[Freeipa-users] v1 to v2 migration problem: unknown object class "radiusprofile" and attribute "memberofindirect" not allowed

Rob Crittenden rcritten at redhat.com
Thu Jun 30 21:42:47 UTC 2011 

Dan Scott wrote:
> Hi,
>
> On Tue, May 31, 2011 at 13:41, Rob Crittenden<rcritten at redhat.com>  wrote:
>> Dmitri Pal wrote:
>>>
>>>   On 05/31/2011 10:45 AM, tomasz.napierala at allegro.pl wrote:
>>>>
>>>> Hi,
>>>> I'm trying to migrate data form our current FreeIPA install (v1) and I'm
>>>> having problems with nonexistant objectClass in v2, which seems to be by
>>>> default present in v1:
>>>>
>>>> ipa migrate-ds --user-container=cn=users,cn=accounts
>>>> --group-container=cn=groups,cn=accountsldap://ipaserverv1:389
>>>> Failed user:
>>>>    username: unknown object class "radiusprofile"
>>>>
>>>> Also groups that are memboers of other groups are having problems too:
>>>> groupname: attribute "memberofindirect" not allowed
>>>>
>>>> Is there any way to avoid this errors during migration?
>>>
>>> I do not think we tried this migration.
>>>
>>> Do you have any radius data populated in the v1? It seems that this is
>>> in come way getting in the way.
>>> The second issue is more worrying. We will see what can be done.
>>>
>>> Please file two tickets and we will try to look at them.
>>
>> The second problem is fixed upstream.
>>
>> The objectclass problem is a bit trickier. We don't currently offer e
>> mechanism for adding/dropping objectclasses on-the-fly.
>>
>> The best fix would be to remove the OC from all users in the v1 server then
>> do the migration. This is assuming you aren't using radius in v1.
>>
>> An alternative fix would be to drop the file 60radius.ldif into the v2
>> schema directory and restart dirsrv:
>>
>> On your v1 server it is in /etc/dirsrv/slapd-INSTANCE/schema. Copy this to
>> the equivalent location on the v2 server.
>
> Sorry to jump on this so late.
>
> Do you know if the fix for "groupname: attribute "memberofindirect"
> not allowed" has been released yet? I'm running Fedora 15 with the
> latest updates from updates-testing and trying to migrate from FreeIPA
> 1.2. I've fixed the Radius issue by adding the 60radius.ldif file to
> the FreeIPA 2.0 schema as suggested. Now, I'm getting "groupname:
> attribute "memberofindirect" not allowed" for all of my members. The
> groups all appear to migrate successfully.
>
> Thanks,
>
> Dan

Not released yet. I had wanted to release another 2.0.x dot release and 
update the tarball in Fedora. We're close to releasing 2.1 so I wonder 
if we'd be better off waiting for that (few more weeks).

rob

More information about the Freeipa-users mailing list