[Freeipa-users] Unable to import OpenLDAP users/groups with migrate-ds
Rob Crittenden
rcritten at redhat.com
Wed Nov 4 13:56:24 UTC 2015
Cal Sawyer wrote:
> Hi
>
> Very new to IPA and setting up a proof of concept system that i hope
> will replace my existing OpenLDAP 2.3 (no SASL) setup. I'm trying to
> import People, Group ou's into IPA using "ipa migrate-ds". The IPA and
> existing LDAP directories have different BaseDNs (eg ipadomain.local on
> IPA, ldapdomain.local on LDAP 2.3) as i want to ideally construct a
> completely new directory that we will then switch our clients over to.
>
> ipa migrate-ds --schema=RFC2307
> --user-container="dc=ldapdomain,dc=local" ldap://1.2.3.4:389
>
> whatever i try (w or w/o --schema=RFC2307) , the response is the same:
>
> ipa: ERROR: Insufficient access: Invalid credentials
>
> or with a verbose flag:
>
> ipa: INFO: Forwarding 'migrate_ds' to server
> u'https://ipa.ipadomain.local/ipa/session/xml'
> ipa: ERROR: Insufficient access: Invalid credentials
>
> manager naturally exists in ldapdomain.local and i've definitely
> supplied the correct password (we use the same creds to manage LDAP
> using phpldapadmin)
>
> Hoping that someone has some experience with this and can point me in
> the right direction?
It is binding to openldap using cn=Directory Manager. If your admin user
that can read userPassword is named something different then pass it in
using the --binddn option.
rob
More information about the Freeipa-users
mailing list