Finally I don't use the command mention BUT ref the official migration site below: THIS TIME it created more entries as below user private group > also press del not found and cannot be del. Then I modified a bit that skip --group-objectclass=posixgroup  then it comes out what I want > usernames, groups , groups of groups , members of groups etc

1) ANY ONE can explain what made it wrong ? 2) Now the issue is how make it user migration password page only simple as I don't want user see any additional info after he typed passed the migration e.g. after he success migrate the keybros then just prompt success.

echo secret | ipa migrate-ds --bind-dn="cn=Directory Manager" --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup --user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry} --user-ignore-objectclass=mepOriginEntry --with-compat ldap://cde.abc.com




2018-05-30 9:43 GMT+08:00 <barrykfl@gmail.com>:
As too long log enclosed in a txt file, the log related to use admin to login find aaron and then del , user not found, 0 entry updated. (row335)

Realm is same. seem not bind ..

2018-05-29 22:18 GMT+08:00 <barrykfl@gmail.com>:
admin ….but this is new IPA 4.0 admin not IPA 3.0 admin ….BUT I tried del IPA4.0 's admin and migrated 3.0 one which follow old same ID ..same situation occur. del fail.

2018-05-29 22:17 GMT+08:00 Barry <kliu@alumni.warwick.ac.uk>:
admin ….but this is new IPA 4.0 admin not IPA 3.0 admin ….BUT I tried del IPA4.0 's admin and migrated 3.0 one which follow old same ID ..same situation occur. del fail.

2018-05-29 21:33 GMT+08:00 Florence Blanc-Renaud <flo@redhat.com>:
On 05/29/2018 12:26 PM, barrykfl--- via FreeIPA-users wrote:

Hi :


I migrated use commands form ipa 3 to ipa 4

   ipa migrate-ds --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts --with-compat ldap://abc.cde.com:389 <http://abc.cde.com:389>

Fine I saw everything work entries there ...but I want del account it said user not found..

(Modify info is ok) ...any idea ???





 _______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/TKYJ5PK62XLGNG7NIONIPWFUOEMQEF64/

Hi,

which user is authenticated in the WebUI? Is it the admin or another user?

Can you provide the content of /var/log/dirsrv/slapd-domxxx/access (you may need to wait a few minutes because it's buffered) when you try to perform the delete?

Flo