Ryan M. Casey wrote:
I’m attempting to migrate our OpenLDAP+Kerberos authentication scheme to
FreeIPA. Running the following migration command:
ipa migrate-ds --bind-dn="cn=admin,dc=foo,dc=com"
--base-dn="dc=foo,dc=com" --user-container="ou=users"
--group-container="ou=group" --user-objectclass="posixAccount"
--group-objectclass="posixGroup" ldap://ldap.foo.com
results in this error in/var/log/httpd/error_log:
ValueError: unable to convert the attribute "krbPrincipalKey" value
I’ve tried to exclude the attribute using
–user-attribute-ignore=krbPrincipalKey, but am still receiving the same
error message. Our server is running Fedora 19 with the latest version
of FreeIPA available. Anyone have any ideas on how I can resolve this?
I think that IPA is having an issue with the data in your LDAP server,
at least for one record. I think in this case the syntax of the entry
doesn't match what we expect it to be.
The ignore is applied after reading in the remote entry, so if we can't
understand it then it never gets far enough to ignore it. This is being
looked at in development versions.
So I think the first step would be to find the offending entry.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
