Hi all, I'm trying to migrate into freeipa some users and groups from an old ldap server I've inherited. But migrate-ds fails to import groups inside usergroups, is believes they are users and imports them wrongly..
trying to migrate with command: ipa migrate-ds --bind-dn="cn=root,dc=staff,dc=forthnet" \ --base-dn="ou=Forthnet,dc=staff,dc=forthnet" \ --user-container=ou=users \ --group-container=ou=groups \ --group-objectclass=posixgroup \ --schema=RFC2307 \ ldap://devldap01.forthnet.prv:389 (version is ipa-server-4.2.0-15.0.1.el7.centos.6.x86_64) here is part of the ldif from devldap01 --------------------------------------- dn: cn=security-tech,ou=groups,ou=Forthnet,dc=staff,dc=forthnet cn: security-tech objectClass: posixGroup structuralObjectClass: posixGroup entryUUID: 5723476e-bad4-102c-8fe3-0bb2ba42f62f creatorsName: cn=root,dc=staff,dc=forthnet createTimestamp: 20080520162000Z memberUid: dimitria gidNumber: 1730 entryCSN: 20100107135233Z#000000#00#000000 modifiersName: cn=root,dc=staff,dc=forthnet modifyTimestamp: 20100107135233Z dn: cn=abusewg,ou=groups,ou=Forthnet,dc=staff,dc=forthnet cn: abusewg objectClass: posixGroup structuralObjectClass: posixGroup entryUUID: f90113dc-bad3-102c-8d13-0bb2ba42f62f creatorsName: cn=root,dc=staff,dc=forthnet createTimestamp: 20080520161722Z memberUid: ccha memberUid: dzer memberUid: gmouz memberUid: isek memberUid: kavaklis memberUid: nasl memberUid: pmav memberUid: stsimb memberUid: cn=security-tech,ou=groups,ou=Forthnet,dc=staff,dc=forthnet gidNumber: 1010 entryCSN: 20151203143609Z#000000#00#000000 modifiersName: cn=root,dc=staff,dc=forthnet modifyTimestamp: 20151203143609Z -------------------------------------------------------------------- migrate-ds completes with no failures. The usergroup "security-tech" is correctly imported in freeipa, it contains user "dimitria" who is also imported correctly. But usergroup "abusewg" contains 9 users and reports an error "user not found: cn=security-tech,ou=groups,ou=Forthnet,dc=staff,dc=forthnet". I would expect it to migrate the "security-tech" as a usergroup, not as a user. Any suggestions please? Thanks, Sot. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
