[Freeipa-users] trouble editing user details after migrating from openldap
dpal at redhat.com
Wed Nov 5 19:33:21 UTC 2014
On 11/05/2014 10:19 AM, Steve Nolen wrote:
> Hi All!
> I'm looking at migrating from openldap to freeipa (currently using
> 3.3.3 on centos7, installed from the default centos repos, as I'd
> prefer to use centos over fedora) and I have a bit of a snag after
> importing users with migration-ds: I can't edit the details of
> migrated users in the web ui (but I can via `ipa user-mod`).
> Steps to reproduce:
> 1. kinit admin
> 2. ipa config-mod --enable-migration=TRUE
> 3. ipa migrate-ds --base-dn='dc=example,dc=com'
> --user-container='ou=People' --group-container='ou=Group'
> --bind-dn='cn=admin' --with-compat --schema='RFC2307'
> 4. ipa config-mod --enable-migration=FALSE
> 5. ipa user-mod test1 --last=LastName1 (success)
> 6. visit web ui (logging in as admin), user test1 has "LastName1" as
> "last name" field, but no fields on this page are editable.
> 7. create new user via web ui "test2".
> 8. all fields are editable for user test2.
> Based on the success from step 5, it would appear that the admin user
> has the rights to modify test1's details, but the web ui disagrees?
Can you please do an ldap search and get the full entry for one of the
migrated users and one for the one of the created users.
You might also try --raw flag and use user-show command.
I suspect the migrated entries are missing some attribute. If you can
help us to identify which one would be great.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeipa-users