[Freeipa-users] trouble editing user details after migrating from openldap
Steve Nolen
technolengy at gmail.com
Wed Nov 5 21:21:32 UTC 2014
Hi Dmitri!
ldapsearch was exactly the pointer I needed! My entries had
objectClass=extensibleObject, which, as soon as I removed via:
ipa user-mod ldaptest --delattr objectclass=extensibleobject
i'm able to edit!
Thanks so much for the help!
On Wed, Nov 5, 2014 at 11:33 AM, Dmitri Pal <dpal at redhat.com> wrote:
> On 11/05/2014 10:19 AM, Steve Nolen wrote:
>
> Hi All!
>
> I'm looking at migrating from openldap to freeipa (currently using 3.3.3
> on centos7, installed from the default centos repos, as I'd prefer to use
> centos over fedora) and I have a bit of a snag after importing users with
> migration-ds: I can't edit the details of migrated users in the web ui (but
> I can via `ipa user-mod`).
>
> Steps to reproduce:
> 1. kinit admin
> 2. ipa config-mod --enable-migration=TRUE
> 3. ipa migrate-ds --base-dn='dc=example,dc=com'
> --user-container='ou=People' --group-container='ou=Group'
> --bind-dn='cn=admin' --with-compat --schema='RFC2307'
> 4. ipa config-mod --enable-migration=FALSE
> 5. ipa user-mod test1 --last=LastName1 (success)
> 6. visit web ui (logging in as admin), user test1 has "LastName1" as "last
> name" field, but no fields on this page are editable.
> 7. create new user via web ui "test2".
> 8. all fields are editable for user test2.
>
> Based on the success from step 5, it would appear that the admin user
> has the rights to modify test1's details, but the web ui disagrees?
>
> Thanks!
> Steve
>
>
> Can you please do an ldap search and get the full entry for one of the
> migrated users and one for the one of the created users.
> You might also try --raw flag and use user-show command.
> I suspect the migrated entries are missing some attribute. If you can help
> us to identify which one would be great.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141105/7a3040bb/attachment.htm>
More information about the Freeipa-users
mailing list