[Freeipa-users] can migrate-ds be safely re-run if it failed...
lejeczek
peljasz at yahoo.co.uk
Tue Mar 15 17:07:58 UTC 2016
On 15/03/16 14:14, lejeczek wrote:
> On 15/03/16 13:42, Rob Crittenden wrote:
>> lejeczek wrote:
>>> On 14/03/16 17:06, Rob Crittenden wrote:
>>>> lejeczek wrote:
>>>>> with...
>>>>>
>>>>> ipa: ERROR: group LDAP search did not return any
>>>>> result (search base:
>>>>> ou=groups,dc=ccnr,dc=biotechnology, objectclass:
>>>>> groupofuniquenames,
>>>>> groupofnames)
>>>>>
>>>>> I see users went in but later I realized that current
>>>>> samba's ou was
>>>>> "group" not groups.
>>>>> Can I just re-run migrations?
>>>> Yes. It will skip over anything that already exists in
>>>> IPA.
>>> thanks Rob, may I ask why process by defaults looks up
>>> only objectclass:
>>> groupofuniquenames, groupofnames?
>> It is conservative but this is why it can be overridden.
>>
>>> Is there a reason it skips ldap+samba typical posixGroup &
>>> sambaGroupMapping?
>> We haven't had many (any?) reports of migrating from
>> ldap+samba.
>>
>>> Lastly, is there a way to preserve account
>>> locked/disabled status for
>>> posix/samba?
>> I don't know how it is stored but as lon
>> g as the schema is available in
>> IPA then the values should be preserved on migration
>> unless the
>> attributes are associated with a blacklisted objectclass.
>>
>> rob
>>
> last - this must most FAQ people wonder - can IPA's 389
> backend be used in the same/similar fashion samba uses
> ldap? skipping all the kerberos bits? (samba & IPA on the
> same one box)
> this might be more 389-ds related - in old days I remember
> DS had mozldap dedicated toolset, how is it these days?
> How do users deal with 389-ds IPA-related bits?
>
> many thanks
>
>
>
now when I've groups migrated I see mappings user-group are
lost. Would it be because my groups did not go in first time
together with users?
More information about the Freeipa-users
mailing list