<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
maybe there is a case problem, if I try the following command, note
some capital letters:<br>
<br>
# ipa config-mod --userobjectclasses=ipaObject
--userobjectclasses=ine<b>tO</b>rgperson --userobjectclasses=person
--userobjectclasses=posixaccount --userobjectclasses=inetuser
--userobjectclasses=organizational<b>P</b>erson
--userobjectclasses=krbticketpolicyaux
--userobjectclasses=krbprincipalaux<br>
ipa: ERROR: Type or value exists: <br>
it fails, doing the same with all lowercase succeeds:<br>
<br>
# ipa config-mod --userobjectclasses=ipaobject
--userobjectclasses=inetorgperson --userobjectclasses=person
--userobjectclasses=posixaccount --userobjectclasses=inetuser
--userobjectclasses=organizationalperson
--userobjectclasses=krbticketpolicyaux
--userobjectclasses=krbprincipalaux<br>
.....<br>
Default user objectclasses: ipaobject, person, inetorgperson,
organizationalperson, krbticketpolicyaux, krbprincipalaux, inetuser,
posixaccount<br>
<br>
You posted your default oc earlier to be: <br>
Default user objectclasses: top, person, organizationalperson,
inetorgperson, inetuser, posixaccount, krbprincipalaux,
krbticketpolicyaux,<br>
ipaobject, ipasshuser, radiusProfile,
customPersonAttributes, sambaSamAccount<br>
<br>
and in the migration code we have code like: <br>
entry_attrs['objectclass'] = list(<br>
set(<br>
config.get(<br>
ldap_obj.object_class_config,
ldap_obj.object_class<br>
) + [o.lower() for o in
entry_attrs['objectclass']]<br>
)<br>
)<br>
<br>
so i assume it will try to add an entry with <br>
objectclass: customPersonAttributes<br>
objectclass: custompersonattributes<br>
<br>
I don't know how to get ipa to log this, but you could do:<br>
<br>
tcpdump 'tcp port 389' -i any -w migrat.pcap<br>
<br>
and then run migrate-ds to verify<br>
<br>
<br>
<div class="moz-cite-prefix">On 10/16/2014 09:47 PM, Clint Savage
wrote:<br>
</div>
<blockquote
cite="mid:CAO3ufT=0QSCWA8tBwZshvUXkzZvLuuFidwCQC1rKpwHGWDkMFQ@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Oct 16, 2014 at 12:59 PM,
Rich Megginson <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>On 10/16/2014 11:42 AM, Clint Savage wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>The access log had that information. And this
error log: <a moz-do-not-send="true"
href="https://www.dropbox.com/s/ak6za0dkr0cn7ay/errors.20141010-132318"
target="_blank">https://www.dropbox.com/s/ak6za0dkr0cn7ay/errors.20141010-132318</a><br>
<br>
</div>
</div>
</blockquote>
<br>
There unfortunately doesn't seem to be a debug log level
that will tell the server to dump the add request with
all arguments.<br>
<br>
The best bet would be to get the ipa migrate tool to
dump it's commands to LDIF format, then we can look at
it and figure out what it is doing wrong. I don't know
if that's possible.<br>
</div>
</blockquote>
<div><br>
</div>
<div>Does anyone know how to accomplish what Rich suggests
above?<br>
<br>
</div>
<div>Thanks, <br>
<br>
</div>
<div>Clint<br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>