[Freeipa-users] Problem migrating from openldap using groups in a group
Sotiris Tsimbonis
stsimb at forthnet.gr
Wed Mar 23 11:54:51 UTC 2016
Hi all,
I'm trying to migrate into freeipa some users and groups from an old
ldap server I've inherited. But migrate-ds fails to import groups inside
usergroups, is believes they are users and imports them wrongly..
trying to migrate with command:
ipa migrate-ds --bind-dn="cn=root,dc=staff,dc=forthnet" \
--base-dn="ou=Forthnet,dc=staff,dc=forthnet" \
--user-container=ou=users \
--group-container=ou=groups \
--group-objectclass=posixgroup \
--schema=RFC2307 \
ldap://devldap01.forthnet.prv:389
(version is ipa-server-4.2.0-15.0.1.el7.centos.6.x86_64)
here is part of the ldif from devldap01
---------------------------------------
dn: cn=security-tech,ou=groups,ou=Forthnet,dc=staff,dc=forthnet
cn: security-tech
objectClass: posixGroup
structuralObjectClass: posixGroup
entryUUID: 5723476e-bad4-102c-8fe3-0bb2ba42f62f
creatorsName: cn=root,dc=staff,dc=forthnet
createTimestamp: 20080520162000Z
memberUid: dimitria
gidNumber: 1730
entryCSN: 20100107135233Z#000000#00#000000
modifiersName: cn=root,dc=staff,dc=forthnet
modifyTimestamp: 20100107135233Z
dn: cn=abusewg,ou=groups,ou=Forthnet,dc=staff,dc=forthnet
cn: abusewg
objectClass: posixGroup
structuralObjectClass: posixGroup
entryUUID: f90113dc-bad3-102c-8d13-0bb2ba42f62f
creatorsName: cn=root,dc=staff,dc=forthnet
createTimestamp: 20080520161722Z
memberUid: ccha
memberUid: dzer
memberUid: gmouz
memberUid: isek
memberUid: kavaklis
memberUid: nasl
memberUid: pmav
memberUid: stsimb
memberUid: cn=security-tech,ou=groups,ou=Forthnet,dc=staff,dc=forthnet
gidNumber: 1010
entryCSN: 20151203143609Z#000000#00#000000
modifiersName: cn=root,dc=staff,dc=forthnet
modifyTimestamp: 20151203143609Z
--------------------------------------------------------------------
migrate-ds completes with no failures.
The usergroup "security-tech" is correctly imported in freeipa, it
contains user "dimitria" who is also imported correctly.
But usergroup "abusewg" contains 9 users and reports an error
"user not found:
cn=security-tech,ou=groups,ou=Forthnet,dc=staff,dc=forthnet".
I would expect it to migrate the "security-tech" as a usergroup, not as
a user.
Any suggestions please?
Thanks,
Sot.
More information about the Freeipa-users
mailing list