Johnathan Phan wrote:
Hi everyone,

k pass authentication issues now. It's now complaining about objects not

ipa: ERROR: uri=ldaps://
<>: Unable to retrieve LDAP schema: No such

However when I run the following commands on the new IPA server.

ldapsearch -x -H ldaps://
<> -b ou=groups,ou=live,dc=example,dc=com -D
"cn=admin,dc=example,dc=com" -W


ldapsearch -x -H ldaps://
<> -b ou=ib,dc=example,dc=com -D
"cn=admin,dc=example,dc=com" -W and I get output

Ldap shows the users and groups in the old system. It just dumps out the
whole content of the OU.

I have tried to run the following two commands and I still get the same

ipa migrate-ds --bind-dn="cn=admin,dc=example,dc=com"
--user-container="ou=ib,dc=example,dc=com" ldaps://


ipa migrate-ds --bind-dn="cn=admin,dc=example,dc=com"
ldaps:// <>

What is IPA complaining about specifically? I know objects are in these
ou's Is it expecting something different?

It is failing trying to query cn=schema. We fetch the schema from the remote server to know what types of data we're dealing with. What version of openldap is this?


