Hi, I am a newbie in freeipa. I am trying to use it with our mail server.
Our mail server uses openldap with one external schema : qmail.schema, we use it especially for mailQuota, mailAlternateAddress, mailForwardingAddress and AccountStatus. I tried to import this schema to freeipa using ipa-ldap-updater. I am not sure if I succeeded, but when I tried : ipa config-mod --addattr=ipaGroupObjectClasses=qmailUser it worked and I can see the objectClass. [root@ipamaster work]# ipa config-show --all dn: cn=ipaConfig,cn=etc,dc=example,dc=com Longueur maximale du nom d'utilisateur: 32 Base du répertoire utilisateur: /home Interprèteur par défaut: /bin/sh Groupe utilisateur par défaut: ipausers Domaine par défaut pour les courriels: example.com Limite de temps d'une recherche: 2 Limite de taille d'une recherche: 100 Champs de recherche utilisateur: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Activer le mode migration: TRUE Base de sujet de certificat: O=EXAMPLE.COM Classes d'objets de groupe par défaut: top, ipaobject, groupofnames, ipausergroup, nestedgroup Classes d'objets utilisateur par défaut: ipaobject, person, top, ipasshuser, inetorgperson, organizationalperson, krbticketpolicyaux, krbprincipalaux, *qmailUser*, inetuser, posixaccount Notification d'expiration de mot de passe (jours): 4 Fonctionnalités du greffon mots de passe: AllowNThash Ordre de la mappe des utilisateurs SELinux: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Utilisateur SELinux par défaut: unconfined_u:s0-s0:c0.c1023 Types de PAC par défaut: nfs:NONE, MS-PAC aci: (targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";) cn: ipaConfig objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, ipaUserAuthTypeClass Then I tried to migrate openldap's accounts, but without luck so far #ipa -v migrate-ds --with-compat --bind-dn "cn=admin,dc=example,dc=com" --continue ldap://192.168.1.121:389 ----------- migrate-ds: ----------- Migrated: Failed user: jean.doe: Type or value exists: jeane.doe: Type or value exists: Failed group: ---------- No users/groups were migrated from ldap://192.168.1.121:389 Here is an entry from openldap dn: uid=jeane.doe,ou=people,dc=example,dc=com loginShell: /bin/bash gidNumber: 1000 objectClass: top objectClass: qmailUser objectClass: inetOrgPerson objectClass: posixAccount objectClass: person objectClass: shadowAccount objectClass: organizationalPerson mail: jeane....@example.com givenName: DOE uid: jeane.doe uidNumber: 1002 displayName: Jeane Doe homeDirectory: /var/vmail/jeane.doe accountStatus: yes mailMessageStore: /var/vmail/jeane.doe structuralObjectClass: inetOrgPerson entryUUID: 3e8ee290-166f-1035-94d7-ef8fa27fbe71 creatorsName: cn=admin,dc=example,dc=com createTimestamp: 20151103120748Z userPassword:: e1NTSEF9K2ZYQnQrMnZsbmVURlVEaG5FdjlZdkhTNFpvNjVMSVQ= mailQuotaSize: 1024000 sn: Jeane cn: DOE entryCSN: 20160125162455.613052Z#000000#000#000000 modifiersName: cn=admin,dc=example,dc=com modifyTimestamp: 20160125162455Z What does "Type or value exists" means? PS: the qmail.schema presents two other objectClasses, but I didn't add use them (qldapAdmin, qmailGroup) Regards
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project