Sigbjorn Lie wrote:


On Fri, January 27, 2012 15:37, Rob Crittenden wrote:
Stephen Gallagher wrote:

On Fri, 2012-01-27 at 15:11 +0100, Sigbjorn Lie wrote:

Hi


The first naming context returned from the LDAP server is always chosen
when using migrate-ds. This makes my import fail when I attempt to import users 
and groups from
a previous LDAP server having more than 1 naming contexts available.

The migrate-ds script should accept an option to specify what base_dn I
would like to import from.

Is there such an option today? I cannot find it...


Not currently. I noticed this earlier in the week and opened a ticket on
it, https://fedorahosted.org/freeipa/ticket/2314


Just to add to this request, if the original LDAP server has a
defaultNamingContext attribute, it should be honored for auto-detecting which 
base to migrate.

I'll update the 2314 to ensure we don't forget about this. 389-ds just
added support for defaultNamingContext.


Ok, thank you.

Anything I can do to work around this issue today? I suppose there is just a 
file that need to be
hacked to set a set a value instead of the auto-detected value... ?


/usr/lib/python*/site-packages/ipalib/plugins/migration.py

~line 620 you'll see a block starting with the comment "retrieve DS base DN".

Comment out the next 8 lines by prefixing them with # (these query to get the namingContext then pull the first value out).

Add:

ds_base_dn = 'dc=yourbasedn,dc=com'

Alternatively you could always just add the above line to override what is detected. Commenting out just saves an LDAP lookup.

Restart Apache.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to