Re: [Freeipa-users] changing search base during migration?

Brian LaMere wrote: It looks like we have a bug when setting an empty base_dn. We try to set it blank but it ends up getting set to the IPA base. so if I just change base_dn from '' to 'dc=briandomain,dc=com' then my selfish desire to complete the migration might complete? ; ) Maybe.

Re: [Freeipa-users] changing search base during migration?

> > It looks like we have a bug when setting an empty base_dn. We try to set it > blank but it ends up getting set to the IPA base. > so if I just change base_dn from '' to 'dc=briandomain,dc=com' then my selfish desire to complete the migration might complete? ; ) > Are you working from IPA v2

Re: [Freeipa-users] changing search base during migration?

Brian LaMere wrote: On Wed, Sep 22, 2010 at 1:14 PM, Rob Crittenden mailto:rcrit...@redhat.com>> wrote: And this request came from newserver? I don't see where we would query namingContexts with this search base. Seems strange that something knew about the new basedn though. aye -

Re: [Freeipa-users] Fedora 11 master replication problems

Excellent, that seems to have solved it, thanks. Dan On Wed, Sep 22, 2010 at 13:32, Rob Crittenden wrote: > Dan Scott wrote: >> >> Hi, >> >> Sorry, I just checked the manpage myself and I see that there's an >> init option to ipa-replica-manage. >> >> On Wed, Sep 22, 2010 at 12:08, Rich Megginso

Re: [Freeipa-users] Probems syncing freeipa v2 to AD

Steven Jones wrote: Hi, I have not seen such an email. https://www.redhat.com/archives/freeipa-users/2010-September/msg00062.html regards Steven Jones Technical Specialist Linux/Vmware Tele 64 4 463 6272 Victoria University Kelburn New Zealand -Original Message- From: Dmitri Pal

Re: [Freeipa-users] Probems syncing freeipa v2 to AD

Hi, I have not seen such an email. regards Steven Jones Technical Specialist Linux/Vmware Tele 64 4 463 6272 Victoria University Kelburn New Zealand -Original Message- From: Dmitri Pal [mailto:d...@redhat.com] Sent: Thursday, 23 September 2010 9:19 a.m. To: Steven Jones Cc: Freeipa-us

Re: [Freeipa-users] Probems syncing freeipa v2 to AD

Steven Jones wrote: > Hi, > > Any idea how to stop the LDAP server hosing itself? > Have you filed a bug with this issue as Rich suggested in his last email? Thank you Dmitri > regards > > Steven Jones Technical Specialist Linux/Vmware > Tele 64 4 463 6272 > Victoria University > Kelburn > Ne

[Freeipa-users] Probems syncing freeipa v2 to AD

Hi, Any idea how to stop the LDAP server hosing itself? regards Steven Jones Technical Specialist Linux/Vmware Tele 64 4 463 6272 Victoria University Kelburn New Zealand -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of St

Re: [Freeipa-users] changing search base during migration?

On Wed, Sep 22, 2010 at 1:14 PM, Rob Crittenden wrote: > And this request came from newserver? I don't see where we would query > namingContexts with this search base. Seems strange that something knew > about the new basedn though. aye - and I can say that the only thing pointing at oldserver

Re: [Freeipa-users] changing search base during migration?

Brian LaMere wrote: seems to, yes (some values changed, but consistently): # ldapsearch -LLL -h oldserver.briandomain.com -x -s base -b '' namingcontexts dn: namingcontexts: dc=briandomain,dc=com However, when I go to the "oldserver" and look in the logs, I s

Re: [Freeipa-users] changing search base during migration?

seems to, yes (some values changed, but consistently): # ldapsearch -LLL -h oldserver.briandomain.com -x -s base -b '' namingcontexts dn: namingcontexts: dc=briandomain,dc=com However, when I go to the "oldserver" and look in the logs, I see this: conn=1416 op=1 SRCH base="dc=brian,dc=internal"

Re: [Freeipa-users] changing search base during migration?

Brian LaMere wrote: I know about --user-container and --group-container, but that's not sufficient; the domain is different, so I want to completely change the search base for migration. Is this possible? Thanks! Brian It looks like it tries to auto-detect the remote search base using the eq

[Freeipa-users] changing search base during migration?

I know about --user-container and --group-container, but that's not sufficient; the domain is different, so I want to completely change the search base for migration. Is this possible? Thanks! Brian ___ Freeipa-users mailing list Freeipa-users@redhat.co

Re: [Freeipa-users] changing primary GID for a user?

On Wed, Sep 22, 2010 at 12:09 PM, James Roman wrote: > On 9/22/10 2:42 PM, Brian LaMere wrote: > >> The primary GID for a user isn't in the web interface for the user to be >> able to change it. >> > Holy cow. What a security flaw that would be if it were. How about a sign > up sheet for admin acc

Re: [Freeipa-users] changing primary GID for a user?

Brian LaMere wrote: The primary GID for a user isn't in the web interface for the user to be able to change it. /usr/sbin/ipa-moduser (what the document references) doesn't exist, nor does "ipa user-mod" have an options for changing the GID. How is this done? I'll assume you're using IPA v2.

[Freeipa-users] changing primary GID for a user?

The primary GID for a user isn't in the web interface for the user to be able to change it. /usr/sbin/ipa-moduser (what the document references) doesn't exist, nor does "ipa user-mod" have an options for changing the GID. How is this done? ___ Freeipa-u

Re: [Freeipa-users] Fedora 11 master replication problems

Dan Scott wrote: Hi, Sorry, I just checked the manpage myself and I see that there's an init option to ipa-replica-manage. On Wed, Sep 22, 2010 at 12:08, Rich Megginson wrote: Initialization is the initial copy of data from the master - The slave server (curie) has been configured and replica

Re: [Freeipa-users] ldap.so problem after --setup-dns

Brian LaMere wrote: I have the following error in the log after named refuses to start: named[1736]: failed to dynamically load driver 'ldap.so': libldap-2.4.so.2: cannot open shared object file: No such file or directory At first I thought it was simply a "bah, they require the i686 library

Re: [Freeipa-users] ldap.so problem after --setup-dns

Brian LaMere wrote: > I have the following error in the log after named refuses to start: > > named[1736]: failed to dynamically load driver 'ldap.so': > libldap-2.4.so.2: cannot open shared object file: No such file or > directory > > At first I thought it was simply a "bah, they require the i686

Re: [Freeipa-users] Fedora 11 master replication problems

Dan Scott wrote: Hi, Sorry, I just checked the manpage myself and I see that there's an init option to ipa-replica-manage. On Wed, Sep 22, 2010 at 12:08, Rich Megginson wrote: Initialization is the initial copy of data from the master - The slave server (curie) has been configured and repl

Re: [Freeipa-users] Fedora 11 master replication problems

Dan Scott wrote: Hi, Thanks for the reply. On Wed, Sep 22, 2010 at 11:56, Rich Megginson wrote: Recently I have been seeing a constant stream of entries in my dirsrv logs for my Fedora 11 FreeIPA master: Replica has a different generation ID than the local data. I'm also seeing issues wh

[Freeipa-users] ldap.so problem after --setup-dns

I have the following error in the log after named refuses to start: named[1736]: failed to dynamically load driver 'ldap.so': libldap-2.4.so.2: cannot open shared object file: No such file or directory At first I thought it was simply a "bah, they require the i686 library and I only have x86_64"

Re: [Freeipa-users] Fedora 11 master replication problems

Hi, Sorry, I just checked the manpage myself and I see that there's an init option to ipa-replica-manage. On Wed, Sep 22, 2010 at 12:08, Rich Megginson wrote: >> Initialization is the initial copy of data from the master - The slave >> server (curie) has been configured and replicating for a whi

Re: [Freeipa-users] Fedora 11 master replication problems

Hi, Thanks for the reply. On Wed, Sep 22, 2010 at 11:56, Rich Megginson wrote: >> Recently I have been seeing a constant stream of entries in my dirsrv >> logs for my Fedora 11 FreeIPA master: >> >> Replica has a different generation ID than the local data. >> >> I'm also seeing issues which app

Re: [Freeipa-users] probems installin freeipa v2

Steven Jones wrote: 8><--- Can you reliably reproduce this behavior after restarting directory server? Please file a bug with the necessary steps to reproduce the issue. 8>< Yes it appears so.. =error [22/Sep/2010:15:58:16 +1200] - slapd shutting down - s

Re: [Freeipa-users] Fedora 11 master replication problems

Dan Scott wrote: Hi, Recently I have been seeing a constant stream of entries in my dirsrv logs for my Fedora 11 FreeIPA master: Replica has a different generation ID than the local data. I'm also seeing issues which appear to be related to incorrect replication. e.g. User changes password and

Re: [Freeipa-users] IPA AD Sync error

Shan Kumaraswamy wrote: Hi Rich, Please find the attached error log file. Please file a bug and include all of the steps necessary to reproduce the issue. On Wed, Sep 22, 2010 at 4:17 PM, Rich Megginson > wrote: Shan Kumaraswamy wrote: And also I

[Freeipa-users] Fedora 11 master replication problems

Hi, Recently I have been seeing a constant stream of entries in my dirsrv logs for my Fedora 11 FreeIPA master: Replica has a different generation ID than the local data. I'm also seeing issues which appear to be related to incorrect replication. e.g. User changes password and is then unable to

Re: [Freeipa-users] IPA AD Sync error

Shan Kumaraswamy wrote: And also I checked the directory server log (error log) its show error: NSMMReplicationPlugin - failed to send dirsync search request: 2 Can you post more of the errors log? Also, the replication log level is also used for winsync debugging: http://directory.fedorapr