Nordgren, Bryce L -FS wrote: > >> Someone has reported an issue with password migration where 389-ds is >> rejecting the passwords with: passwords with storage scheme are not >> allowed. That may be part of the problem. > > That was me, but the context was 'ipa user-add' with a password hash rather > than migrate-ds. Although it makes sense that 389 ds would act the same > regardless of how I attempt to store the password. How can I check to see > whether the passwords made it to freeipa? The migrate-ds script didn't > complain, but I don't know where to look for logfiles.
I don't think a bug ever got logged for that, at least I can't find one. Can you confirm? If not I'll get one logged. The log file for the migration is in /var/log/httpd/error_log. To see if passwords migrated, pick a migrated user and do a search as Directory Manager for the userPassword attribute: $ ldapsearch -x -D 'cn=Directory Manager' -W -b uid=someuser,cn=users,cn=accounts,dc=example,dc=com userPassword rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project