Hi Dmitri! ldapsearch was exactly the pointer I needed! My entries had objectClass=extensibleObject, which, as soon as I removed via: ipa user-mod ldaptest --delattr objectclass=extensibleobject
i'm able to edit! Thanks so much for the help! On Wed, Nov 5, 2014 at 11:33 AM, Dmitri Pal <d...@redhat.com> wrote: > On 11/05/2014 10:19 AM, Steve Nolen wrote: > > Hi All! > > I'm looking at migrating from openldap to freeipa (currently using 3.3.3 > on centos7, installed from the default centos repos, as I'd prefer to use > centos over fedora) and I have a bit of a snag after importing users with > migration-ds: I can't edit the details of migrated users in the web ui (but > I can via `ipa user-mod`). > > Steps to reproduce: > 1. kinit admin > 2. ipa config-mod --enable-migration=TRUE > 3. ipa migrate-ds --base-dn='dc=example,dc=com' > --user-container='ou=People' --group-container='ou=Group' > --bind-dn='cn=admin' --with-compat --schema='RFC2307' > 4. ipa config-mod --enable-migration=FALSE > 5. ipa user-mod test1 --last=LastName1 (success) > 6. visit web ui (logging in as admin), user test1 has "LastName1" as "last > name" field, but no fields on this page are editable. > 7. create new user via web ui "test2". > 8. all fields are editable for user test2. > > Based on the success from step 5, it would appear that the admin user > has the rights to modify test1's details, but the web ui disagrees? > > Thanks! > Steve > > > Can you please do an ldap search and get the full entry for one of the > migrated users and one for the one of the created users. > You might also try --raw flag and use user-show command. > I suspect the migrated entries are missing some attribute. If you can help > us to identify which one would be great. > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project