> > That was me, but the context was 'ipa user-add' with a password hash > rather than migrate-ds. Although it makes sense that 389 ds would act the > same regardless of how I attempt to store the password. How can I check to > see whether the passwords made it to freeipa? The migrate-ds script didn't > complain, but I don't know where to look for logfiles. > > I don't think a bug ever got logged for that, at least I can't find one. > Can you confirm? If not I'll get one logged.
It didn't. My message to the list was the initial "is this a bug or am I being dumb?" question. Until now, there was no response. No reported errors during migration, but a bunch of warnings: [Thu Jul 17 11:21:37.703752 2014] [:error] [pid 4534] ipa: WARNING: GID number 65534 of migrated user SOMEUSER does not point to a known group. Turns out admin and test.user have userPassword and nobody else does. So: only accounts which were created by the server install or for which I manually reset the password. Bryce This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project