[Freeipa-users] Problem in "ipa migrate-ds" procedure

Dmitri Pal dpal at redhat.com
Sun Mar 18 17:38:35 UTC 2012 

On 03/18/2012 01:33 PM, Marco Pizzoli wrote:
>
>
> On Sun, Mar 18, 2012 at 5:49 PM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>> wrote:
>
>     On 03/17/2012 07:36 AM, Marco Pizzoli wrote:
>>     Hi guys,
>>     I'm trying to migrate my ldap user base to freeipa. I'm using the
>>     last Release Candidate.
>>
>>     I already changed "ipa config-mod --enable-migration=TRUE"
>>     This is what I have:
>>
>>     ipa -v migrate-ds --bind-dn="cn=manager,dc=mydc1,dc=mydc2.it
>>     <http://mydc2.it>"
>>     --user-container="ou=people,dc=mydc1,dc=mydc2.it
>>     <http://mydc2.it>" --user-objectclass=inetOrgPerson
>>     --group-container="ou=groups,dc=mydc1,dc=mydc2.it
>>     <http://mydc2.it>" --group-objectclass=posixGroup
>>     --base-dn="dc=mydc1,dc=mydc2.it <http://mydc2.it>" --with-compat
>>     ldap://ldap01
>>     ipa: INFO: trying https://freeipa01.unix.mydomain.it/ipa/xml
>>     Password:
>>     ipa: INFO: Forwarding 'migrate_ds' to server
>>     u'http://freeipa01.unix.mydomain.it/ipa/xml'
>>     ipa: ERROR: Container for group not found at
>>     ou=groups,dc=mydc1,dc=mydc2.it <http://mydc2.it>
>>
>>     I looked at my ldap server logs and I found out that the search
>>     executed has scope=1. Actually both for users and groups. This is
>>     a problem for me, in having a lot of subtrees (ou) in which my
>>     users and groups are. Is there a way to manage this?
>>
>>     Thanks in advance
>>     Marco
>>
>>     P.s. As a side note, I suppose there's a typo in the verbose
>>     message I obtain in my output:
>>     ipa: INFO: Forwarding 'migrate_ds' to server
>>     *u*'http://freeipa01.unix.mydomain.it/ipa/xml'
>
>     Please open tickets for both issues.
>
>
> Done:
> https://fedorahosted.org/freeipa/ticket/2547
> https://fedorahosted.org/freeipa/ticket/2546
>
> Do you have a hint on how to manage to do this import in the meantime?
> Every manual step is ok for me.

I do not think you would like it as it would be a fair amount of work. :-)
Export schema into LDIF, make a script to reformat LDIF, create
flattened LDIF, load it into an empty instance of the 389 DS, migrate
from there.
Describe all the procedure and share the script for others to use :-)

>
> Thanks again
> Marco
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120318/b983a0f2/attachment.htm>

More information about the Freeipa-users mailing list