On 09/20/2012 01:42 PM, Rob Crittenden wrote: > James James wrote: >> You 're right. The request return : >> >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base <cn=users,cn=accounts,dc=example,dc=com> with scope subtree >> # filter: uid=test >> # requesting: userPassword >> # >> >> # test, users, accounts, example.com <http://example.com> >> dn: uid=test,cn=users,cn=accounts,dc=example,dc=com >> >> # search result >> search: 2 >> result: 0 Success >> >> Can you explain me what happens ? >> >> Is there a solution ? > > When migrating you need to bind as a user that has read permission on > the userPassword attribute in the remote LDAP server.
Rob should we check if we can read the userPassword attribute and if not fail migration? Should we open a ticket for this? Also I do not think we document the expectation that you vocalized above. > > rob > >> >> >> >> >> 2012/9/20 Rob Crittenden <rcrit...@redhat.com >> <mailto:rcrit...@redhat.com>> >> >> Dmitri Pal wrote: >> >> On 09/20/2012 12:50 PM, James James wrote: >> >> Oups .. migration mode is enable ... >> >> >> The ldap (access, error) and kerberos logs from the server >> would be >> helpful to troubleshoot. >> /var/log/dirsrv/... >> krb5kdc.log >> >> >> This is usually seen when there is no password in LDAP. >> >> You can confirm this as Directory Manager: >> >> $ ldapsearch -x -D 'cn=Directory Manager' -W password -b >> cn=users,cn=accounts,dc=__example,dc=com uid=migrated_user >> userPassword >> >> rob >> >> > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users