I'm also getting the following output occasionally.
[user@infra-test-ipa ~]$ sudo ipa -v migrate-ds
--user-container='ou=Users,dc=oldldap,dc=local'
--group-container='ou=Group,dc=oldldap,dc=local' --user-objectclass=posixAccount
--group-objectclass=posixGroup --bind-dn='cn=Manager,dc=oldldap,dc=local'
ldap://1.2.3.4:389ipa: INFO: trying
https://infra-test-ipa.freeipa.net/ipa/session/jsonPassword:ipa: INFO: [try 1]: Forwarding
'migrate_ds/1' to json server
'https://infra-test-ipa.freeipa.net/ipa/session/json'ipa: ERROR: Insufficient
access: Invalid credentials[user@infra-test-ipa ~]$
On Monday, October 9, 2017, 4:10:21 PM CDT, Andrew Meyer via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Gabriel,When I run the ipa -v migrate-ds I need to put in my OpenLDAP manager password,
correct? Not my FreeIPA admin credentials.
Thank you,
On Monday, October 9, 2017, 12:33:53 PM CDT, Andrew Meyer via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Thank you! I will take this and change it suit my network and let you know.
On Monday, October 9, 2017, 12:16:05 PM CDT, Gabriel Faber via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Here's what worked for me (all output removed):
# ipa-compat-manage disable
# systemctl restart dirsrv.target
# ipa config-mod --enable-migration=TRUE
# ipa -v migrate-ds --user-container='dc=melodis,dc=com'
--group-container='ou=Group,dc=melodis,dc=com' --user-objectclass=posixAccount
--group-objectclass=posixGroup --bind-dn='cn=Manager,dc=melodis,dc=com'
ldap://ns1.sca.melodis.com:389
# ipa-compat-manage enable
# systemctl restart dirsrv.target
# ipa config-mod --enable-migration=FALSE
Note: As we added ' ipaNTHash' for users (by running
'ipa-adtrust-install'), I had to add a 'Range' in the GUI before running
these commands. That is probably not necessary otherwise.
Gabriel
On 10/9/2017 9:24, Andrew Meyer via FreeIPA-users wrote:
I'm heading down that route as well. But I would like to have both options
available to the boss.
I'm not sure if my syntax is incorrect. That's where I need help.
On Monday, October 9, 2017, 11:09:52 AM CDT, Mark Haney via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Honestly, we simply built a new IPA configuration rather than try to
migrate. It's been far easier to move clients over by ripping the
OpenLDAP off and installing IPA-client than mucking with a conversion.
On 10/09/2017 11:50 AM, Andrew Meyer via FreeIPA-users wrote:
Hello,
I am planning to migrate from a OpenLDAP installation to FreeIPA.
I have been following the directions and matching it to several blog
posts about this however I am coming up with errors.
[user@infra-test-ipa ~]$ ipa migrate-ds --user-container=users
--group-container=group --user-objectclass=inetOrgPerson
--group-objectclass=groupOfNames,groupOfUniqueNames
ldap://my.host.name:389
Password:
ipa: ERROR: invalid 'group_container': malformed RDN string = "group"
[user@infra-test-ipa ~]$ ipa migrate-ds --user-container=users
--group-container=group ldap://my.host.name:389
Password:
ipa: ERROR: invalid 'group_container': malformed RDN string = "group"
[user@infra-test-ipa ~]$ ipa migrate-ds --user-container=users
--group-container=Group ldap://my.host.name:389
Password:
ipa: ERROR: invalid 'group_container': malformed RDN string = "Group"
[user@infra-test-ipa ~]$ sudo kinit admin
Password for admin(a)mynewdomain.net:
[user@infra-test-ipa ~]$ sudo ipa migrate-ds --user-container=users
--group-container=Group ldap://my.host.name:389
Password:
ipa: ERROR: invalid 'group_container': malformed RDN string = "Group"
[user@infra-test-ipa ~]$ sudo ipa migrate-ds --user-container="Users"
--group-container=Group ldap://my.host.name:389
Password:
ipa: ERROR: invalid 'group_container': malformed RDN string = "Group"
[user@infra-test-ipa ~]$ sudo ipa migrate-ds --user-container="Users"
--base-dn="ou=Users,dc=olddomain,dc=local" --with-compat
--group-container="Group" ldap://my.host.name:389
Password:
ipa: ERROR: invalid 'group_container': malformed RDN string = "Group"
Has anyone run into this?
I am running CentOS 7 w/ the latest version of everything.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.haney(a)neonova.net
www.neonova.net
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
--
Gabriel Faber
Senior Operations Engineer
SoundHound Inc.
408-441-3267 _______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org