Stephen Gallagher wrote:
On Fri, 2012-01-27 at 13:42 -0500, Rob Crittenden wrote:
This came up yesterday internally too. I don't believe a bug or ticket
has been filed yet.
My best guess on what is happening, based on what I saw with our own
case, is this:
A migrated attribute is coming in that IPA doesn't know about. We
default to treating all attributes that don't require special treatment
(like binary values) as utf-8. I'm guessing that an unknown binary
attribute is being migrated, we try to utf-8 encode it and kablooey.
There is no easy workaround for the above problem right now because that
happens before the --ignore* options are considered.
Why don't we just base64-encode unknown attributes instead of treating
them like UTF-8? The LDAP server is *supposed* to be able to handle this
For migration we're going to have to reject them outright because the
migration will fail eventually anyway.
Freeipa-users mailing list