[Freeipa-users] 4.0.0 password migration trouble
Martin Kosek
mkosek at redhat.com
Mon Jul 21 10:46:54 UTC 2014
On 07/19/2014 01:08 AM, Nordgren, Bryce L -FS wrote:
>
>> So if I understand the 389-ds ticket correctly, I can add pre-hashed passwords
>> via ldapmodify to the 389 server using directory manager as the bind dn? I
>> just can't use the ipa command line tool/script.
>
> The short answer is "no". Trying to add the userPassword attribute with ldapmodify binding as "cn=directory manager" fails with operation error.
>
> Error log attached to the ticket Rob made: https://fedorahosted.org/freeipa/ticket/4450
>
> To summarize:
>
> No password migration via "ipa migrate-ds"; No password migration via "ipa user-add --setattr userPassword={SHA}..."; No password migration via 'ldapmodify -D "cn=directory manager"'. Do you think a solution will be forthcoming, or is it a ways off? I can leave my old ldap directory up for a little while.
I did couple tests with a custom build of 389-ds-base and I made the migration
working after switching the new configuration option. See details and the
transcript in the ticket:
https://fedorahosted.org/freeipa/ticket/4450#comment:5
I will work with DS team to backport the switch option to Fedora 20 389-ds-base
and to release FreeIPA 4.0.1 with appropriate patch to fix this problem ASAP,
ideally this week.
Thanks for your patience,
Martin
More information about the Freeipa-users
mailing list