Hi all,

I'm trying to migrate into freeipa some users and groups from an old
ldap server I've inherited. But migrate-ds fails to import groups inside
usergroups, is believes they are users and imports them wrongly..

trying to migrate with command:
ipa migrate-ds --bind-dn="cn=root,dc=staff,dc=forthnet" \
 --base-dn="ou=Forthnet,dc=staff,dc=forthnet" \
 --user-container=ou=users \
 --group-container=ou=groups \
 --group-objectclass=posixgroup \
 --schema=RFC2307 \

(version is ipa-server-4.2.0-15.0.1.el7.centos.6.x86_64)

here is part of the ldif from devldap01
dn: cn=security-tech,ou=groups,ou=Forthnet,dc=staff,dc=forthnet
cn: security-tech
objectClass: posixGroup
structuralObjectClass: posixGroup
entryUUID: 5723476e-bad4-102c-8fe3-0bb2ba42f62f
creatorsName: cn=root,dc=staff,dc=forthnet
createTimestamp: 20080520162000Z
memberUid: dimitria
gidNumber: 1730
entryCSN: 20100107135233Z#000000#00#000000
modifiersName: cn=root,dc=staff,dc=forthnet
modifyTimestamp: 20100107135233Z

dn: cn=abusewg,ou=groups,ou=Forthnet,dc=staff,dc=forthnet
cn: abusewg
objectClass: posixGroup
structuralObjectClass: posixGroup
entryUUID: f90113dc-bad3-102c-8d13-0bb2ba42f62f
creatorsName: cn=root,dc=staff,dc=forthnet
createTimestamp: 20080520161722Z
memberUid: ccha
memberUid: dzer
memberUid: gmouz
memberUid: isek
memberUid: kavaklis
memberUid: nasl
memberUid: pmav
memberUid: stsimb
memberUid: cn=security-tech,ou=groups,ou=Forthnet,dc=staff,dc=forthnet
gidNumber: 1010
entryCSN: 20151203143609Z#000000#00#000000
modifiersName: cn=root,dc=staff,dc=forthnet
modifyTimestamp: 20151203143609Z

migrate-ds completes with no failures.

The usergroup "security-tech" is correctly imported in freeipa, it
contains user "dimitria" who is also imported correctly.

But usergroup "abusewg" contains 9 users and reports an error
"user not found:

I would expect it to migrate the "security-tech" as a usergroup, not as
a user.

Any suggestions please?


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to