I used the following command trsnafere acc/group from 3.0 -4.0 successfuly ipa migrate-ds --bind-dn="cn=Directory Manager" --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts --user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry} --user-ignore-objectclass=mepOriginEntry --with-compat ldap://abc.cde.com
BUT not all users transfer Kerberos account http://abc.cde.com/ipa/migration The strange is that I use abc.cde.com:389 in some 3rd party apps it can still read all users 's passwords. SO kerberos account and ldap accounts are different things ? LDAP passwords success transferred? I no need to askall users to http://abc.cde.com/ipa/migration change right ? the Admin UI only need admin to launch .. Regards Barry
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KLM3IFOKSWNGQE27KKCXWQHJP5PCJTSQ/