On 15/03/16 17:21, Rob Crittenden wrote:
how does one write a plugin? Where should I begin in terms
of docs, howtos?
On 15/03/16 15:57, Rob Crittenden wrote:
and in my case it could not work for I had (anybody sane
On 15/03/16 13:42, Rob Crittenden wrote:
I don't think it works, I guess it matters how ipa
tools map these
On 14/03/16 17:06, Rob Crittenden wrote:
thanks Rob, may I ask why process by defaults looks
Yes. It will skip over anything that already exists
ipa: ERROR: group LDAP search did not return any
I see users went in but later I realized that
current samba's ou was
"group" not groups.
Can I just re-run migrations?
It is conservative but this is why it can be overridden.
Is there a reason it skips ldap+samba typical
We haven't had many (any?) reports of migrating from
Lastly, is there a way to preserve account
locked/disabled status for
I don't know how it is stored but as long as the
schema is available in
IPA then the values should be preserved on migration
attributes are associated with a blacklisted objectclass.
attributes, I'm particularly looking at:
... Account disabled: False
sambaAcctFlags gets migrated over, but shadow locked
users.... I wonder
how this works.
If I had posix !passwd in my ldap userdb then it's not
reflected in IPA,
unless "Account disabled" is for something else.
IPA/389-ds uses nsAccountLock to lock accounts.
hashed pass in ldap userdb, am I right?
What won't work? Migrated user passwords will work just fine.
If one has hundreds of user s/he thinks, o! it'd be great
to keep that
account enabled/disabled status - would there be a way
IPA isn't designed to be an LDAP backend for Samba so
there isn't a lot of direct integration with the schema.
You could write a plugin to keep the two attributes in sync.
For those already migrated it should be pretty easy to
write an LDAP search to find them and then for each user
call ipa user-disable <user>
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project