thank you for this - i think this should even work for missing some
mandatory (gid) attributes...
--- Ernedin ZAJKO
On Thu, Sep 1, 2016 at 9:26 PM, Alexander Bokovoy <aboko...@redhat.com> wrote:
> On Thu, 01 Sep 2016, William Muriithi wrote:
>> I have an openLDAP system that lack a required attribute. This result
>> in the migration script rejecting all the user import.
>> I have googled externsively, read ever line of ipa migration --help
>> doc and it doesn't seem I will be able to use this migration script.
>> I wonder if there is anybody here who have been able to overcome this
>> problem in the past.
>> [root@hydrogen ~]# ipa -v migrate-ds --with-compat
>> --group-objectclass="posixGroup" --user-objectclass="account"
>> ipa: INFO: trying https://hydrogen.eng.example.com/ipa/session/json
>> ipa: INFO: Forwarding 'migrate_ds' to json server
>> Failed user:
>> aagrim: missing attribute "sn" required by object class
>> acctemp: missing attribute "sn" required by object class
> This looks like a common problem. I had recently made a small 'hack' to
> solve this problem.
> Following small fixup plugin could be used to affect how entries are
> generated. If you add it to /usr/lib/python2.7/site-packages/ipalib/plugins
> on IPA master and restart httpd service, the plugin would modify migrate-ds
> command so
> that 'sn' attribute would be set to a 'Migrated User Last Name' for all
> entries that miss 'sn' attribute before they actually get added into IPA
> This is an experimental hack, of course, but it should work. Once
> migration is finished, don't forget to remove the file and restart httpd
> service again.
> / Alexander Bokovoy
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project