[Freeipa-users] 4.0.0 password migration trouble

[Rob Crittenden]

Nordgren, Bryce L -FS wrote:
> 
>>> That was me, but the context was 'ipa user-add' with a password hash
>> rather than migrate-ds. Although it makes sense that 389 ds would act the
>> same regardless of how I attempt to store the password. How can I check to
>> see whether the passwords made it to freeipa? The migrate-ds script didn't
>> complain, but I don't know where to look for logfiles.
>>
>> I don't think a bug ever got logged for that, at least I can't find one.
>> Can you confirm? If not I'll get one logged.
> 
> It didn't. My message to the list was the initial "is this a bug or am I being dumb?" question. Until now, there was no response.

There were two responses, from Petr and myself in the thread titled
"Migrating from a hybrid web/posix LDAP"

I opened ticket https://fedorahosted.org/freeipa/ticket/4450 . I think
this is a 389-ds bug so we may need to wait until their next release,
but in any case we should have caught this before pushing out IPA 4.0 IMHO.

> No reported errors during migration, but a bunch of warnings:
> [Thu Jul 17 11:21:37.703752 2014] [:error] [pid 4534] ipa: WARNING: GID number 65534 of migrated user SOMEUSER does not point to a known group.

Ok, that is unrelated. It just means that for some users their GID value
pointed to a non-existent group.

> Turns out admin and test.user have userPassword and nobody else does. So: only accounts which were created by the server install or for which I manually reset the password.

Ok, that explains the error 48 then.

rob