Re: [Freeipa-users] v1 to v2 migration problem: unknown object class radiusprofile and attribute memberofindirect not allowed
Dan Scott wrote: Hi, On Tue, May 31, 2011 at 13:41, Rob Crittendenrcrit...@redhat.com wrote: Dmitri Pal wrote: On 05/31/2011 10:45 AM, tomasz.napier...@allegro.pl wrote: Hi, I'm trying to migrate data form our current FreeIPA install (v1) and I'm having problems with nonexistant objectClass in v2, which seems to be by default present in v1: ipa migrate-ds --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accountsldap://ipaserverv1:389 Failed user: username: unknown object class radiusprofile Also groups that are memboers of other groups are having problems too: groupname: attribute memberofindirect not allowed Is there any way to avoid this errors during migration? I do not think we tried this migration. Do you have any radius data populated in the v1? It seems that this is in come way getting in the way. The second issue is more worrying. We will see what can be done. Please file two tickets and we will try to look at them. The second problem is fixed upstream. The objectclass problem is a bit trickier. We don't currently offer e mechanism for adding/dropping objectclasses on-the-fly. The best fix would be to remove the OC from all users in the v1 server then do the migration. This is assuming you aren't using radius in v1. An alternative fix would be to drop the file 60radius.ldif into the v2 schema directory and restart dirsrv: On your v1 server it is in /etc/dirsrv/slapd-INSTANCE/schema. Copy this to the equivalent location on the v2 server. Sorry to jump on this so late. Do you know if the fix for groupname: attribute memberofindirect not allowed has been released yet? I'm running Fedora 15 with the latest updates from updates-testing and trying to migrate from FreeIPA 1.2. I've fixed the Radius issue by adding the 60radius.ldif file to the FreeIPA 2.0 schema as suggested. Now, I'm getting groupname: attribute memberofindirect not allowed for all of my members. The groups all appear to migrate successfully. Thanks, Dan Not released yet. I had wanted to release another 2.0.x dot release and update the tarball in Fedora. We're close to releasing 2.1 so I wonder if we'd be better off waiting for that (few more weeks). rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] v1 to v2 migration problem: unknown object class radiusprofile and attribute memberofindirect not allowed
Hi, On Tue, May 31, 2011 at 13:41, Rob Crittenden rcrit...@redhat.com wrote: Dmitri Pal wrote: On 05/31/2011 10:45 AM, tomasz.napier...@allegro.pl wrote: Hi, I'm trying to migrate data form our current FreeIPA install (v1) and I'm having problems with nonexistant objectClass in v2, which seems to be by default present in v1: ipa migrate-ds --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accountsldap://ipaserverv1:389 Failed user: username: unknown object class radiusprofile Also groups that are memboers of other groups are having problems too: groupname: attribute memberofindirect not allowed Is there any way to avoid this errors during migration? I do not think we tried this migration. Do you have any radius data populated in the v1? It seems that this is in come way getting in the way. The second issue is more worrying. We will see what can be done. Please file two tickets and we will try to look at them. The second problem is fixed upstream. The objectclass problem is a bit trickier. We don't currently offer e mechanism for adding/dropping objectclasses on-the-fly. The best fix would be to remove the OC from all users in the v1 server then do the migration. This is assuming you aren't using radius in v1. An alternative fix would be to drop the file 60radius.ldif into the v2 schema directory and restart dirsrv: On your v1 server it is in /etc/dirsrv/slapd-INSTANCE/schema. Copy this to the equivalent location on the v2 server. Sorry to jump on this so late. Do you know if the fix for groupname: attribute memberofindirect not allowed has been released yet? I'm running Fedora 15 with the latest updates from updates-testing and trying to migrate from FreeIPA 1.2. I've fixed the Radius issue by adding the 60radius.ldif file to the FreeIPA 2.0 schema as suggested. Now, I'm getting groupname: attribute memberofindirect not allowed for all of my members. The groups all appear to migrate successfully. Thanks, Dan ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] v1 to v2 migration problem: unknown object class radiusprofile and attribute memberofindirect not allowed
On 05/31/2011 10:45 AM, tomasz.napier...@allegro.pl wrote: Hi, I'm trying to migrate data form our current FreeIPA install (v1) and I'm having problems with nonexistant objectClass in v2, which seems to be by default present in v1: ipa migrate-ds --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts ldap://ipaserverv1:389 Failed user: username: unknown object class radiusprofile Also groups that are memboers of other groups are having problems too: groupname: attribute memberofindirect not allowed Is there any way to avoid this errors during migration? I do not think we tried this migration. Do you have any radius data populated in the v1? It seems that this is in come way getting in the way. The second issue is more worrying. We will see what can be done. Please file two tickets and we will try to look at them. Regards, ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] v1 to v2 migration problem: unknown object class radiusprofile and attribute memberofindirect not allowed
Dmitri Pal wrote: On 05/31/2011 10:45 AM, tomasz.napier...@allegro.pl wrote: Hi, I'm trying to migrate data form our current FreeIPA install (v1) and I'm having problems with nonexistant objectClass in v2, which seems to be by default present in v1: ipa migrate-ds --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accountsldap://ipaserverv1:389 Failed user: username: unknown object class radiusprofile Also groups that are memboers of other groups are having problems too: groupname: attribute memberofindirect not allowed Is there any way to avoid this errors during migration? I do not think we tried this migration. Do you have any radius data populated in the v1? It seems that this is in come way getting in the way. The second issue is more worrying. We will see what can be done. Please file two tickets and we will try to look at them. The second problem is fixed upstream. The objectclass problem is a bit trickier. We don't currently offer e mechanism for adding/dropping objectclasses on-the-fly. The best fix would be to remove the OC from all users in the v1 server then do the migration. This is assuming you aren't using radius in v1. An alternative fix would be to drop the file 60radius.ldif into the v2 schema directory and restart dirsrv: On your v1 server it is in /etc/dirsrv/slapd-INSTANCE/schema. Copy this to the equivalent location on the v2 server. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
