Re: [Freeipa-users] groups migration
On Tue, Jun 19, 2012 at 3:19 PM, Rob Crittenden rcrit...@redhat.com wrote: Pass in --schema=RFC2307 to the migrate-ds command to migrate these groups. Thank you Rob. I tried this option and it didn't helped, my groups in ipa are steel empty :(. regards, Maciej Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration
Maciej Sawicki wrote: On Tue, Jun 19, 2012 at 3:19 PM, Rob Crittendenrcrit...@redhat.com wrote: Pass in --schema=RFC2307 to the migrate-ds command to migrate these groups. Thank you Rob. I tried this option and it didn't helped, my groups in ipa are steel empty :(. regards, Maciej Sawicki It won't re-migrate a group once it is added. Did you remove the group in IPA before trying again? I did a quickie test using a current build from master (what will become 3.0) and it worked ok. We haven't done any migration changes since 2.2 so it should be the same code. What version and platform are you using? The command-line I used was: # ipa migrate-ds ldap://pogo.example.com:3389 --schema=RFC2307 --with- compat My data was: dn: uid=user1,ou=People,dc=greyoak,dc=com objectclass: top objectclass: posixaccount objectclass: inetorgperson sn: User givenname: test uid: user1 uidnumber: 1 gidnumber: 10001 loginshell: /bin/sh homedirectory: /home/user1 cn: Test User dn: uid=user2,ou=People,dc=greyoak,dc=com objectclass: top objectclass: posixaccount objectclass: inetorgperson sn: User givenname: test uid: user2 uidnumber: 10003 gidnumber: 10004 loginshell: /bin/sh homedirectory: /home/user2 cn: Test User 2 dn: uid=user3,ou=People,dc=greyoak,dc=com objectclass: top objectclass: posixaccount objectclass: inetorgperson sn: User givenname: test uid: user3 uidnumber: 10005 gidnumber: 10006 loginshell: /bin/sh homedirectory: /home/user3 cn: Test User 3 dn: cn=schema,ou=Groups,dc=greyoak,dc=com objectClass: top objectClass: groupOfUniqueNames objectClass: posixgroup cn: schema ou: groups gidnumber: 10004 description: People who can manage engineer entries memberUid: user1 memberUid: user2 memberUid: user3 # ipa group-show schema Group name: schema Description: People who can manage engineer entries GID: 10004 Member users: user1, user2, user3 rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration
On Mon, Jun 18, 2012 at 7:24 PM, Rob Crittenden rcrit...@redhat.com wrote If you could provide an ldif for one of the groups to be migrated we can tell you. dn: cn=management-team,ou=groups,dc=domain,dc=com objectClass: posixGroup cn: management-team gidNumber: 10004 description: Management team of SomeCompany memberUid: some.user0 memberUid: some.user1 memberUid: some.user2 regards, Maciej Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration
On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki maciej.sawi...@polidea.pl wrote: Hi, I (almost) managed to migrate groups from my previous server. That is groups names migrated perfectly, unfortunately when I login to web panel all groups are empty. I used following command: ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups' --group-objectclas='posixGroup' I will appreciate any help. I think the problem is that my current installation use memberUid attribute in group object and free-ipa uses memberUid in user object. I find the compatibility plugin so I think after migration it will allow me to use IPA in legacy environment. The problem is how to preform migration? Can I use migrate script for this or should I write my own? regards, Maciek Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration
Maciej Sawicki wrote: On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki maciej.sawi...@polidea.pl wrote: Hi, I (almost) managed to migrate groups from my previous server. That is groups names migrated perfectly, unfortunately when I login to web panel all groups are empty. I used following command: ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups' --group-objectclas='posixGroup' I will appreciate any help. I think the problem is that my current installation use memberUid attribute in group object and free-ipa uses memberUid in user object. I find the compatibility plugin so I think after migration it will allow me to use IPA in legacy environment. The problem is how to preform migration? Can I use migrate script for this or should I write my own? Pass in --schema=RFC2307 to the migrate-ds command to migrate these groups. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration
On Thu, Jun 14, 2012 at 8:00 PM, Simo Sorce s...@redhat.com wrote: On Thu, 2012-06-14 at 15:34 +0200, Maciej Sawicki wrote: bump On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki maciej.sawi...@polidea.pl wrote: Hi, I (almost) managed to migrate groups from my previous server. That is groups names migrated perfectly, unfortunately when I login to web panel all groups are empty. I used following command: ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups' --group-objectclas='posixGroup' I will appreciate any help. Hi Maciej, what kind of schema is in used in the server you want to migrate from ? rfc2309/rfc2309bis ? other ? I think its rfc2307: maciej.sawicki@lem:/etc/ldap$ grep -r 2307 schema/nis.schema # Definitions from RFC2307 (Experimental) # Note: The definitions in RFC2307 are given in syntaxes closely related # i.e. nisSchema in RFC2307 is 1.3.6.1.1.1 maciej.sawicki@lem:/etc/ldap$ Is there any better way to check this? Some more info about ipa server: os: Fedora 17 ipa version: 2.2 regards, Maciej Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration
Maciej Sawicki wrote: On Thu, Jun 14, 2012 at 8:00 PM, Simo Sorces...@redhat.com wrote: On Thu, 2012-06-14 at 15:34 +0200, Maciej Sawicki wrote: bump On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki maciej.sawi...@polidea.pl wrote: Hi, I (almost) managed to migrate groups from my previous server. That is groups names migrated perfectly, unfortunately when I login to web panel all groups are empty. I used following command: ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups' --group-objectclas='posixGroup' I will appreciate any help. Hi Maciej, what kind of schema is in used in the server you want to migrate from ? rfc2309/rfc2309bis ? other ? I think its rfc2307: maciej.sawicki@lem:/etc/ldap$ grep -r 2307 schema/nis.schema # Definitions from RFC2307 (Experimental) # Note: The definitions in RFC2307 are given in syntaxes closely related # i.e. nisSchema in RFC2307 is 1.3.6.1.1.1 maciej.sawicki@lem:/etc/ldap$ Is there any better way to check this? Some more info about ipa server: os: Fedora 17 ipa version: 2.2 If you could provide an ldif for one of the groups to be migrated we can tell you. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration
On Thu, 2012-06-14 at 15:34 +0200, Maciej Sawicki wrote: bump On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki maciej.sawi...@polidea.pl wrote: Hi, I (almost) managed to migrate groups from my previous server. That is groups names migrated perfectly, unfortunately when I login to web panel all groups are empty. I used following command: ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups' --group-objectclas='posixGroup' I will appreciate any help. Hi Maciej, what kind of schema is in used in the server you want to migrate from ? rfc2309/rfc2309bis ? other ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] groups migration
Hi, I (almost) managed to migrate groups from my previous server. That is groups names migrated perfectly, unfortunately when I login to web panel all groups are empty. I used following command: ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups' --group-objectclas='posixGroup' I will appreciate any help. regards, Maciej Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration problem
On Tue, Mar 20, 2012 at 7:22 PM, Rob Crittenden rcrit...@redhat.com wrote: The basedn is automatically appended. Try --group-container=ou=groups Hi Rob, Thanks for quick answer. I tried it today. Didn't helped. [root@free-ipa ~]# ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=polidea,dc=pl --group-container='ou=groups' Password: ipa: ERROR: Container for group not found regards, Maciej Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration problem
Hi, I Solved my problem :D. I had to add --group-objectclas argument: ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=polidea,dc=pl --group-container='ou=groups' --group-objectclas='posixGroup' Anyway I think ipa: ERROR: Container for group not found error is confusing. best regards, Maciej Sawicki On Fri, Mar 23, 2012 at 11:16 AM, Maciej Sawicki maciej.sawi...@polidea.pl wrote: On Tue, Mar 20, 2012 at 7:22 PM, Rob Crittenden rcrit...@redhat.com wrote: The basedn is automatically appended. Try --group-container=ou=groups Hi Rob, Thanks for quick answer. I tried it today. Didn't helped. [root@free-ipa ~]# ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=polidea,dc=pl --group-container='ou=groups' Password: ipa: ERROR: Container for group not found regards, Maciej Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration problem
On 03/20/2012 07:22 PM, Rob Crittenden wrote: Maciej Sawicki wrote: Hi, I haven't manage to migrate ldap groups (in free ipa panel I see that users are migrated) #ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=polidea,dc=pl --group-container='ou=groups,dc=polidea,dc=pl' #ipa: ERROR: Container for group not found My old ldap setup: https://skitch.com/viroos/8miq5/ldap-ou-groups-dc-polidea-dc-pl-lem-apache-directory-studio. The basedn is automatically appended. Try --group-container=ou=groups regards rob It would be nice to include something like The basedn was automatically appended. to this kind of error messages. Another option is to print whole DN as part of error message. Petr^2 Spacek ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] groups migration problem
Maciej Sawicki wrote: Hi, I haven't manage to migrate ldap groups (in free ipa panel I see that users are migrated) #ipa migrate-ds ldap://192.168.1.125:389 --bind-dn=cn=admin,dc=polidea,dc=pl --group-container='ou=groups,dc=polidea,dc=pl' #ipa: ERROR: Container for group not found My old ldap setup: https://skitch.com/viroos/8miq5/ldap-ou-groups-dc-polidea-dc-pl-lem-apache-directory-studio. The basedn is automatically appended. Try --group-container=ou=groups regards rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users