[Freeipa-users] trouble editing user details after migrating from openldap

[Steve Nolen]

Hi All!

I'm looking at migrating from openldap to freeipa (currently using 3.3.3 on
centos7, installed from the default centos repos, as I'd prefer to use
centos over fedora) and I have a bit of a snag after importing users with
migration-ds: I can't edit the details of migrated users in the web ui (but
I can via `ipa user-mod`).

Steps to reproduce:
1. kinit admin
2. ipa config-mod --enable-migration=TRUE
3. ipa migrate-ds --base-dn='dc=example,dc=com'
--user-container='ou=People' --group-container='ou=Group'
--bind-dn='cn=admin' --with-compat --schema='RFC2307'
4. ipa config-mod --enable-migration=FALSE
5. ipa user-mod test1 --last=LastName1 (success)
6. visit web ui (logging in as admin), user test1 has "LastName1" as "last
name" field, but no fields on this page are editable.
7. create new user via web ui "test2".
8. all fields are editable for user test2.

Based on the success from step 5, it would appear that the admin user has
the rights to modify test1's details, but the web ui disagrees?

Thanks!
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141105/a609a798/attachment.htm>