Re: [Freeipa-users] Migration works on 3 but not 4?

2014-08-27 Thread Martin Kosek

On 08/27/2014 07:47 AM, Kat wrote:

Hi all...

Migrating from Open LDAP and it works fine to FreeIPA to 3.x but 4.x I get
migration errors?

/Constraint violation: invalid password syntax - passwords with storage scheme
are not allowed/

I did find one reference to this in the archives, but it references 389-ds
1.3.2.20 and i am running 1.3.2.22, so am I missing something?

~K


Hello Kat,

You are exactly on spot. This problem is caused by 389-ds-base not allowing 
hashed password, you can find details in


https://fedorahosted.org/freeipa/ticket/4450

This *was* fixed with DS 1.3.2.20. Unfortunately, there was a security update 
in the DS and it had to be based on 1.3.2.19 again and versioned 1.3.2.22 (i.e. 
without the fix for 4450).


Noriko, what are the time plans regarding a release of the DS based on 1.3.2.20 
+ the security update?


Thanks,
Martin

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project


Re: [Freeipa-users] Migration works on 3 but not 4?

2014-08-27 Thread Ludwig Krispenz


On 08/27/2014 09:14 AM, Martin Kosek wrote:

On 08/27/2014 07:47 AM, Kat wrote:

Hi all...

Migrating from Open LDAP and it works fine to FreeIPA to 3.x but 4.x 
I get

migration errors?

/Constraint violation: invalid password syntax - passwords with 
storage scheme

are not allowed/

I did find one reference to this in the archives, but it references 
389-ds

1.3.2.20 and i am running 1.3.2.22, so am I missing something?

~K


Hello Kat,

You are exactly on spot. This problem is caused by 389-ds-base not 
allowing hashed password, you can find details in


https://fedorahosted.org/freeipa/ticket/4450

This *was* fixed with DS 1.3.2.20. Unfortunately, there was a security 
update in the DS and it had to be based on 1.3.2.19 again and 
versioned 1.3.2.22 (i.e. without the fix for 4450).


Noriko, what are the time plans regarding a release of the DS based on 
1.3.2.20 + the security update?

There are two outstanding tickets for 1.3.2.23:
47871: the crash you reported, Thierry has a fix and I think it is good 
to commit

47866: invalid (null) values for dna config entries, I'll look into this.


Thanks,
Martin



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project