On 11/05/2014 10:19 AM, Steve Nolen wrote:
Can you please do an ldap search and get the full entry for one of the
migrated users and one for the one of the created users.
I'm looking at migrating from openldap to freeipa (currently using
3.3.3 on centos7, installed from the default centos repos, as I'd
prefer to use centos over fedora) and I have a bit of a snag after
importing users with migration-ds: I can't edit the details of
migrated users in the web ui (but I can via `ipa user-mod`).
Steps to reproduce:
1. kinit admin
2. ipa config-mod --enable-migration=TRUE
3. ipa migrate-ds --base-dn='dc=example,dc=com'
--bind-dn='cn=admin' --with-compat --schema='RFC2307'
4. ipa config-mod --enable-migration=FALSE
5. ipa user-mod test1 --last=LastName1 (success)
6. visit web ui (logging in as admin), user test1 has "LastName1" as
"last name" field, but no fields on this page are editable.
7. create new user via web ui "test2".
8. all fields are editable for user test2.
Based on the success from step 5, it would appear that the admin user
has the rights to modify test1's details, but the web ui disagrees?
You might also try --raw flag and use user-show command.
I suspect the migrated entries are missing some attribute. If you can
help us to identify which one would be great.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project