[Freeipa-users] Migration from LDAP to IPA
Hi, by looking at the RHEL6 IPA documentation I can find instructions on how migrate from an existing LDAP server to IPA. It's cited the step: ipa config-mod --enable-migration=TRUE Please, could you explain to me what is the internal scope of this command? Also, is it normal that (always in the doc) after executing ipa migrate-ds I don't have to revert to ipa config-mod --enable-migration=FALSE Thanks again Marco ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Problem in ipa migrate-ds procedure
Hi guys, I'm trying to migrate my ldap user base to freeipa. I'm using the last Release Candidate. I already changed ipa config-mod --enable-migration=TRUE This is what I have: ipa -v migrate-ds --bind-dn=cn=manager,dc=mydc1,dc=mydc2.it --user-container=ou=people,dc=mydc1,dc=mydc2.it --user-objectclass=inetOrgPerson --group-container=ou=groups,dc=mydc1,dc= mydc2.it --group-objectclass=posixGroup --base-dn=dc=mydc1,dc=mydc2.it --with-compat ldap://ldap01 ipa: INFO: trying https://freeipa01.unix.mydomain.it/ipa/xml Password: ipa: INFO: Forwarding 'migrate_ds' to server u' http://freeipa01.unix.mydomain.it/ipa/xml' ipa: ERROR: Container for group not found at ou=groups,dc=mydc1,dc=mydc2.it I looked at my ldap server logs and I found out that the search executed has scope=1. Actually both for users and groups. This is a problem for me, in having a lot of subtrees (ou) in which my users and groups are. Is there a way to manage this? Thanks in advance Marco P.s. As a side note, I suppose there's a typo in the verbose message I obtain in my output: ipa: INFO: Forwarding 'migrate_ds' to server *u*' http://freeipa01.unix.mydomain.it/ipa/xml' ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Doubt on FreeIPA LDAP extensibility
On Sat, 2012-03-17 at 11:12 +0100, Marco Pizzoli wrote: Hi guys, I extended my set of LDAP objectClasses associated to users by adding my new objectClass to my cn=ipaConfig LDAP entry, the ipaUserObjectClasses attribute. Then, I created a new user with the web ui and I see the new objectClass associated with that user, but as structural instead of auxiliary. I don't know why, could you help me? Same thing happened for my groups. I added 3 objectClasses and now I see all of them as structural. I would understand an answer: all objectClasses eventually result as structural, but so why, for example, the ipaObject is still an auxiliary objectClass? The objectClass type depends on the schema. It is not something that changes after you assign it to an object. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
