I used the following command trsnafere acc/group from 3.0 -4.0 successfuly
ipa migrate-ds --bind-dn="cn=Directory Manager"
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts
--user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry}
--user-ignore-objectclass=mepOriginEntry --with-compat ldap://abc.cde.com
BUT not all users transfer Kerberos account
http://abc.cde.com/ipa/migration
The strange is that I use abc.cde.com:389 in some 3rd party apps it can
still read all users 's passwords.
SO kerberos account and ldap accounts are different things ? LDAP
passwords success transferred? I no need to askall users to
http://abc.cde.com/ipa/migration change right ?
the Admin UI only need admin to launch ..
Regards
Barry
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KLM3IFOKSWNGQE27KKCXWQHJP5PCJTSQ/
