On 11/05/2014 10:19 AM, Steve Nolen wrote:
Hi All!

I'm looking at migrating from openldap to freeipa (currently using 3.3.3 on centos7, installed from the default centos repos, as I'd prefer to use centos over fedora) and I have a bit of a snag after importing users with migration-ds: I can't edit the details of migrated users in the web ui (but I can via `ipa user-mod`).

Steps to reproduce:
1. kinit admin
2. ipa config-mod --enable-migration=TRUE
3. ipa migrate-ds --base-dn='dc=example,dc=com' --user-container='ou=People' --group-container='ou=Group' --bind-dn='cn=admin' --with-compat --schema='RFC2307'
4. ipa config-mod --enable-migration=FALSE
5. ipa user-mod test1 --last=LastName1 (success)
6. visit web ui (logging in as admin), user test1 has "LastName1" as "last name" field, but no fields on this page are editable.
7. create new user via web ui "test2".
8. all fields are editable for user test2.

Based on the success from step 5, it would appear that the admin user has the rights to modify test1's details, but the web ui disagrees?


Can you please do an ldap search and get the full entry for one of the migrated users and one for the one of the created users.
You might also try --raw flag and use user-show command.
I suspect the migrated entries are missing some attribute. If you can help us to identify which one would be great.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to