Nordgren, Bryce L -FS wrote:
>>> That was me, but the context was 'ipa user-add' with a password hash
>> rather than migrate-ds. Although it makes sense that 389 ds would act the
>> same regardless of how I attempt to store the password. How can I check to
>> see whether the passwords made it to freeipa? The migrate-ds script didn't
>> complain, but I don't know where to look for logfiles.
>> I don't think a bug ever got logged for that, at least I can't find one.
>> Can you confirm? If not I'll get one logged.
> It didn't. My message to the list was the initial "is this a bug or am I
> being dumb?" question. Until now, there was no response.
There were two responses, from Petr and myself in the thread titled
"Migrating from a hybrid web/posix LDAP"
I opened ticket https://fedorahosted.org/freeipa/ticket/4450 . I think
this is a 389-ds bug so we may need to wait until their next release,
but in any case we should have caught this before pushing out IPA 4.0 IMHO.
> No reported errors during migration, but a bunch of warnings:
> [Thu Jul 17 11:21:37.703752 2014] [:error] [pid 4534] ipa: WARNING: GID
> number 65534 of migrated user SOMEUSER does not point to a known group.
Ok, that is unrelated. It just means that for some users their GID value
pointed to a non-existent group.
> Turns out admin and test.user have userPassword and nobody else does. So:
> only accounts which were created by the server install or for which I
> manually reset the password.
Ok, that explains the error 48 then.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project