Nordgren, Bryce L -FS wrote:
> 
>> Someone has reported an issue with password migration where 389-ds is
>> rejecting the passwords with:  passwords with storage scheme are not
>> allowed. That may be part of the problem.
> 
> That was me, but the context was 'ipa user-add' with a password hash rather 
> than migrate-ds. Although it makes sense that 389 ds would act the same 
> regardless of how I attempt to store the password. How can I check to see 
> whether the passwords made it to freeipa? The migrate-ds script didn't 
> complain, but I don't know where to look for logfiles.

I don't think a bug ever got logged for that, at least I can't find one.
Can you confirm? If not I'll get one logged.

The log file for the migration is in /var/log/httpd/error_log.

To see if passwords migrated, pick a migrated user and do a search as
Directory Manager for the userPassword attribute:

$ ldapsearch -x -D 'cn=Directory Manager' -W -b
uid=someuser,cn=users,cn=accounts,dc=example,dc=com userPassword

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to