Re: [Freeipa-users] groups migration

2012-06-21 Thread Maciej Sawicki
On Tue, Jun 19, 2012 at 3:19 PM, Rob Crittenden rcrit...@redhat.com wrote:
 Pass in --schema=RFC2307 to the migrate-ds command to migrate these groups.


Thank you Rob. I tried this option and it didn't helped, my groups in
ipa are steel empty :(.

regards,
Maciej Sawicki

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration

2012-06-21 Thread Rob Crittenden

Maciej Sawicki wrote:

On Tue, Jun 19, 2012 at 3:19 PM, Rob Crittendenrcrit...@redhat.com  wrote:

Pass in --schema=RFC2307 to the migrate-ds command to migrate these groups.



Thank you Rob. I tried this option and it didn't helped, my groups in
ipa are steel empty :(.

regards,
Maciej Sawicki


It won't re-migrate a group once it is added. Did you remove the group 
in IPA before trying again?


I did a quickie test using a current build from master (what will become 
3.0) and it worked ok. We haven't done any migration changes since 2.2 
so it should be the same code. What version and platform are you using?


The command-line I used was:

# ipa migrate-ds ldap://pogo.example.com:3389 --schema=RFC2307 --with-
compat

My data was:

dn: uid=user1,ou=People,dc=greyoak,dc=com
objectclass: top
objectclass: posixaccount
objectclass: inetorgperson
sn: User
givenname: test
uid: user1
uidnumber: 1
gidnumber: 10001
loginshell: /bin/sh
homedirectory: /home/user1
cn: Test User

dn: uid=user2,ou=People,dc=greyoak,dc=com
objectclass: top
objectclass: posixaccount
objectclass: inetorgperson
sn: User
givenname: test
uid: user2
uidnumber: 10003
gidnumber: 10004
loginshell: /bin/sh
homedirectory: /home/user2
cn: Test User 2

dn: uid=user3,ou=People,dc=greyoak,dc=com
objectclass: top
objectclass: posixaccount
objectclass: inetorgperson
sn: User
givenname: test
uid: user3
uidnumber: 10005
gidnumber: 10006
loginshell: /bin/sh
homedirectory: /home/user3
cn: Test User 3

dn: cn=schema,ou=Groups,dc=greyoak,dc=com
objectClass: top
objectClass: groupOfUniqueNames
objectClass: posixgroup
cn: schema
ou: groups
gidnumber: 10004
description: People who can manage engineer entries
memberUid: user1
memberUid: user2
memberUid: user3

# ipa group-show schema
  Group name: schema
  Description: People who can manage engineer entries
  GID: 10004
  Member users: user1, user2, user3

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration

2012-06-19 Thread Maciej Sawicki
On Mon, Jun 18, 2012 at 7:24 PM, Rob Crittenden rcrit...@redhat.com wrote

 If you could provide an ldif for one of the groups to be migrated we can
 tell you.


dn: cn=management-team,ou=groups,dc=domain,dc=com
objectClass: posixGroup
cn: management-team
gidNumber: 10004
description: Management team of SomeCompany
memberUid: some.user0
memberUid: some.user1
memberUid: some.user2

regards,
Maciej Sawicki

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration

2012-06-19 Thread Maciej Sawicki
On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki
maciej.sawi...@polidea.pl wrote:
 Hi,
 I (almost) managed to migrate groups from my previous server. That is
 groups names migrated perfectly, unfortunately when I login to web
 panel all groups are empty.

 I used following command:
 ipa migrate-ds ldap://192.168.1.125:389
 --bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups'
 --group-objectclas='posixGroup'

 I will appreciate any help.


I think the problem is that my current installation use memberUid
attribute in group object and free-ipa uses memberUid in user
object.

I find the compatibility plugin so I think after migration it will
allow me to use IPA in legacy environment. The problem is how to
preform migration? Can I use migrate script for this or should I write
my own?

regards,
Maciek Sawicki

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration

2012-06-19 Thread Rob Crittenden

Maciej Sawicki wrote:

On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki
maciej.sawi...@polidea.pl  wrote:

Hi,
I (almost) managed to migrate groups from my previous server. That is
groups names migrated perfectly, unfortunately when I login to web
panel all groups are empty.

I used following command:
ipa migrate-ds ldap://192.168.1.125:389
--bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups'
--group-objectclas='posixGroup'

I will appreciate any help.



I think the problem is that my current installation use memberUid
attribute in group object and free-ipa uses memberUid in user
object.

I find the compatibility plugin so I think after migration it will
allow me to use IPA in legacy environment. The problem is how to
preform migration? Can I use migrate script for this or should I write
my own?


Pass in --schema=RFC2307 to the migrate-ds command to migrate these groups.

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration

2012-06-18 Thread Maciej Sawicki
On Thu, Jun 14, 2012 at 8:00 PM, Simo Sorce s...@redhat.com wrote:
 On Thu, 2012-06-14 at 15:34 +0200, Maciej Sawicki wrote:
 bump

 On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki
 maciej.sawi...@polidea.pl wrote:
  Hi,
  I (almost) managed to migrate groups from my previous server. That is
  groups names migrated perfectly, unfortunately when I login to web
  panel all groups are empty.
 
  I used following command:
  ipa migrate-ds ldap://192.168.1.125:389
  --bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups'
  --group-objectclas='posixGroup'
 
  I will appreciate any help.
 

 Hi Maciej,
 what kind of schema is in used in the server you want to migrate from ?
 rfc2309/rfc2309bis ? other ?


I think its rfc2307:

maciej.sawicki@lem:/etc/ldap$ grep -r 2307 schema/nis.schema
# Definitions from RFC2307 (Experimental)
# Note: The definitions in RFC2307 are given in syntaxes closely related
# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
maciej.sawicki@lem:/etc/ldap$

Is there any better way to check this?

Some more info about ipa server:
os: Fedora 17
ipa version: 2.2

regards,
Maciej Sawicki

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration

2012-06-18 Thread Rob Crittenden

Maciej Sawicki wrote:

On Thu, Jun 14, 2012 at 8:00 PM, Simo Sorces...@redhat.com  wrote:

On Thu, 2012-06-14 at 15:34 +0200, Maciej Sawicki wrote:

bump

On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki
maciej.sawi...@polidea.pl  wrote:

Hi,
I (almost) managed to migrate groups from my previous server. That is
groups names migrated perfectly, unfortunately when I login to web
panel all groups are empty.

I used following command:
ipa migrate-ds ldap://192.168.1.125:389
--bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups'
--group-objectclas='posixGroup'

I will appreciate any help.



Hi Maciej,
what kind of schema is in used in the server you want to migrate from ?
rfc2309/rfc2309bis ? other ?



I think its rfc2307:

maciej.sawicki@lem:/etc/ldap$ grep -r 2307 schema/nis.schema
# Definitions from RFC2307 (Experimental)
# Note: The definitions in RFC2307 are given in syntaxes closely related
# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
maciej.sawicki@lem:/etc/ldap$

Is there any better way to check this?

Some more info about ipa server:
os: Fedora 17
ipa version: 2.2



If you could provide an ldif for one of the groups to be migrated we can 
tell you.


rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration

2012-06-14 Thread Simo Sorce
On Thu, 2012-06-14 at 15:34 +0200, Maciej Sawicki wrote:
 bump
 
 On Mon, Jun 11, 2012 at 2:11 PM, Maciej Sawicki
 maciej.sawi...@polidea.pl wrote:
  Hi,
  I (almost) managed to migrate groups from my previous server. That is
  groups names migrated perfectly, unfortunately when I login to web
  panel all groups are empty.
 
  I used following command:
  ipa migrate-ds ldap://192.168.1.125:389
  --bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups'
  --group-objectclas='posixGroup'
 
  I will appreciate any help.
 

Hi Maciej,
what kind of schema is in used in the server you want to migrate from ?
rfc2309/rfc2309bis ? other ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


[Freeipa-users] groups migration

2012-06-11 Thread Maciej Sawicki
Hi,
I (almost) managed to migrate groups from my previous server. That is
groups names migrated perfectly, unfortunately when I login to web
panel all groups are empty.

I used following command:
ipa migrate-ds ldap://192.168.1.125:389
--bind-dn=cn=admin,dc=domain,dc=com --group-container='ou=groups'
--group-objectclas='posixGroup'

I will appreciate any help.

regards,
Maciej Sawicki

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration problem

2012-03-23 Thread Maciej Sawicki
On Tue, Mar 20, 2012 at 7:22 PM, Rob Crittenden rcrit...@redhat.com wrote:
 The basedn is automatically appended. Try --group-container=ou=groups


Hi Rob,
Thanks for quick answer. I tried it today. Didn't helped.

[root@free-ipa ~]# ipa migrate-ds ldap://192.168.1.125:389
--bind-dn=cn=admin,dc=polidea,dc=pl --group-container='ou=groups'
Password:
ipa: ERROR: Container for group not found


regards,
Maciej Sawicki

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration problem

2012-03-23 Thread Maciej Sawicki
Hi,
I Solved my problem :D. I had to add  --group-objectclas argument:

ipa migrate-ds ldap://192.168.1.125:389
--bind-dn=cn=admin,dc=polidea,dc=pl --group-container='ou=groups'
--group-objectclas='posixGroup'

Anyway I think  ipa: ERROR: Container for group not found error is confusing.

best regards,
Maciej Sawicki



On Fri, Mar 23, 2012 at 11:16 AM, Maciej Sawicki
maciej.sawi...@polidea.pl wrote:
 On Tue, Mar 20, 2012 at 7:22 PM, Rob Crittenden rcrit...@redhat.com wrote:
 The basedn is automatically appended. Try --group-container=ou=groups


 Hi Rob,
 Thanks for quick answer. I tried it today. Didn't helped.

 [root@free-ipa ~]# ipa migrate-ds ldap://192.168.1.125:389
 --bind-dn=cn=admin,dc=polidea,dc=pl --group-container='ou=groups'
 Password:
 ipa: ERROR: Container for group not found
 

 regards,
 Maciej Sawicki

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration problem

2012-03-21 Thread Petr Spacek

On 03/20/2012 07:22 PM, Rob Crittenden wrote:

Maciej Sawicki wrote:

Hi,
I haven't manage to migrate ldap groups (in free ipa panel I see that
users are migrated)
#ipa migrate-ds ldap://192.168.1.125:389
--bind-dn=cn=admin,dc=polidea,dc=pl
--group-container='ou=groups,dc=polidea,dc=pl'
#ipa: ERROR: Container for group not found

My old ldap setup:
https://skitch.com/viroos/8miq5/ldap-ou-groups-dc-polidea-dc-pl-lem-apache-directory-studio.



The basedn is automatically appended. Try --group-container=ou=groups

regards

rob


It would be nice to include something like The basedn was automatically 
appended. to this kind of error messages.


Another option is to print whole DN as part of error message.

Petr^2 Spacek

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] groups migration problem

2012-03-20 Thread Rob Crittenden

Maciej Sawicki wrote:

Hi,
I haven't manage to migrate ldap groups (in free ipa panel I see that
users are migrated)
#ipa migrate-ds ldap://192.168.1.125:389
--bind-dn=cn=admin,dc=polidea,dc=pl
--group-container='ou=groups,dc=polidea,dc=pl'
#ipa: ERROR: Container for group not found

My old ldap setup:
https://skitch.com/viroos/8miq5/ldap-ou-groups-dc-polidea-dc-pl-lem-apache-directory-studio.


The basedn is automatically appended. Try --group-container=ou=groups

regards

rob


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users