$ rpm -q ipa-server ipa-server-3.3.3-28.el7.centos.1.x86_64 I was thinking that this might be an issue with the rhel7 version. I'm going to be trying the same migration tonight on rhel6. I know the IPA version is older, and samba stuff might not work as it does in 3.3. I haven't looked in RHEL 6.6 yet to see what version of IPA is available.
Clint On Wed, Oct 15, 2014 at 1:16 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > Ludwig Krispenz wrote: > > > > On 10/14/2014 06:58 PM, Clint Savage wrote: > >> Hi all, > >> > >> I've been working on a migration plan using three custom user > >> objectClasses and one group objectclass. In my attempt, I've setup an > >> openldap server with the proper schemas, imported the ldif and have > >> records that look something like this in ldif format. > >> > >> ----------------------------------------------------------------------- > >> > >> dn: dc=example,dc=com > >> objectClass: top > >> objectClass: domain > >> dc: example > >> > >> dn: ou=Groups,dc=example,dc=com > >> objectClass: top > >> objectClass: organizationalunit > >> ou: Groups > >> > >> dn: ou=People,dc=example,dc=com > >> objectClass: top > >> objectClass: organizationalunit > >> ou: People > >> > >> dn: uid=amyengh,ou=People,dc=example,dc=com > >> objectClass: inetOrgPerson > >> objectClass: posixAccount > >> objectClass: top > >> objectClass: organizationalPerson > >> objectClass: person > >> objectClass: radiusProfile > >> objectClass: sambaSamAccount > >> objectClass: customPersonAttributes > >> cn: Amy Engh > >> gidNumber: 1141801056 > >> homeDirectory: /home/amyengh > >> sn: Engh > >> uid: amyengh > >> uidNumber: 1141801056 > >> displayName: Amy Engh > >> givenName: Amy > >> loginShell: /sbin/nologin > >> mail: amye...@attask.com <mailto:amye...@attask.com> > >> userPassword:: REDACTED > >> dialupAccess: yes > >> radiusTunnelMediumType: IEEE-802 > >> radiusTunnelPrivateGroupId: 1421 > >> radiusTunnelType: VLAN > >> emailPassword:: REDACTED > >> sambaAcctFlags: [U ] > >> sambaLMPassword: REDACTED > >> sambaNTPassword: REDACTED > >> sambaPasswordHistory: > >> 000000000000000000000000000000000000000000000000000000 > >> 0000000000 > >> sambaPwdLastSet: 1402698001 > >> sambaSID: S-1-5-21-2332447373-4108748234-3602490535-3146 > >> > >> dn: cn=amyengh,ou=Groups,dc=example,dc=com > >> objectClass: top > >> objectClass: posixGroup > >> cn: amyengh > >> gidNumber: 1141801056 > >> memberUid: amyengh > >> > >> -------------------------------------------------------------------- > >> > >> I then run the migration (with or without compat makes no difference) > >> and get the following: > >> > >> ipa migrate-ds --with-compat --user-container="ou=People" > >> --group-container="ou=Groups" --user-objectclass=posixAccount > >> --group-objectclass=posixgroup ldap://192.168.122.210 > >> <http://192.168.122.210> --bind-dn="cn=Manager,dc=example,dc=com" > >> Password: > >> ----------- > >> migrate-ds: > >> ----------- > >> Migrated: > >> Failed user: > >> amyengh: Type or value exists: > >> Failed group: > >> amyengh: This entry already exists. > > "type or value exists" and "This entry already exists" are just > > explanations of the ldap return code, do you see anything in the 389 ds > > error logs ? > > I doubt that he would see any errors. > > The entry already existing is because this isn't his first migration, it > is unrelated. > > I'm not able to reproduce this. What version of IPA is it? > > rob > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project