[Freeipa-users] Migration fails with custom objectClasses
Clint Savage
herlo1 at gmail.com
Wed Oct 15 16:29:30 UTC 2014
I have extended the schema with the custom objectclasses. They show up
properly in /etc/dirsrv/slapd-EXAMPLE-COM/schema/99user.ldif. I did the
import with ldapmodify using the following schemas. It's a bit long, but
hopefully it helps.
# cat customPersonAttributes.ldif
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 1.3.6.1.5.5.7.13.421 NAME 'noGmail' DESC 'Opt user out of
Gmail' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN ( 'Local custom' 'user
defined' ) )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.5.5.7.13.420 NAME 'emailPassword' DESC 'Unsalted
SHA-1 for Gmail' EQUALITY octetStringMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN ( 'Local custom' 'user defined' ) )
-
add: objectClasses
objectClasses: ( 2.16.840.1.117370.999.1.2.3 NAME 'customPersonAttributes'
DESC 'Local customizations' SUP top AUXILIARY MAY ( emailPassword $
noGmail) X-ORIGIN ( 'Local custom attributes' 'user defined' ) )
# cat radiusProfile.ldif
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.38 NAME 'radiusTunnelPreference'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.35 NAME 'radiusTunnelAssignmentId'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.28 NAME 'radiusLoginTCPPort'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.25 NAME 'radiusLoginLATPort'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.47 NAME 'radiusHint' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.10 NAME
'radiusFramedAppleTalkLink' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusLoginTime'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtocol'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.61 NAME 'radiusNASIpAddress'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.3 NAME 'radiusArapZoneAccess'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'CNAMERecord' DESC 'Pilot
attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Internet dir
ectory pilot' )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.15 NAME 'radiusFramedIPNetmask'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.37 NAME 'radiusTunnelPassword'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.51 NAME 'radiusReplicateToRealm'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.27 NAME 'radiusLoginService'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.59 NAME 'radiusCheckItem'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.12 NAME
'radiusFramedAppleTalkZone' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.34 NAME 'radiusTerminationAction'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.56 NAME 'radiusStripUserName'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.41 NAME 'radiusTunnelType'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.49 NAME 'radiusProfileDn'
EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.24 NAME 'radiusLoginLATNode'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.9 NAME 'radiusFilterId' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.53 NAME 'radiusSimultaneousUse'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.4 NAME 'radiusCallbackId'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.60 NAME 'radiusReplyItem'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.39 NAME
'radiusTunnelPrivateGroupId' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.14 NAME 'radiusFramedIPAddress'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.36 NAME 'radiusTunnelMediumType'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.43 NAME
'radiusTunnelClientEndpoint' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.50 NAME 'radiusProxyToRealm'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationId'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.29 NAME 'radiusPasswordRetry'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.26 NAME 'radiusLoginLATService'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.58 NAME 'radiusExpiration'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.11 NAME
'radiusFramedAppleTalkNetwork' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.33 NAME 'radiusSessionTimeout'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.55 NAME 'radiusUserCategory'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.40 NAME
'radiusTunnelServerEndpoint' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.62 NAME 'radiusReplyMessage'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.2 NAME 'radiusArapSecurity'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.16 NAME 'radiusFramedIPXNetwork'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.48 NAME 'radiusHuntgroupName'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.23 NAME 'radiusLoginLATGroup'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddress'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.30 NAME 'radiusPortLimit'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.52 NAME 'radiusRealm' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
-
add: attributeTypes
attributeTypes: ( 2.16.840.1.113730.3.1.684 NAME 'nsds5ReplicaChangeCount'
DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory
Server' )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.13 NAME 'radiusFramedCompression'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' DESC '' SUP
top AUXILIARY MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $
radius ArapZoneAccess $ radiusAuthType $ radiusCallbackId $
radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $
radiusClass $ radiusClientIPAddress $ radiusFilterId $
radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $
radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress
$ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $
radiusFramedProtocol $ radiusCheckItem $ radiusReplyItem $
radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $
radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $
radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $
radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $
radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $
radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $
radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $
radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $
radiusSimultaneousUse $ radiusTunnelAssignmentId $ radiusTunnelMediumType $
radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId
$ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $
radiusVSA $ radiusExpiration $ dialupAccess $ radiusNASIpAddress $
radiusReplyMessage ) )
I'm happy to provide any other data necessary as well.
Thanks,
Clint
On Wed, Oct 15, 2014 at 7:02 AM, Simo Sorce <simo at redhat.com> wrote:
> On Tue, 14 Oct 2014 10:58:36 -0600
> Clint Savage <herlo1 at gmail.com> wrote:
>
> > Hi all,
> >
> > I've been working on a migration plan using three custom user
> > objectClasses and one group objectclass. In my attempt, I've setup an
> > openldap server with the proper schemas, imported the ldif and have
> > records that look something like this in ldif format.
> >
> > -----------------------------------------------------------------------
> >
> > dn: dc=example,dc=com
> > objectClass: top
> > objectClass: domain
> > dc: example
> >
> > dn: ou=Groups,dc=example,dc=com
> > objectClass: top
> > objectClass: organizationalunit
> > ou: Groups
> >
> > dn: ou=People,dc=example,dc=com
> > objectClass: top
> > objectClass: organizationalunit
> > ou: People
> >
> > dn: uid=amyengh,ou=People,dc=example,dc=com
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: organizationalPerson
> > objectClass: person
> > objectClass: radiusProfile
> > objectClass: sambaSamAccount
> > objectClass: customPersonAttributes
> > cn: Amy Engh
> > gidNumber: 1141801056
> > homeDirectory: /home/amyengh
> > sn: Engh
> > uid: amyengh
> > uidNumber: 1141801056
> > displayName: Amy Engh
> > givenName: Amy
> > loginShell: /sbin/nologin
> > mail: amyengh at attask.com
> > userPassword:: REDACTED
> > dialupAccess: yes
> > radiusTunnelMediumType: IEEE-802
> > radiusTunnelPrivateGroupId: 1421
> > radiusTunnelType: VLAN
> > emailPassword:: REDACTED
> > sambaAcctFlags: [U ]
> > sambaLMPassword: REDACTED
> > sambaNTPassword: REDACTED
> > sambaPasswordHistory:
> > 000000000000000000000000000000000000000000000000000000 0000000000
> > sambaPwdLastSet: 1402698001
> > sambaSID: S-1-5-21-2332447373-4108748234-3602490535-3146
> >
> > dn: cn=amyengh,ou=Groups,dc=example,dc=com
> > objectClass: top
> > objectClass: posixGroup
> > cn: amyengh
> > gidNumber: 1141801056
> > memberUid: amyengh
> >
> > --------------------------------------------------------------------
> >
> > I then run the migration (with or without compat makes no difference)
> > and get the following:
> >
> > ipa migrate-ds --with-compat --user-container="ou=People"
> > --group-container="ou=Groups" --user-objectclass=posixAccount
> > --group-objectclass=posixgroup ldap://192.168.122.210
> > --bind-dn="cn=Manager,dc=example,dc=com"
> > Password:
> > -----------
> > migrate-ds:
> > -----------
> > Migrated:
> > Failed user:
> > amyengh: Type or value exists:
> > Failed group:
> > amyengh: This entry already exists. Check GID of the existing
> > group. Use --group-overwrite-gid option to overwrite the GID
> > ----------
> > Passwords have been migrated in pre-hashed format.
> > IPA is unable to generate Kerberos keys unless provided
> > with clear text passwords. All migrated users need to
> > login at https://your.domain/ipa/migration/ before they
> > can use their Kerberos accounts.
> >
> > The objectclasses are listed in the configuration properly:
> >
> > # ipa config-show --all
> > ..snip..
> > Default group objectclasses: top, groupofnames, nestedgroup,
> > ipausergroup, ipaobject, sambaGroupMapping
> > Default user objectclasses: top, person, organizationalperson,
> > inetorgperson, inetuser, posixaccount, krbprincipalaux,
> > krbticketpolicyaux, ipaobject, ipasshuser, radiusProfile,
> > customPersonAttributes, sambaSamAccount
> > ..snip..
> >
> > I can verify the objectclasses appear to work when I add a user
> > manually, though I have not updated the plugins to allow entries for
> > the above objectClasses.
> >
> > ---------------------------
> > My question exists around the error ' amyengh: Type or value
> > exists:'. I can take out the custom objectclasses, and this error
> > goes away. I've looked into all of the custom objectclasses and don't
> > see anything that would indicate errors. I have some 5k+ records to
> > migrate and don't want to have to manipulate the ldif and then create
> > modify records just to get the data into IPA.
> >
> > Any suggestions to help me identify why this is happening? I'd be
> > happy to provide further information as requested.
>
> Have you extended the IPA schema with the custom objectclasses ?
> Or is your intention to drop them during the import ?
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141015/b25f3f0b/attachment.htm>
More information about the Freeipa-users
mailing list