[Freeipa-users] can migrate-ds be safely re-run if it failed...
Rob Crittenden
rcritten at redhat.com
Tue Mar 15 13:42:39 UTC 2016
lejeczek wrote:
> On 14/03/16 17:06, Rob Crittenden wrote:
>> lejeczek wrote:
>>> with...
>>>
>>> ipa: ERROR: group LDAP search did not return any result (search base:
>>> ou=groups,dc=ccnr,dc=biotechnology, objectclass: groupofuniquenames,
>>> groupofnames)
>>>
>>> I see users went in but later I realized that current samba's ou was
>>> "group" not groups.
>>> Can I just re-run migrations?
>> Yes. It will skip over anything that already exists in IPA.
> thanks Rob, may I ask why process by defaults looks up only objectclass:
> groupofuniquenames, groupofnames?
It is conservative but this is why it can be overridden.
> Is there a reason it skips ldap+samba typical posixGroup &
> sambaGroupMapping?
We haven't had many (any?) reports of migrating from ldap+samba.
> Lastly, is there a way to preserve account locked/disabled status for
> posix/samba?
I don't know how it is stored but as long as the schema is available in
IPA then the values should be preserved on migration unless the
attributes are associated with a blacklisted objectclass.
rob
More information about the Freeipa-users
mailing list