<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 03/18/2012 01:33 PM, Marco Pizzoli wrote:
<blockquote
cite="mid:CAMrrtwve=oAUsYJqZAf_NSh6ctCj_gkC=43_e2LLRBFKL88o2A@mail.gmail.com"
type="cite"><br>
<br>
<div class="gmail_quote">On Sun, Mar 18, 2012 at 5:49 PM, Dmitri
Pal <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dpal@redhat.com">dpal@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
<div>
<div class="h5"> On 03/17/2012 07:36 AM, Marco Pizzoli
wrote:
<blockquote type="cite">Hi guys,<br>
I'm trying to migrate my ldap user base to freeipa.
I'm using the last Release Candidate.<br>
<br>
I already changed "ipa config-mod
--enable-migration=TRUE"<br>
This is what I have:<br>
<br>
<span style="font-family: courier new,monospace;">ipa
-v migrate-ds --bind-dn="cn=manager,dc=mydc1,dc=<a
moz-do-not-send="true" href="http://mydc2.it"
target="_blank">mydc2.it</a>"
--user-container="ou=people,dc=mydc1,dc=<a
moz-do-not-send="true" href="http://mydc2.it"
target="_blank">mydc2.it</a>"
--user-objectclass=inetOrgPerson
--group-container="ou=groups,dc=mydc1,dc=<a
moz-do-not-send="true" href="http://mydc2.it"
target="_blank">mydc2.it</a>"
--group-objectclass=posixGroup
--base-dn="dc=mydc1,dc=<a moz-do-not-send="true"
href="http://mydc2.it" target="_blank">mydc2.it</a>"
--with-compat <a moz-do-not-send="true">ldap://ldap01</a></span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">ipa:
INFO: trying <a moz-do-not-send="true"
href="https://freeipa01.unix.mydomain.it/ipa/xml"
target="_blank">https://freeipa01.unix.mydomain.it/ipa/xml</a></span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Password:</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">ipa:
INFO: Forwarding 'migrate_ds' to server u'<a
moz-do-not-send="true"
href="http://freeipa01.unix.mydomain.it/ipa/xml"
target="_blank">http://freeipa01.unix.mydomain.it/ipa/xml</a>'</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">ipa:
ERROR: Container for group not found at
ou=groups,dc=mydc1,dc=<a moz-do-not-send="true"
href="http://mydc2.it" target="_blank">mydc2.it</a></span><br>
<br>
I looked at my ldap server logs and I found out that
the search executed has scope=1. Actually both for
users and groups. This is a problem for me, in having
a lot of subtrees (ou) in which my users and groups
are. Is there a way to manage this?<br>
<br>
Thanks in advance<br>
Marco<br>
<br>
P.s. As a side note, I suppose there's a typo in the
verbose message I obtain in my output: <br>
<span style="font-family: courier new,monospace;">ipa:
INFO: Forwarding 'migrate_ds' to server </span><b
style="font-family: courier new,monospace;">u</b><span
style="font-family: courier new,monospace;">'<a
moz-do-not-send="true"
href="http://freeipa01.unix.mydomain.it/ipa/xml"
target="_blank">http://freeipa01.unix.mydomain.it/ipa/xml</a>'</span><br>
</blockquote>
<br>
</div>
</div>
Please open tickets for both issues.<br>
</div>
</blockquote>
<div><br>
Done:<br>
<a moz-do-not-send="true"
href="https://fedorahosted.org/freeipa/ticket/2547">https://fedorahosted.org/freeipa/ticket/2547</a><br>
<a moz-do-not-send="true"
href="https://fedorahosted.org/freeipa/ticket/2546">https://fedorahosted.org/freeipa/ticket/2546</a><br>
<br>
Do you have a hint on how to manage to do this import in the
meantime? Every manual step is ok for me.<br>
</div>
</div>
</blockquote>
<br>
I do not think you would like it as it would be a fair amount of
work. :-)<br>
Export schema into LDIF, make a script to reformat LDIF, create
flattened LDIF, load it into an empty instance of the 389 DS,
migrate from there.<br>
Describe all the procedure and share the script for others to use
:-)<br>
<br>
<blockquote
cite="mid:CAMrrtwve=oAUsYJqZAf_NSh6ctCj_gkC=43_e2LLRBFKL88o2A@mail.gmail.com"
type="cite"><br>
Thanks again<br>
Marco<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>