[Freeipa-users] ipa migrate-ds failing when more than 1 namingcontext is available
Rob Crittenden
rcritten at redhat.com
Fri Jan 27 14:55:59 UTC 2012
Sigbjorn Lie wrote:
>
> On Fri, January 27, 2012 15:37, Rob Crittenden wrote:
>> Stephen Gallagher wrote:
>>
>>> On Fri, 2012-01-27 at 15:11 +0100, Sigbjorn Lie wrote:
>>>
>>>> Hi
>>>>
>>>>
>>>> The first naming context returned from the LDAP server is always chosen
>>>> when using migrate-ds. This makes my import fail when I attempt to import users and groups from
>>>> a previous LDAP server having more than 1 naming contexts available.
>>>>
>>>> The migrate-ds script should accept an option to specify what base_dn I
>>>> would like to import from.
>>>>
>>>> Is there such an option today? I cannot find it...
>>>>
>>
>> Not currently. I noticed this earlier in the week and opened a ticket on
>> it, https://fedorahosted.org/freeipa/ticket/2314
>>
>>>
>>> Just to add to this request, if the original LDAP server has a
>>> defaultNamingContext attribute, it should be honored for auto-detecting which base to migrate.
>>
>> I'll update the 2314 to ensure we don't forget about this. 389-ds just
>> added support for defaultNamingContext.
>>
>
> Ok, thank you.
>
> Anything I can do to work around this issue today? I suppose there is just a file that need to be
> hacked to set a set a value instead of the auto-detected value... ?
>
/usr/lib/python*/site-packages/ipalib/plugins/migration.py
~line 620 you'll see a block starting with the comment "retrieve DS base
DN".
Comment out the next 8 lines by prefixing them with # (these query to
get the namingContext then pull the first value out).
Add:
ds_base_dn = 'dc=yourbasedn,dc=com'
Alternatively you could always just add the above line to override what
is detected. Commenting out just saves an LDAP lookup.
Restart Apache.
rob
More information about the Freeipa-users
mailing list