[Freeipa-users] missing objects during migration steps
Rob Crittenden
rcritten at redhat.com
Wed Jan 23 14:00:33 UTC 2013
Johnathan Phan wrote:
> Hi everyone,
>
> k pass authentication issues now. It's now complaining about objects not
> there.
>
> ipa: ERROR: uri=ldaps://ldap1.example.com:636
> <http://ldap1.example.com:636>: Unable to retrieve LDAP schema: No such
> object:
>
> However when I run the following commands on the new IPA server.
>
> ldapsearch -x -H ldaps://ldap.example.com:636
> <http://ldap.example.com:636> -b ou=groups,ou=live,dc=example,dc=com -D
> "cn=admin,dc=example,dc=com" -W
>
> or
>
> ldapsearch -x -H ldaps://ldap.example.com:636
> <http://ldap.example.com:636> -b ou=ib,dc=example,dc=com -D
> "cn=admin,dc=example,dc=com" -W and I get output
>
> Ldap shows the users and groups in the old system. It just dumps out the
> whole content of the OU.
>
> I have tried to run the following two commands and I still get the same
> error
>
> ipa migrate-ds --bind-dn="cn=admin,dc=example,dc=com"
> --user-container="ou=ib,dc=example,dc=com" ldaps://ldap1.example.com:636
> <http://ldap1.example.com:636>
>
> or
>
> ipa migrate-ds --bind-dn="cn=admin,dc=example,dc=com"
> --user-container="ou=ib,dc=example,dc=com"
> --group-container="ou=groups,ou=live,dc=example,dc=com"
> ldaps://ldap1.example.com:636 <http://ldap1.example.com:636>
>
> What is IPA complaining about specifically? I know objects are in these
> ou's Is it expecting something different?
It is failing trying to query cn=schema. We fetch the schema from the
remote server to know what types of data we're dealing with. What
version of openldap is this?
rob
More information about the Freeipa-users
mailing list