[Freeipa-users] Problem in "ipa migrate-ds" procedure

Simo Sorce simo at redhat.com
Mon Mar 19 12:43:53 UTC 2012 

On Sun, 2012-03-18 at 18:33 +0100, Marco Pizzoli wrote:
> 
> 
> On Sun, Mar 18, 2012 at 5:49 PM, Dmitri Pal <dpal at redhat.com> wrote:
>         On 03/17/2012 07:36 AM, Marco Pizzoli wrote: 
>         > Hi guys,
>         > I'm trying to migrate my ldap user base to freeipa. I'm
>         > using the last Release Candidate.
>         > 
>         > I already changed "ipa config-mod --enable-migration=TRUE"
>         > This is what I have:
>         > 
>         > ipa -v migrate-ds
>         > --bind-dn="cn=manager,dc=mydc1,dc=mydc2.it"
>         > --user-container="ou=people,dc=mydc1,dc=mydc2.it"
>         > --user-objectclass=inetOrgPerson
>         > --group-container="ou=groups,dc=mydc1,dc=mydc2.it"
>         > --group-objectclass=posixGroup
>         > --base-dn="dc=mydc1,dc=mydc2.it" --with-compat ldap://ldap01
>         > ipa: INFO: trying https://freeipa01.unix.mydomain.it/ipa/xml
>         > Password:
>         > ipa: INFO: Forwarding 'migrate_ds' to server
>         > u'http://freeipa01.unix.mydomain.it/ipa/xml'
>         > ipa: ERROR: Container for group not found at
>         > ou=groups,dc=mydc1,dc=mydc2.it
>         > 
>         > I looked at my ldap server logs and I found out that the
>         > search executed has scope=1. Actually both for users and
>         > groups. This is a problem for me, in having a lot of
>         > subtrees (ou) in which my users and groups are. Is there a
>         > way to manage this?
>         > 
>         > Thanks in advance
>         > Marco
>         > 
>         > P.s. As a side note, I suppose there's a typo in the verbose
>         > message I obtain in my output: 
>         > ipa: INFO: Forwarding 'migrate_ds' to server
>         > u'http://freeipa01.unix.mydomain.it/ipa/xml'
>         
>         
>         Please open tickets for both issues.
>         
> 
> Done:
> https://fedorahosted.org/freeipa/ticket/2547
> https://fedorahosted.org/freeipa/ticket/2546
> 
> Do you have a hint on how to manage to do this import in the meantime?
> Every manual step is ok for me.

Maybe you can try performing a new migration for each of the subtrees
you have in your source tree, assuming it is a reasonable number, by
reconfiguring the migrate-ds bases between each run.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-users mailing list