On 3/17/15 12:09 PM, Martin Kosek wrote:
> I would still wished we fixed the original root cause why replication was
> failing for you - as this is the obviously expected way of upgrading to
> RHEL/CentOS 7.1 from RHEL-6 environment and I think/hope it would be less work
> than starting over (depends on how populated is your existing IPA instance).

Yeah, I totally get that, but I've actually been holding up a product
launch trying to get things working, or I'd try to work through it
longer.  :(

I'm actually going to just shut down the old server's IPA but not
uninstall it, so if there is any progress made on the issue I've opened
I may be able to try it with a fresh replication target still.

I did run into one snag.  Our IPA servers are on the public internet, so
I've disabled anonymous bind.  However, it appears that the
/ipa/migration/ tool requires it; at least, I'm getting this error in
httpd/error_log:

> migration context search failed: Insufficient access: Inappropriate
> authentication: Anonymous access is not allowed.

Is there a way to make migration work without anonymous bind?  A config
file I can change somewhere to force the migration tool to bind as a user?


-- 
Benjamin Reed
The OpenNMS Group
http://www.opennms.org/


Attachment: signature.asc
Description: OpenPGP digital signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to