[Freeipa-users] changing search base during migration?
Rob Crittenden
rcritten at redhat.com
Wed Sep 22 21:44:41 UTC 2010
Brian LaMere wrote:
> On Wed, Sep 22, 2010 at 1:14 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
> And this request came from newserver? I don't see where we would
> query namingContexts with this search base. Seems strange that
> something knew about the new basedn though.
>
>
> aye - and I can say that the only thing pointing at oldserver that would
> even think of asking about a "brian.internal" would be this particular
> query - which happens at exactly the time the entry on the oldserver
> that references that search base.
Ok, it was the camel case that was throwing me.
It looks like we have a bug when setting an empty base_dn. We try to set
it blank but it ends up getting set to the IPA base.
>
> Well, we want flexibility for sure, what you're asking for isn't
> unreasonable. Have you run the migration script and it failed or are
> you just worried that it isn't going to do the right thing?
>
>
> aye, I get the old:
>
> # ipa migrate-ds ldap://oldserver.briandomain.com
> <http://oldserver.briandomain.com>
> password:
> Enter password again to verify:
> ipa: ERROR: no such entry
>
> Which is to say, it found nothing to import (right? isn't that what the
> error means?). "oldserver" is a default 389-ds server (which as you
> might recall is 1.2.6-0.1.a1, but I don't want to upgrade that without
> getting the data off first). While I created all sorts of funny things
> elsewhere in the tree, the normal users and groups are all in the normal
> places.
>
> I tried adding a little debug line in ipalib/migrate.py ahead of the
> only place I saw namingcontexts mentioned, but...even though I raised an
> exception, nothing changed (so I guess migrate_ds.execute doesn't get
> run until...err...execute. So where is the search base found?). I'm
> digging around, but that's the only place I find /namingcontext/i in the
> python libs, at least, and nothing jumped out at me in strace (though
> stuff did scroll past my 2k lines buffer...)
I think what it's failing to find is the ipaconfig entry. Look in your
access log for a query for cn=ipaconfig.
I've created a ticket to track this work,
https://fedorahosted.org/freeipa/ticket/289
Are you working from IPA v2 pre4 or did you build the source yourself
from git?
This might take me a couple of days to hammer out.
thanks
rob
More information about the Freeipa-users
mailing list