[Freeipa-users] Ipa migration, from ui cannot change password
Rob Crittenden
rcritten at redhat.com
Thu Sep 20 19:01:36 UTC 2012
Dmitri Pal wrote:
> On 09/20/2012 01:42 PM, Rob Crittenden wrote:
>> James James wrote:
>>> You 're right. The request return :
>>>
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=users,cn=accounts,dc=example,dc=com> with scope subtree
>>> # filter: uid=test
>>> # requesting: userPassword
>>> #
>>>
>>> # test, users, accounts, example.com <http://example.com>
>>> dn: uid=test,cn=users,cn=accounts,dc=example,dc=com
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> Can you explain me what happens ?
>>>
>>> Is there a solution ?
>>
>> When migrating you need to bind as a user that has read permission on
>> the userPassword attribute in the remote LDAP server.
>
> Rob should we check if we can read the userPassword attribute and if not
> fail migration?
> Should we open a ticket for this?
> Also I do not think we document the expectation that you vocalized above.
I'll open a ticket to spell this out in the docs.
Checking it in the command would be nice but I don't know about fatal.
Still, I'll open a ticket for that as well.
rob
More information about the Freeipa-users
mailing list