Dmitri Pal wrote: > On 04/24/2015 12:58 PM, Christopher Lamb wrote: >> Hi >> >> I am in the process of setting up and configuring a FreeIPA Server 4.1.0. >> >> I have successfully migrated all the users from an existing FreeIPA >> Server >> 3.0.0 with the following command: >> >> ipa migrate-ds --group-overwrite-gid >> --user-container='cn=users,cn=accounts' >> --group-container='cn=groups,cn=accounts' ldap://<ldap url of new >> server>:389 >> >> When I log into the 4.1.0 Web UI, with the default "admin" user, on the >> Identity/Users overview page, I have buttons for Delete, Add, Enable, >> Disable etc. >> >> If I log in with an imported admin user, these buttons are missing. >> >> If I log into the old 3.0.0 Web UI, these buttons are available with both >> users. > > This is most likely because the permissions changed in 4.0 and old admin > does not have the privileges that are now default in 4.1.
He migrated rather than upgrading so this doesn't apply. So the question is: why did you migrate and not create a replica with 4.x and migrate that way? One needs to be a member of the admins group to be an admin, I'd start there. >> p.s. it would be great if the syntax for an IPA "old" to IPA "new" >> migration using ipa migrate-ds was included in the IPA documentation. >> I had >> to dig deep in the migration.py script to find the accepted format ..... There is a ticket for this but the expected upgrade path is to install a replica on the new version and once things are confirmed to be working, decommission the older ones. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project