Re: [Freeipa-users] Migration fails with custom objectClasses

Fri, 17 Oct 2014 05:16:16 -0700 

Hi,
maybe there is a case problem, if I try the following command, note some capital letters: 


# ipa config-mod --userobjectclasses=ipaObject 
--userobjectclasses=ine*tO*rgperson --userobjectclasses=person 
--userobjectclasses=posixaccount --userobjectclasses=inetuser 
--userobjectclasses=organizational*P*erson 
--userobjectclasses=krbticketpolicyaux --userobjectclasses=krbprincipalaux

ipa: ERROR: Type or value exists:
it fails, doing the same with all lowercase succeeds:


# ipa config-mod --userobjectclasses=ipaobject 
--userobjectclasses=inetorgperson --userobjectclasses=person 
--userobjectclasses=posixaccount --userobjectclasses=inetuser 
--userobjectclasses=organizationalperson 
--userobjectclasses=krbticketpolicyaux --userobjectclasses=krbprincipalaux

  .....

  Default user objectclasses: ipaobject, person, inetorgperson, 
organizationalperson, krbticketpolicyaux, krbprincipalaux, inetuser, 
posixaccount


You posted your default oc earlier to be:

Default user objectclasses: top, person, organizationalperson, 
inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux,
                              ipaobject, ipasshuser, radiusProfile, 
customPersonAttributes, sambaSamAccount


and in the migration code we have code like:
entry_attrs['objectclass'] = list(
                    set(
                        config.get(

                            ldap_obj.object_class_config, 
ldap_obj.object_class

                        ) + [o.lower() for o in entry_attrs['objectclass']]
                    )
                )

so i assume it will try to add an entry with
objectclass: customPersonAttributes
objectclass: custompersonattributes

I don't know how to get ipa to log this, but you could do:

tcpdump 'tcp port 389' -i any -w migrat.pcap

and then run migrate-ds to verify


On 10/16/2014 09:47 PM, Clint Savage wrote:




On Thu, Oct 16, 2014 at 12:59 PM, Rich Megginson <[email protected] 
<mailto:[email protected]>> wrote:


    On 10/16/2014 11:42 AM, Clint Savage wrote:

    The access log had that information. And this error log:
    https://www.dropbox.com/s/ak6za0dkr0cn7ay/errors.20141010-132318



    There unfortunately doesn't seem to be a debug log level that will
    tell the server to dump the add request with all arguments.

    The best bet would be to get the ipa migrate tool to dump it's
    commands to LDIF format, then we can look at it and figure out
    what it is doing wrong.  I don't know if that's possible.


Does anyone know how to accomplish what Rich suggests above?

Thanks,

Clint





-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
























					Reply via email to