Dmitri Pal wrote:
> On 04/24/2015 12:58 PM, Christopher Lamb wrote:
>> Hi
>> I am in the process of setting up and configuring a FreeIPA Server 4.1.0.
>> I have successfully migrated all the users from an existing FreeIPA
>> Server
>> 3.0.0 with the following command:
>> ipa migrate-ds --group-overwrite-gid
>> --user-container='cn=users,cn=accounts'
>> --group-container='cn=groups,cn=accounts' ldap://<ldap url of new
>> server>:389
>> When I log into the 4.1.0 Web UI, with the default "admin" user, on the
>> Identity/Users overview page, I have buttons for Delete, Add, Enable,
>> Disable etc.
>> If I log in with an imported admin user, these buttons are missing.
>> If I log into the old 3.0.0 Web UI, these buttons are available with both
>> users.
> This is most likely because the permissions changed in 4.0 and old admin
> does not have the privileges that are now default in 4.1.

He migrated rather than upgrading so this doesn't apply.

So the question is: why did you migrate and not create a replica with
4.x and migrate that way?

One needs to be a member of the admins group to be an admin, I'd start

>> p.s. it would be great if the syntax for an IPA "old" to IPA "new"
>> migration using ipa migrate-ds was included in the IPA documentation.
>> I had
>> to dig deep in the script to find the accepted format .....

There is a ticket for this but the expected upgrade path is to install a
replica on the new version and once things are confirmed to be working,
decommission the older ones.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to