Hi guys,

I set up freeipa 4.0.0 on a brand new Fedora 20 box, from your copr repos. 
Install and config went fine. Kinit: fine. Trying to migrate from my old ldap 
setup: problem.  Old ldap setup primarily had accounts for web apps 
(inetOrgPerson) and a few accounts with everything needed for login 

"Ipa migrate-ds" for the existing posixAccounts: works fine.

Migrating the web only accounts requires a bit more manual labor, and isn't 
working yet. I extracted a csv of my "web-only" accounts and made a script to 
upgrade them with posix attributes and add them to freeipa. Each line looks 

ipa user-add "bill.mathews" --last="Mathews" --first="William" --email="blah" 
--phone="xxx-yyy-zzzz" --setattr userpassword="{SHA}bunchajunka" --setattr 
o="University of Tweedle" --gidnumber=65534 --uid=2000063

And I get:

ERROR: Constraint violation: invalid password syntax - passwords with storage 
scheme are not allowed

I was inspired to include the password this way from:  

Is there any password preserving way to migrate my web-only accounts using "ipa 
user-add"? If there's no easy answer, I'll probably just add the attributes in 
the current ldap, then let "ipa migrate-ds" work its magic. But I want to see 
user-add work if its possible.

PS: I believe all instances of "service dirsrv restart" on 
 need to be changed to "systemctl restart dirsrv.target", since there is no 

This electronic message contains information generated by the USDA solely for 
the intended recipients. Any unauthorized interception of this message or the 
use or disclosure of the information it contains may violate the law and 
subject the violator to civil or criminal penalties. If you believe you have 
received this message in error, please notify the sender and delete the email 
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to