Nordgren, Bryce L -FS wrote: > >>> That was me, but the context was 'ipa user-add' with a password hash >> rather than migrate-ds. Although it makes sense that 389 ds would act the >> same regardless of how I attempt to store the password. How can I check to >> see whether the passwords made it to freeipa? The migrate-ds script didn't >> complain, but I don't know where to look for logfiles. >> >> I don't think a bug ever got logged for that, at least I can't find one. >> Can you confirm? If not I'll get one logged. > > It didn't. My message to the list was the initial "is this a bug or am I > being dumb?" question. Until now, there was no response.
There were two responses, from Petr and myself in the thread titled "Migrating from a hybrid web/posix LDAP" I opened ticket https://fedorahosted.org/freeipa/ticket/4450 . I think this is a 389-ds bug so we may need to wait until their next release, but in any case we should have caught this before pushing out IPA 4.0 IMHO. > No reported errors during migration, but a bunch of warnings: > [Thu Jul 17 11:21:37.703752 2014] [:error] [pid 4534] ipa: WARNING: GID > number 65534 of migrated user SOMEUSER does not point to a known group. Ok, that is unrelated. It just means that for some users their GID value pointed to a non-existent group. > Turns out admin and test.user have userPassword and nobody else does. So: > only accounts which were created by the server install or for which I > manually reset the password. Ok, that explains the error 48 then. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project