[Freeipa-users] v1 to v2 migration problem: unknown object class "radiusprofile" and attribute "memberofindirect" not allowed

[Rob Crittenden]

Dmitri Pal wrote:
>   On 05/31/2011 10:45 AM, tomasz.napierala at allegro.pl wrote:
>> Hi,
>> I'm trying to migrate data form our current FreeIPA install (v1) and I'm having problems with nonexistant objectClass in v2, which seems to be by default present in v1:
>>
>> ipa migrate-ds --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accountsldap://ipaserverv1:389
>> Failed user:
>>    username: unknown object class "radiusprofile"
>>
>> Also groups that are memboers of other groups are having problems too:
>> groupname: attribute "memberofindirect" not allowed
>>
>> Is there any way to avoid this errors during migration?
>
> I do not think we tried this migration.
>
> Do you have any radius data populated in the v1? It seems that this is
> in come way getting in the way.
> The second issue is more worrying. We will see what can be done.
>
> Please file two tickets and we will try to look at them.

The second problem is fixed upstream.

The objectclass problem is a bit trickier. We don't currently offer e 
mechanism for adding/dropping objectclasses on-the-fly.

The best fix would be to remove the OC from all users in the v1 server 
then do the migration. This is assuming you aren't using radius in v1.

An alternative fix would be to drop the file 60radius.ldif into the v2 
schema directory and restart dirsrv:

On your v1 server it is in /etc/dirsrv/slapd-INSTANCE/schema. Copy this 
to the equivalent location on the v2 server.

rob