Hi Rob, Please find the output from /usr/sbin/slapd -VV that shows the current openldap version thats running on the ldap server.
@(#) $OpenLDAP: slapd 2.4.23 (Jul 31 2012 10:47:00) $ mockbu...@x86-001.build.bos.redhat.com: /builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd ps. I have opened a ticket for this. https://fedorahosted.org/freeipa/ticket/3372 Can I assume you have a away to turn this check off. As in IRC there does not seem to be one. Or are you saying I can allow the scheme value to be checked if I create one or make it readable some how? On Wed, Jan 23, 2013 at 2:00 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > Johnathan Phan wrote: > >> Hi everyone, >> >> k pass authentication issues now. It's now complaining about objects not >> there. >> >> ipa: ERROR: uri=ldaps://ldap1.example.com:**636<http://ldap1.example.com:636> >> <http://ldap1.example.com:636>**: Unable to retrieve LDAP schema: No such >> >> object: >> >> However when I run the following commands on the new IPA server. >> >> ldapsearch -x -H ldaps://ldap.example.com:636 >> <http://ldap.example.com:636> -b ou=groups,ou=live,dc=example,**dc=com -D >> >> "cn=admin,dc=example,dc=com" -W >> >> or >> >> ldapsearch -x -H ldaps://ldap.example.com:636 >> <http://ldap.example.com:636> -b ou=ib,dc=example,dc=com -D >> >> "cn=admin,dc=example,dc=com" -W and I get output >> >> Ldap shows the users and groups in the old system. It just dumps out the >> whole content of the OU. >> >> I have tried to run the following two commands and I still get the same >> error >> >> ipa migrate-ds --bind-dn="cn=admin,dc=**example,dc=com" >> --user-container="ou=ib,dc=**example,dc=com" ldaps:// >> ldap1.example.com:636 >> <http://ldap1.example.com:636> >> >> >> or >> >> ipa migrate-ds --bind-dn="cn=admin,dc=**example,dc=com" >> --user-container="ou=ib,dc=**example,dc=com" >> --group-container="ou=groups,**ou=live,dc=example,dc=com" >> ldaps://ldap1.example.com:636 <http://ldap1.example.com:636> >> >> >> What is IPA complaining about specifically? I know objects are in these >> ou's Is it expecting something different? >> > > It is failing trying to query cn=schema. We fetch the schema from the > remote server to know what types of data we're dealing with. What version > of openldap is this? > > rob > > -- Johnathan Phan ox-consulting T: +44 (0)784 118 7080 j...@ox-consulting.com www.ox-consulting.com OX CONSULTING Ltd is registered in England & Wales, number: 07113039, registered address as above. The information contained in this email message may be privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this transmission is strictly prohibited. If you have received this communication in error, or if any problems occur with transmission, please notify the sender immediately.
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users