On Thu, 01 Sep 2016, William Muriithi wrote:
I have an openLDAP system that lack a required attribute. This result
in the migration script rejecting all the user import.
I have googled externsively, read ever line of ipa migration --help
doc and it doesn't seem I will be able to use this migration script.
I wonder if there is anybody here who have been able to overcome this
problem in the past.
[root@hydrogen ~]# ipa -v migrate-ds --with-compat
ipa: INFO: trying https://hydrogen.eng.example.com/ipa/session/json
ipa: INFO: Forwarding 'migrate_ds' to json server
aagrim: missing attribute "sn" required by object class "organizationalPerson"
acctemp: missing attribute "sn" required by object class
This looks like a common problem. I had recently made a small 'hack' to
solve this problem.
Following small fixup plugin could be used to affect how entries are
generated. If you add it to /usr/lib/python2.7/site-packages/ipalib/plugins
on IPA master and restart httpd service, the plugin would modify migrate-ds command so
that 'sn' attribute would be set to a 'Migrated User Last Name' for all
entries that miss 'sn' attribute before they actually get added into IPA
This is an experimental hack, of course, but it should work. Once
migration is finished, don't forget to remove the file and restart httpd
/ Alexander Bokovoy
from .migration import migrate_ds
_fixup_pre_callback_user = None
def _pre_callback_user(ldap, pkey, dn, entry_attrs, failed, config, ctx,
dn = _fixup_pre_callback_user(ldap, pkey, dn, entry_attrs, failed, config,
if entry_attrs.get('sn', None) is None:
entry_attrs['sn'] = [u'Migrated User Last Name']
_fixup_pre_callback_user = migrate_ds.migrate_objects['user']['pre_callback']
migrate_ds.migrate_objects['user']['pre_callback'] = _pre_callback_user
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project