Re: [Freeipa-users] v1 to v2 migration problem: unknown object class "radiusprofile" and attribute "memberofindirect" not allowed

Thu, 30 Jun 2011 14:44:34 -0700 

Dan Scott wrote:

Hi,

On Tue, May 31, 2011 at 13:41, Rob Crittenden<rcrit...@redhat.com>  wrote:

Dmitri Pal wrote:


  On 05/31/2011 10:45 AM, tomasz.napier...@allegro.pl wrote:


Hi,
I'm trying to migrate data form our current FreeIPA install (v1) and I'm
having problems with nonexistant objectClass in v2, which seems to be by
default present in v1:

ipa migrate-ds --user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accountsldap://ipaserverv1:389
Failed user:
   username: unknown object class "radiusprofile"

Also groups that are memboers of other groups are having problems too:
groupname: attribute "memberofindirect" not allowed

Is there any way to avoid this errors during migration?


I do not think we tried this migration.

Do you have any radius data populated in the v1? It seems that this is
in come way getting in the way.
The second issue is more worrying. We will see what can be done.

Please file two tickets and we will try to look at them.


The second problem is fixed upstream.

The objectclass problem is a bit trickier. We don't currently offer e
mechanism for adding/dropping objectclasses on-the-fly.

The best fix would be to remove the OC from all users in the v1 server then
do the migration. This is assuming you aren't using radius in v1.

An alternative fix would be to drop the file 60radius.ldif into the v2
schema directory and restart dirsrv:

On your v1 server it is in /etc/dirsrv/slapd-INSTANCE/schema. Copy this to
the equivalent location on the v2 server.


Sorry to jump on this so late.

Do you know if the fix for "groupname: attribute "memberofindirect"
not allowed" has been released yet? I'm running Fedora 15 with the
latest updates from updates-testing and trying to migrate from FreeIPA
1.2. I've fixed the Radius issue by adding the 60radius.ldif file to
the FreeIPA 2.0 schema as suggested. Now, I'm getting "groupname:
attribute "memberofindirect" not allowed" for all of my members. The
groups all appear to migrate successfully.

Thanks,

Dan
Not released yet. I had wanted to release another 2.0.x dot release and update the tarball in Fedora. We're close to releasing 2.1 so I wonder if we'd be better off waiting for that (few more weeks). 

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to