[Freeipa-users] 4.0.0 password migration trouble
Rob Crittenden
rcritten at redhat.com
Fri Jul 18 13:29:21 UTC 2014
Nordgren, Bryce L -FS wrote:
>
>> Someone has reported an issue with password migration where 389-ds is
>> rejecting the passwords with: passwords with storage scheme are not
>> allowed. That may be part of the problem.
>
> That was me, but the context was 'ipa user-add' with a password hash rather than migrate-ds. Although it makes sense that 389 ds would act the same regardless of how I attempt to store the password. How can I check to see whether the passwords made it to freeipa? The migrate-ds script didn't complain, but I don't know where to look for logfiles.
I don't think a bug ever got logged for that, at least I can't find one.
Can you confirm? If not I'll get one logged.
The log file for the migration is in /var/log/httpd/error_log.
To see if passwords migrated, pick a migrated user and do a search as
Directory Manager for the userPassword attribute:
$ ldapsearch -x -D 'cn=Directory Manager' -W -b
uid=someuser,cn=users,cn=accounts,dc=example,dc=com userPassword
rob
More information about the Freeipa-users
mailing list