[Freeipa-users] Problem in "ipa migrate-ds" procedure
Rob Crittenden
rcritten at redhat.com
Mon Mar 19 13:42:12 UTC 2012
Dmitri Pal wrote:
> On 03/17/2012 07:36 AM, Marco Pizzoli wrote:
>> Hi guys,
>> I'm trying to migrate my ldap user base to freeipa. I'm using the last
>> Release Candidate.
>>
>> I already changed "ipa config-mod --enable-migration=TRUE"
>> This is what I have:
>>
>> ipa -v migrate-ds --bind-dn="cn=manager,dc=mydc1,dc=mydc2.it
>> <http://mydc2.it>" --user-container="ou=people,dc=mydc1,dc=mydc2.it
>> <http://mydc2.it>" --user-objectclass=inetOrgPerson
>> --group-container="ou=groups,dc=mydc1,dc=mydc2.it <http://mydc2.it>"
>> --group-objectclass=posixGroup --base-dn="dc=mydc1,dc=mydc2.it
>> <http://mydc2.it>" --with-compat ldap://ldap01
>> ipa: INFO: trying https://freeipa01.unix.mydomain.it/ipa/xml
>> Password:
>> ipa: INFO: Forwarding 'migrate_ds' to server
>> u'http://freeipa01.unix.mydomain.it/ipa/xml'
>> ipa: ERROR: Container for group not found at
>> ou=groups,dc=mydc1,dc=mydc2.it <http://mydc2.it>
>>
>> I looked at my ldap server logs and I found out that the search
>> executed has scope=1. Actually both for users and groups. This is a
>> problem for me, in having a lot of subtrees (ou) in which my users and
>> groups are. Is there a way to manage this?
>>
>> Thanks in advance
>> Marco
>>
>> P.s. As a side note, I suppose there's a typo in the verbose message I
>> obtain in my output:
>> ipa: INFO: Forwarding 'migrate_ds' to server
>> *u*'http://freeipa01.unix.mydomain.it/ipa/xml'
>
> Please open tickets for both issues.
Well, I don't think either is a bug.
If you have users/groups in multiple places you'll need to migrate them
individually for now. It is safe to run migrate-ds multiple times,
existing users are not migrated.
The u is a python-ism for unicode. This is not a bug.
rob
More information about the Freeipa-users
mailing list