Re: [Freeipa-users] Doubt on FreeIPA LDAP extensibility

2012-03-18 Thread Marco Pizzoli
Hi Simo, On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce wrote: > On Sat, 2012-03-17 at 11:12 +0100, Marco Pizzoli wrote: > > Hi guys, > > > > I extended my set of LDAP objectClasses associated to users by adding > > my new objectClass to my cn=ipaConfig LDAP entry, the > > ipaUserObjectClasses attr

Re: [Freeipa-users] Doubt on FreeIPA LDAP extensibility

2012-03-18 Thread Dmitri Pal
On 03/18/2012 08:59 AM, Marco Pizzoli wrote: > Hi Simo, > > On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce > wrote: > > On Sat, 2012-03-17 at 11:12 +0100, Marco Pizzoli wrote: > > Hi guys, > > > > I extended my set of LDAP objectClasses associated to users by >

Re: [Freeipa-users] Migration from LDAP to IPA

2012-03-18 Thread Dmitri Pal
On 03/17/2012 06:24 AM, Marco Pizzoli wrote: > Hi, > by looking at the RHEL6 IPA documentation I can find instructions on > how migrate from an existing LDAP server to IPA. > > It's cited the step: > ipa config-mod --enable-migration=TRUE > > Please, could you explain to me what is the internal sco

Re: [Freeipa-users] Problem in "ipa migrate-ds" procedure

2012-03-18 Thread Dmitri Pal
On 03/17/2012 07:36 AM, Marco Pizzoli wrote: > Hi guys, > I'm trying to migrate my ldap user base to freeipa. I'm using the last > Release Candidate. > > I already changed "ipa config-mod --enable-migration=TRUE" > This is what I have: > > ipa -v migrate-ds --bind-dn="cn=manager,dc=mydc1,dc=mydc2.i

Re: [Freeipa-users] Doubt on FreeIPA LDAP extensibility

2012-03-18 Thread Marco Pizzoli
Hi Dmitri, On Sun, Mar 18, 2012 at 5:41 PM, Dmitri Pal wrote: > ** > On 03/18/2012 08:59 AM, Marco Pizzoli wrote: > > Hi Simo, > > On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce wrote: > >> On Sat, 2012-03-17 at 11:12 +0100, Marco Pizzoli wrote: >> > Hi guys, >> > >> > I extended my set of LDAP o

Re: [Freeipa-users] Doubt on FreeIPA LDAP extensibility

2012-03-18 Thread Dmitri Pal
On 03/18/2012 01:00 PM, Marco Pizzoli wrote: > Hi Dmitri, > > On Sun, Mar 18, 2012 at 5:41 PM, Dmitri Pal > wrote: > > On 03/18/2012 08:59 AM, Marco Pizzoli wrote: >> Hi Simo, >> >> On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce > > wrot

Re: [Freeipa-users] Doubt on FreeIPA LDAP extensibility

2012-03-18 Thread Marco Pizzoli
On Sun, Mar 18, 2012 at 6:04 PM, Dmitri Pal wrote: > ** > On 03/18/2012 01:00 PM, Marco Pizzoli wrote: > > Hi Dmitri, > > On Sun, Mar 18, 2012 at 5:41 PM, Dmitri Pal wrote: > >> On 03/18/2012 08:59 AM, Marco Pizzoli wrote: >> >> Hi Simo, >> >> On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce wrote

Re: [Freeipa-users] Problem in "ipa migrate-ds" procedure

2012-03-18 Thread Marco Pizzoli
On Sun, Mar 18, 2012 at 5:49 PM, Dmitri Pal wrote: > ** > On 03/17/2012 07:36 AM, Marco Pizzoli wrote: > > Hi guys, > I'm trying to migrate my ldap user base to freeipa. I'm using the last > Release Candidate. > > I already changed "ipa config-mod --enable-migration=TRUE" > This is what I have: >

Re: [Freeipa-users] Problem in "ipa migrate-ds" procedure

2012-03-18 Thread Dmitri Pal
On 03/18/2012 01:33 PM, Marco Pizzoli wrote: > > > On Sun, Mar 18, 2012 at 5:49 PM, Dmitri Pal > wrote: > > On 03/17/2012 07:36 AM, Marco Pizzoli wrote: >> Hi guys, >> I'm trying to migrate my ldap user base to freeipa. I'm using the >> last Release Candidat

[Freeipa-users] Extending IPA schema for Federation services.

2012-03-18 Thread Steven Jones
Hi, Is it possible to expand IPA's schema to do this? === Your Identity Management System (IdMS) will very likely have most of the attributes asked for by the federation - or will have enough information to synthesize the specific attribute values on the fly inside the IdP.

Re: [Freeipa-users] Extending IPA schema for Federation services.

2012-03-18 Thread Dmitri Pal
On 03/18/2012 08:55 PM, Steven Jones wrote: > Hi, > > > Is it possible to expand IPA's schema to do this? > > Yes. Steps: 1) Convert schema to the correct schema format 2) Add it to the DS schema by placing the file onto the right place. Now you have it available for use by IPA via LDAP tools. 3)