[Freeipa-users] Migrating from a hybrid web/posix LDAP
Petr Spacek
pspacek at redhat.com
Mon Jul 14 08:29:48 UTC 2014
On 13.7.2014 03:31, Nordgren, Bryce L -FS wrote:
> Hi guys,
>
> I set up freeipa 4.0.0 on a brand new Fedora 20 box, from your copr repos. Install and config went fine. Kinit: fine. Trying to migrate from my old ldap setup: problem. Old ldap setup primarily had accounts for web apps (inetOrgPerson) and a few accounts with everything needed for login (posixAccount).
>
> "Ipa migrate-ds" for the existing posixAccounts: works fine.
>
> Migrating the web only accounts requires a bit more manual labor, and isn't working yet. I extracted a csv of my "web-only" accounts and made a script to upgrade them with posix attributes and add them to freeipa. Each line looks like:
>
> ipa user-add "bill.mathews" --last="Mathews" --first="William" --email="blah" --phone="xxx-yyy-zzzz" --setattr userpassword="{SHA}bunchajunka" --setattr o="University of Tweedle" --gidnumber=65534 --uid=2000063
>
> And I get:
>
> ERROR: Constraint violation: invalid password syntax - passwords with storage scheme are not allowed
>
> I was inspired to include the password this way from: http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
I believe it should work if you do
$ ipa config-mod --enable-migration=true
as stated on the page above.
Rob, do you know what we are missing? :-)
Petr^2 Spacek
>
> Is there any password preserving way to migrate my web-only accounts using "ipa user-add"? If there's no easy answer, I'll probably just add the attributes in the current ldap, then let "ipa migrate-ds" work its magic. But I want to see user-add work if its possible.
>
> Thanks,
> Bryce
> PS: I believe all instances of "service dirsrv restart" on http://www.freeipa.org/docs/master/html-desktop/index.html#finding-excluding-entries need to be changed to "systemctl restart dirsrv.target", since there is no "dirsrv.service".
More information about the Freeipa-users
mailing list