[Freeipa-users] can migrate-ds be safely re-run if it failed...
lejeczek
peljasz at yahoo.co.uk
Tue Mar 15 14:14:14 UTC 2016
On 15/03/16 13:42, Rob Crittenden wrote:
> lejeczek wrote:
>> On 14/03/16 17:06, Rob Crittenden wrote:
>>> lejeczek wrote:
>>>> with...
>>>>
>>>> ipa: ERROR: group LDAP search did not return any result (search base:
>>>> ou=groups,dc=ccnr,dc=biotechnology, objectclass: groupofuniquenames,
>>>> groupofnames)
>>>>
>>>> I see users went in but later I realized that current samba's ou was
>>>> "group" not groups.
>>>> Can I just re-run migrations?
>>> Yes. It will skip over anything that already exists in IPA.
>> thanks Rob, may I ask why process by defaults looks up only objectclass:
>> groupofuniquenames, groupofnames?
> It is conservative but this is why it can be overridden.
>
>> Is there a reason it skips ldap+samba typical posixGroup &
>> sambaGroupMapping?
> We haven't had many (any?) reports of migrating from ldap+samba.
>
>> Lastly, is there a way to preserve account locked/disabled status for
>> posix/samba?
> I don't know how it is stored but as long as the schema is available in
> IPA then the values should be preserved on migration unless the
> attributes are associated with a blacklisted objectclass.
>
> rob
>
last - this must most FAQ people wonder - can IPA's 389
backend be used in the same/similar fashion samba uses ldap?
skipping all the kerberos bits? (samba & IPA on the same one
box)
this might be more 389-ds related - in old days I remember
DS had mozldap dedicated toolset, how is it these days? How
do users deal with 389-ds IPA-related bits?
many thanks
More information about the Freeipa-users
mailing list