On Thu, 01 Sep 2016, William Muriithi wrote:
Afternoon,

I have an openLDAP system that lack a required attribute.  This result
in the migration script rejecting all the user import.

I have googled externsively, read ever line of ipa migration --help
doc and it doesn't seem I will be able to use this migration script.
I wonder if there is anybody here who have been able to overcome this
problem in the past.

[root@hydrogen ~]# ipa -v migrate-ds --with-compat
--bind-dn="cn=admin,dc=eng.example,dc=com"
--user-ignore-attribute="sn"
--user-container="ou=People,dc=eng.example,dc=com"
--group-container="ou=Group,dc=eng.example,dc=com"
--group-objectclass="posixGroup"   --user-objectclass="account"
ldap://192.168.20.18:389
ipa: INFO: trying https://hydrogen.eng.example.com/ipa/session/json
Password:
ipa: INFO: Forwarding 'migrate_ds' to json server
'https://hydrogen.eng.example.com/ipa/session/json'
-----------
migrate-ds:
-----------
Migrated:
Failed user:
 aagrim: missing attribute "sn" required by object class "organizationalPerson"
 acctemp: missing attribute "sn" required by object class
"organizationalPerson"
...........
This looks like a common problem. I had recently made a small 'hack' to
solve this problem.

Following small fixup plugin could be used to affect how entries are
generated. If you add it to /usr/lib/python2.7/site-packages/ipalib/plugins on IPA master and restart httpd service, the plugin would modify migrate-ds command so
that 'sn' attribute would be set to a 'Migrated User Last Name' for all
entries that miss 'sn' attribute before they actually get added into IPA
LDAP.

This is an experimental hack, of course, but it should work. Once
migration is finished, don't forget to remove the file and restart httpd
service again.

--
/ Alexander Bokovoy
from .migration import migrate_ds

_fixup_pre_callback_user = None
def _pre_callback_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, 
**kwargs):
    dn = _fixup_pre_callback_user(ldap, pkey, dn, entry_attrs, failed, config, 
ctx, **kwargs)
    if entry_attrs.get('sn', None) is None:
        entry_attrs['sn'] = [u'Migrated User Last Name']
    return dn

_fixup_pre_callback_user = migrate_ds.migrate_objects['user']['pre_callback']
migrate_ds.migrate_objects['user']['pre_callback'] = _pre_callback_user
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to