[Freeipa-users] missing objects during migration steps
Johnathan Phan
john at ox-consulting.com
Wed Jan 23 14:27:22 UTC 2013
Hi Rob,
Please find the output from /usr/sbin/slapd -VV that shows the current
openldap version thats running on the ldap server.
@(#) $OpenLDAP: slapd 2.4.23 (Jul 31 2012 10:47:00) $
mockbuild at x86-001.build.bos.redhat.com:
/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
ps. I have opened a ticket for this.
https://fedorahosted.org/freeipa/ticket/3372
Can I assume you have a away to turn this check off. As in IRC there does
not seem to be one. Or are you saying I can allow the scheme value to be
checked if I create one or make it readable some how?
On Wed, Jan 23, 2013 at 2:00 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Johnathan Phan wrote:
>
>> Hi everyone,
>>
>> k pass authentication issues now. It's now complaining about objects not
>> there.
>>
>> ipa: ERROR: uri=ldaps://ldap1.example.com:**636<http://ldap1.example.com:636>
>> <http://ldap1.example.com:636>**: Unable to retrieve LDAP schema: No such
>>
>> object:
>>
>> However when I run the following commands on the new IPA server.
>>
>> ldapsearch -x -H ldaps://ldap.example.com:636
>> <http://ldap.example.com:636> -b ou=groups,ou=live,dc=example,**dc=com -D
>>
>> "cn=admin,dc=example,dc=com" -W
>>
>> or
>>
>> ldapsearch -x -H ldaps://ldap.example.com:636
>> <http://ldap.example.com:636> -b ou=ib,dc=example,dc=com -D
>>
>> "cn=admin,dc=example,dc=com" -W and I get output
>>
>> Ldap shows the users and groups in the old system. It just dumps out the
>> whole content of the OU.
>>
>> I have tried to run the following two commands and I still get the same
>> error
>>
>> ipa migrate-ds --bind-dn="cn=admin,dc=**example,dc=com"
>> --user-container="ou=ib,dc=**example,dc=com" ldaps://
>> ldap1.example.com:636
>> <http://ldap1.example.com:636>
>>
>>
>> or
>>
>> ipa migrate-ds --bind-dn="cn=admin,dc=**example,dc=com"
>> --user-container="ou=ib,dc=**example,dc=com"
>> --group-container="ou=groups,**ou=live,dc=example,dc=com"
>> ldaps://ldap1.example.com:636 <http://ldap1.example.com:636>
>>
>>
>> What is IPA complaining about specifically? I know objects are in these
>> ou's Is it expecting something different?
>>
>
> It is failing trying to query cn=schema. We fetch the schema from the
> remote server to know what types of data we're dealing with. What version
> of openldap is this?
>
> rob
>
>
--
Johnathan Phan
ox-consulting
T: +44 (0)784 118 7080
john at ox-consulting.com
www.ox-consulting.com
OX CONSULTING Ltd is registered in England & Wales, number: 07113039,
registered address as above.
The information contained in this email message may be privileged,
confidential or exempt from disclosure under applicable law. If you are not
the intended recipient, you are hereby notified that any use,
dissemination, distribution or copying of this transmission is strictly
prohibited. If you have received this communication in error, or if any
problems occur with transmission, please notify the sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130123/c73f3fa2/attachment.htm>
More information about the Freeipa-users
mailing list