Cal Sawyer wrote: > Hi > > Very new to IPA and setting up a proof of concept system that i hope > will replace my existing OpenLDAP 2.3 (no SASL) setup. I'm trying to > import People, Group ou's into IPA using "ipa migrate-ds". The IPA and > existing LDAP directories have different BaseDNs (eg ipadomain.local on > IPA, ldapdomain.local on LDAP 2.3) as i want to ideally construct a > completely new directory that we will then switch our clients over to. > > ipa migrate-ds --schema=RFC2307 > --user-container="dc=ldapdomain,dc=local" ldap://220.127.116.11:389 > > whatever i try (w or w/o --schema=RFC2307) , the response is the same: > > ipa: ERROR: Insufficient access: Invalid credentials > > or with a verbose flag: > > ipa: INFO: Forwarding 'migrate_ds' to server > u'https://ipa.ipadomain.local/ipa/session/xml' > ipa: ERROR: Insufficient access: Invalid credentials > > manager naturally exists in ldapdomain.local and i've definitely > supplied the correct password (we use the same creds to manage LDAP > using phpldapadmin) > > Hoping that someone has some experience with this and can point me in > the right direction?
It is binding to openldap using cn=Directory Manager. If your admin user that can read userPassword is named something different then pass it in using the --binddn option. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project