On 01/30/2012 09:23 AM, Simo Sorce wrote:
> On Mon, 2012-01-30 at 09:06 -0500, Rob Crittenden wrote:
>> Like I said, this error is triggered before ignore is evaluated so
>> an unknown binary attribute is getting decoded it will cause this
>> failure. The only solutions we have right now is to either load the
>> schema into IPA temporarily for the migration, rremove it on the
>> side or you could modify the query we make to find the remote entries
>> pull only certain attributes. This last one would be tricky to get
>> The code looks like:
>> (entries, truncated) = ds_ldap.find_entries(
>> search_filter, ['*'],
>> time_limit=0, size_limit=-1,
>> search_refs=True # migrated DS may contain
>> search references
>> You'd want to replace ['*'] with ['attr1','attr2','attr3',...]. It
>> be a rather long list and would need to cover both users and groups.
> TBH I think we should turn the code around and do this by default.
> We have no idea how to manage extra attributes anyway so we shouldn't
> get them all, only get those we understand. And turn the exclusion list
> into an inclusion list, so that if someone wants to import more data
> because they added additional schema to FreeIPA they are free to do so.
> The current way looks brittle.
Agree, we need to open a BZ and ticket on this one.
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list