[Freeipa-users] Migrating from a hybrid web/posix LDAP

Nordgren, Bryce L -FS bnordgren at fs.fed.us
Sun Jul 13 01:31:53 UTC 2014


Hi guys,

I set up freeipa 4.0.0 on a brand new Fedora 20 box, from your copr repos. Install and config went fine. Kinit: fine. Trying to migrate from my old ldap setup: problem.  Old ldap setup primarily had accounts for web apps (inetOrgPerson) and a few accounts with everything needed for login (posixAccount).

"Ipa migrate-ds" for the existing posixAccounts: works fine.

Migrating the web only accounts requires a bit more manual labor, and isn't working yet. I extracted a csv of my "web-only" accounts and made a script to upgrade them with posix attributes and add them to freeipa. Each line looks like:

ipa user-add "bill.mathews" --last="Mathews" --first="William" --email="blah" --phone="xxx-yyy-zzzz" --setattr userpassword="{SHA}bunchajunka" --setattr o="University of Tweedle" --gidnumber=65534 --uid=2000063

And I get:

ERROR: Constraint violation: invalid password syntax - passwords with storage scheme are not allowed

I was inspired to include the password this way from:  http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords

Is there any password preserving way to migrate my web-only accounts using "ipa user-add"? If there's no easy answer, I'll probably just add the attributes in the current ldap, then let "ipa migrate-ds" work its magic. But I want to see user-add work if its possible.

Thanks,
Bryce
PS: I believe all instances of "service dirsrv restart" on http://www.freeipa.org/docs/master/html-desktop/index.html#finding-excluding-entries need to be changed to "systemctl restart dirsrv.target", since there is no "dirsrv.service".





This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140713/11fa42de/attachment.htm>


More information about the Freeipa-users mailing list