Re: [Freeipa-users] migrate-ds "is not a POSIX user"

Mon, 01 Jul 2013 11:24:52 -0700 

Dmitri Pal wrote:

On 06/28/2013 03:13 PM, Dmitri Pal wrote:

On 06/19/2013 04:39 PM, Alex Lawrence wrote:

Hello!

I'm working on trying to migrate users into FreeIPA 3.1.5 (Fedora 18)
from DS389 (CentOS 6) 1.2.2.  I've enabled migration on DS389 and I'm
attempting to migrate a subset of people using:

ipa migrate-ds --user-container="ou=Systems &
Networking,ou=Personnel,dc=plu,dc=edu" --ignore* ldap://LDAP-SERVER:389

The out put is:

-----------
migrate-ds:
-----------
Migrated:
Failed user:
  %UID%: %UID% is not a POSIX user
  %UID%: %UID% is not a POSIX user
  %UID%: %UID% is not a POSIX user

And so on.

I've imported my schema into FreeIPA so that it knows my additional
attributes; however, just to be safe I've also tried running the
import ignoring any objectclass in use with the same output.

--user-ignore-objectclass=pluEduPerson,mailRecipient,eduPerson,posixAccount,inetOrgPerson,organizationalPerson

I've added the posixAccount object class to a handful of accounts in
question on my DS389 side to be sure that was not an issue either and
that gives me the same result.

I'm sure this is something simple that I'm missing, any suggestions
would be appreciated.



Please check the accounts that are skipped, they are most likely missing
some POSIX required attribute (though from LDAP point of view it is an
optional attribute), UID for example or SN.
Please add missing attributes and try again. The easiest way to do this
is to compare posix attributes between the entry that is migrated
without problems and one that is not accepted. There are only 6 posix
attributes so it should be easy to spot.

If you can't do it in your existing instance take an LDIF load it it
into another instance and modify users there then migrate from that
instance.
I hope this would give you at least a starting point, have a nice weekend.
We look for gidNumber when doing the migration. Users without one aren't migrated. 

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to