Sigbjorn Lie wrote:

On Fri, January 27, 2012 15:37, Rob Crittenden wrote:
Stephen Gallagher wrote:

On Fri, 2012-01-27 at 15:11 +0100, Sigbjorn Lie wrote:


The first naming context returned from the LDAP server is always chosen
when using migrate-ds. This makes my import fail when I attempt to import users 
and groups from
a previous LDAP server having more than 1 naming contexts available.

The migrate-ds script should accept an option to specify what base_dn I
would like to import from.

Is there such an option today? I cannot find it...

Not currently. I noticed this earlier in the week and opened a ticket on

Just to add to this request, if the original LDAP server has a
defaultNamingContext attribute, it should be honored for auto-detecting which 
base to migrate.

I'll update the 2314 to ensure we don't forget about this. 389-ds just
added support for defaultNamingContext.

Ok, thank you.

Anything I can do to work around this issue today? I suppose there is just a 
file that need to be
hacked to set a set a value instead of the auto-detected value... ?


~line 620 you'll see a block starting with the comment "retrieve DS base DN".

Comment out the next 8 lines by prefixing them with # (these query to get the namingContext then pull the first value out).


ds_base_dn = 'dc=yourbasedn,dc=com'

Alternatively you could always just add the above line to override what is detected. Commenting out just saves an LDAP lookup.

Restart Apache.


Freeipa-users mailing list

Reply via email to