Re: [Freeipa-users] trouble editing user details after migrating from openldap

[Steve Nolen]

Hi Dmitri!

ldapsearch was exactly the pointer I needed! My entries had
objectClass=extensibleObject, which, as soon as I removed via:
ipa user-mod ldaptest --delattr objectclass=extensibleobject

i'm able to edit!

Thanks so much for the help!

On Wed, Nov 5, 2014 at 11:33 AM, Dmitri Pal  wrote:

>  On 11/05/2014 10:19 AM, Steve Nolen wrote:
>
> Hi All!
>
>  I'm looking at migrating from openldap to freeipa (currently using 3.3.3
> on centos7, installed from the default centos repos, as I'd prefer to use
> centos over fedora) and I have a bit of a snag after importing users with
> migration-ds: I can't edit the details of migrated users in the web ui (but
> I can via `ipa user-mod`).
>
>  Steps to reproduce:
> 1. kinit admin
> 2. ipa config-mod --enable-migration=TRUE
> 3. ipa migrate-ds --base-dn='dc=example,dc=com'
> --user-container='ou=People' --group-container='ou=Group'
> --bind-dn='cn=admin' --with-compat --schema='RFC2307'
> 4. ipa config-mod --enable-migration=FALSE
> 5. ipa user-mod test1 --last=LastName1 (success)
> 6. visit web ui (logging in as admin), user test1 has "LastName1" as "last
> name" field, but no fields on this page are editable.
> 7. create new user via web ui "test2".
> 8. all fields are editable for user test2.
>
>  Based on the success from step 5, it would appear that the admin user
> has the rights to modify test1's details, but the web ui disagrees?
>
>  Thanks!
> Steve
>
>
>  Can you please do an ldap search and get the full entry for one of the
> migrated users and one for the one of the created users.
> You might also try --raw flag and use user-show command.
> I suspect the migrated entries are missing some attribute. If you can help
> us to identify which one would be great.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] trouble editing user details after migrating from openldap

[Dmitri Pal]

On 11/05/2014 10:19 AM, Steve Nolen wrote:

Hi All!

I'm looking at migrating from openldap to freeipa (currently using 
3.3.3 on centos7, installed from the default centos repos, as I'd 
prefer to use centos over fedora) and I have a bit of a snag after 
importing users with migration-ds: I can't edit the details of 
migrated users in the web ui (but I can via `ipa user-mod`).


Steps to reproduce:
1. kinit admin
2. ipa config-mod --enable-migration=TRUE
3. ipa migrate-ds --base-dn='dc=example,dc=com' 
--user-container='ou=People' --group-container='ou=Group' 
--bind-dn='cn=admin' --with-compat --schema='RFC2307'

4. ipa config-mod --enable-migration=FALSE
5. ipa user-mod test1 --last=LastName1 (success)
6. visit web ui (logging in as admin), user test1 has "LastName1" as 
"last name" field, but no fields on this page are editable.

7. create new user via web ui "test2".
8. all fields are editable for user test2.

Based on the success from step 5, it would appear that the admin user 
has the rights to modify test1's details, but the web ui disagrees?


Thanks!
Steve


Can you please do an ldap search and get the full entry for one of the 
migrated users and one for the one of the created users.

You might also try --raw flag and use user-show command.
I suspect the migrated entries are missing some attribute. If you can 
help us to identify which one would be great.


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project