Stephen Gallagher wrote:
On Fri, 2012-01-27 at 13:42 -0500, Rob Crittenden wrote:

This came up yesterday internally too. I don't believe a bug or ticket
has been filed yet.

My best guess on what is happening, based on what I saw with our own
case, is this:

A migrated attribute is coming in that IPA doesn't know about. We
default to treating all attributes that don't require special treatment
(like binary values) as utf-8. I'm guessing that an unknown binary
attribute is being migrated, we try to utf-8 encode it and kablooey.

There is no easy workaround for the above problem right now because that
happens before the --ignore* options are considered.

Why don't we just base64-encode unknown attributes instead of treating
them like UTF-8? The LDAP server is *supposed* to be able to handle this

For migration we're going to have to reject them outright because the migration will fail eventually anyway.


Freeipa-users mailing list

Reply via email to