On 15/03/16 15:57, Rob Crittenden wrote:
and in my case it could not work for I had (anybody sane
would too) hashed pass in ldap userdb, am I right?
If one has hundreds of user s/he thinks, o! it'd be great to
keep that account enabled/disabled status - would there be a
way around it?
On 15/03/16 13:42, Rob Crittenden wrote:
I don't think it works, I guess it matters how ipa tools
On 14/03/16 17:06, Rob Crittenden wrote:
thanks Rob, may I ask why process by defaults looks up
Yes. It will skip over anything that already exists in
ipa: ERROR: group LDAP search did not return any
result (search base:
I see users went in but later I realized that current
samba's ou was
"group" not groups.
Can I just re-run migrations?
It is conservative but this is why it can be overridden.
We haven't had many (any?) reports of migrating from
Is there a reason it skips ldap+samba typical posixGroup &
Lastly, is there a way to preserve account
locked/disabled status for
I don't know how it is stored but as long as the schema
is available in
IPA then the values should be preserved on migration
attributes are associated with a blacklisted objectclass.
attributes, I'm particularly looking at:
... Account disabled: False
sambaAcctFlags gets migrated over, but shadow locked
users.... I wonder
how this works.
If I had posix !passwd in my ldap userdb then it's not
reflected in IPA,
unless "Account disabled" is for something else.
IPA/389-ds uses nsAccountLock to lock accounts.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project