Dmitri Pal wrote:
> On 04/24/2015 12:58 PM, Christopher Lamb wrote:
>> Hi
>>
>> I am in the process of setting up and configuring a FreeIPA Server 4.1.0.
>>
>> I have successfully migrated all the users from an existing FreeIPA
>> Server
>> 3.0.0 with the following command:
>>
>> ipa migrate-ds --group-overwrite-gid
>> --user-container='cn=users,cn=accounts'
>> --group-container='cn=groups,cn=accounts' ldap://<ldap url of new
>> server>:389
>>
>> When I log into the 4.1.0 Web UI, with the default "admin" user, on the
>> Identity/Users overview page, I have buttons for Delete, Add, Enable,
>> Disable etc.
>>
>> If I log in with an imported admin user, these buttons are missing.
>>
>> If I log into the old 3.0.0 Web UI, these buttons are available with both
>> users.
> 
> This is most likely because the permissions changed in 4.0 and old admin
> does not have the privileges that are now default in 4.1.

He migrated rather than upgrading so this doesn't apply.

So the question is: why did you migrate and not create a replica with
4.x and migrate that way?

One needs to be a member of the admins group to be an admin, I'd start
there.

>> p.s. it would be great if the syntax for an IPA "old" to IPA "new"
>> migration using ipa migrate-ds was included in the IPA documentation.
>> I had
>> to dig deep in the migration.py script to find the accepted format .....

There is a ticket for this but the expected upgrade path is to install a
replica on the new version and once things are confirmed to be working,
decommission the older ones.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to