now, I'm getting "groupname: attribute "memberofindirect" not allowed" for all of my members. The groups all appear to migrate successfully. Thanks, Dan _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
