Hide Forgot
Description of problem: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ds-migration-cmd-003 Invalid Group Container :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [14:56:17] :: EXECUTING: ipa migrate-ds --user-container="ou=People" --group-container="ou=bad" ldap://dhcp-187-178.testrelm.com:389 ipa: ERROR: an internal error has occurred :: [ FAIL ] :: Check return code (Expected 2, got 1) :: [ FAIL ] :: File '/tmp/error.out' should contain 'ipa: ERROR: Container for group not found' http error-log :: [Wed Feb 22 14:21:56 2012] [error] ipa: INFO: admin: migrate_ds(u'ldap://dhcp-187-178.testrelm.com:389', u'********', binddn=u'cn=directory manager', usercontainer=u'ou=People', groupcontainer=u'ou=bad', userobjectclass=(u'person',), groupobjectclass=(u'groupOfUniqueNames', u'groupOfNames'), userignoreobjectclass=None, userignoreattribute=None, groupignoreobjectclass=None, groupignoreattribute=None, groupoverwritegid=False, schema=u'RFC2307bis', continue=False, exclude_groups=None, exclude_users=None): DatabaseError [Wed Feb 22 14:23:49 2012] [error] ipa: ERROR: non-public: KeyError: 'gidnumber' [Wed Feb 22 14:23:49 2012] [error] Traceback (most recent call last): [Wed Feb 22 14:23:49 2012] [error] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 232, in wsgi_execute [Wed Feb 22 14:23:49 2012] [error] result = self.Command[name](*args, **options) [Wed Feb 22 14:23:49 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__ [Wed Feb 22 14:23:49 2012] [error] ret = self.run(*args, **options) [Wed Feb 22 14:23:49 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 696, in run [Wed Feb 22 14:23:49 2012] [error] return self.execute(*args, **options) [Wed Feb 22 14:23:49 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py", line 650, in execute [Wed Feb 22 14:23:49 2012] [error] ldap, config, ds_ldap, ds_base_dn, options [Wed Feb 22 14:23:49 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py", line 594, in migrate [Wed Feb 22 14:23:49 2012] [error] **blacklists [Wed Feb 22 14:23:49 2012] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py", line 120, in _pre_migrate_user [Wed Feb 22 14:23:49 2012] [error] ctx['def_group_gid'] = g_attrs['gidnumber'][0] [Wed Feb 22 14:23:49 2012] [error] KeyError: 'gidnumber' [Wed Feb 22 14:23:49 2012] [error] ipa: INFO: admin: migrate_ds(u'ldap://dhcp-187-178.testrelm.com:389', u'********', binddn=u'cn=directory manager', usercontainer=u'ou=People', groupcontainer=u'ou=bad', userobjectclass=(u'person',), groupobjectclass=(u'groupOfUniqueNames', u'groupOfNames'), userignoreobjectclass=None, userignoreattribute=None, groupignoreobjectclass=None, groupignoreattribute=None, groupoverwritegid=False, schema=u'RFC2307bis', continue=False, exclude_groups=None, exclude_users=None): KeyError Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Version :: ipa-server-2.2.0-102.20120220T2339zgit7fe095c.el6.x86_64 Further investigation - ipa migrate-ds is not working at all.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2430
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/e294f79488aee881e636b6a3c0565287c26da65d ipa-2-2: https://fedorahosted.org/freeipa/changeset/9c448ae1d0dda7aa243142a25572fb21c575f787
Still broken :: # ipa migrate-ds ldap://dhcp-187-227.testrelm.com:389 Password: ipa: ERROR: no such entry http-error log :: [Wed Mar 07 15:50:47 2012] [error] ipa: INFO: admin: migrate_ds(u'ldap://dhcp-187-227.testrelm.com:389', u'********', binddn=u'cn=directory manager', usercontainer=u'ou=people', groupcontainer=u'ou=groups', userobjectclass=(u'person',), groupobjectclass=(u'groupOfUniqueNames', u'groupOfNames'), userignoreobjectclass=None, userignoreattribute=None, groupignoreobjectclass=None, groupignoreattribute=None, groupoverwritegid=False, schema=u'RFC2307bis', continue=False, compat=False, exclude_groups=None, exclude_users=None): NotFound example user in RHDS migration from :: dn: cn=Mair Simhan,ou=People,dc=example,dc=com carLicense: DAV2RFS cn: Mair Simhan departmentNumber: 2556 description: This is Mair Simhan's description employeeType: Contract facsimileTelephoneNumber: +1 714 961-4177 givenName: Mair homePhone: +1 818 129-2423 initials: M. S. l: Santa Clara mail: Mair_Simhan manager: cn=Emelyne Settels,ou=People,dc=example,dc=com mobile: +1 213 230-9793 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount ou: Human Resources pager: +1 510 660-3116 postalAddress: example.com, Human Resources Dept #718, Room#710 roomNumber: 6458 secretary: cn=Chin Hunter,ou=People,dc=example,dc=com sn: Simhan telephoneNumber: +1 303 620-6590 title: Supreme Human Resources Figurehead uid: Mair_Simhan uidNumber: 10001 gidNumber: 20001 homeDirectory: /home/Mair_Simhan userPassword:: e1NTSEF9Z2FKbzJwUWt1aWxwbU1JZndkMW9WQzhpbVBrb2FIaXJqbDM2QXc9PQ= example group :: dn: cn=Testers,ou=Groups,dc=example,dc=com objectClass: top objectClass: inetuser objectClass: groupofnames objectClass: posixGroup cn: Testers member: cn=Lamar Applications,ou=People,dc=example,dc=com member: cn=Brenton Samhaber,ou=People,dc=example,dc=com member: cn=Lanny Bijman,ou=People,dc=example,dc=com member: cn=Agneta Thorley,ou=People,dc=example,dc=com member: cn=Huan Hawkes,ou=People,dc=example,dc=com member: cn=Deonne Le,ou=People,dc=example,dc=com member: cn=Shakoor Oblak,ou=People,dc=example,dc=com member: cn=Ning Goddard,ou=People,dc=example,dc=com member: cn=Gwen Manickam,ou=People,dc=example,dc=com member: cn=Tape Mawst,ou=People,dc=example,dc=com member: cn=Rachele Maliepaard,ou=People,dc=example,dc=com member: cn=Jacklyn Datta,ou=People,dc=example,dc=com member: cn=Lindsey Drescher,ou=People,dc=example,dc=com member: cn=Romola McEwen,ou=People,dc=example,dc=com member: cn=Aime Boocock,ou=People,dc=example,dc=com member: cn=Tiffani Rodgers,ou=People,dc=example,dc=com member: cn=Nedda Queries,ou=People,dc=example,dc=com member: cn=Rhodie Zimmerer,ou=People,dc=example,dc=com member: cn=Anya Cricker,ou=People,dc=example,dc=com member: cn=Bethina Pittner,ou=People,dc=example,dc=com member: cn=Edy Snelling,ou=People,dc=example,dc=com member: cn=Alvera Macalik,ou=People,dc=example,dc=com member: cn=Kellen Pagliarulo,ou=People,dc=example,dc=com member: cn=Wilhelmus Minegishi,ou=People,dc=example,dc=com member: cn=Candee Murdoch,ou=People,dc=example,dc=com member: cn=Linzy Muise,ou=People,dc=example,dc=com member: cn=Sohale Kernodle,ou=People,dc=example,dc=com member: cn=Randa Chirachanchai,ou=People,dc=example,dc=com member: cn=Israel Azevedo,ou=People,dc=example,dc=com member: cn=Cristal Kenmir,ou=People,dc=example,dc=com member: cn=Mrugesh Lorfano,ou=People,dc=example,dc=com member: cn=Marjorie Flewelling,ou=People,dc=example,dc=com member: cn=Sybyl Gattrell,ou=People,dc=example,dc=com member: cn=Roda Clysdale,ou=People,dc=example,dc=com member: cn=Abigail Wintour,ou=People,dc=example,dc=com member: cn=Kambhampati Esson,ou=People,dc=example,dc=com member: cn=Ling-Zhong Khanna,ou=People,dc=example,dc=com member: cn=Tricia Rosko,ou=People,dc=example,dc=com member: cn=Evy Osatuik,ou=People,dc=example,dc=com member: cn=Kaylee Levasseur,ou=People,dc=example,dc=com member: cn=Sianna Hord,ou=People,dc=example,dc=com member: cn=Trent Zelenka,ou=People,dc=example,dc=com member: cn=Ottcsr Bergmann,ou=People,dc=example,dc=com member: cn=Orly Izbinsky,ou=People,dc=example,dc=com member: cn=Yaser Casper,ou=People,dc=example,dc=com member: cn=Elvira Wolczanski,ou=People,dc=example,dc=com member: cn=Neilla Nicol,ou=People,dc=example,dc=com member: cn=Data Werick,ou=People,dc=example,dc=com member: cn=Prem Pommainville,ou=People,dc=example,dc=com member: cn=Jacquette St.Laurent,ou=People,dc=example,dc=com member: cn=Truda Javor,ou=People,dc=example,dc=com member: cn=Klaas Desilets,ou=People,dc=example,dc=com member: cn=Shae Breon,ou=People,dc=example,dc=com member: cn=Tisha Denman,ou=People,dc=example,dc=com member: cn=Sandye Dantu,ou=People,dc=example,dc=com member: cn=Katrine Sherrell,ou=People,dc=example,dc=com member: cn=Dionis Tu,ou=People,dc=example,dc=com member: cn=Tushar Kebede,ou=People,dc=example,dc=com member: cn=Crystal Ranoska,ou=People,dc=example,dc=com member: cn=Loris Charbonneau,ou=People,dc=example,dc=com member: cn=Felicdad Avard,ou=People,dc=example,dc=com member: cn=Dacy Valerio,ou=People,dc=example,dc=com member: cn=Jeanette Sproule,ou=People,dc=example,dc=com member: cn=Felita Lebel,ou=People,dc=example,dc=com gidNumber: 30003 version :: ipa-server-2.2.0-3.el6.x86_64
I found out that the compat plugin was broken because of patch in Bug 783270, the compat plugin is not checked correctly. I filed an upstream ticket: https://fedorahosted.org/freeipa/ticket/2508 I will send a patch for this issue today.
fixed upstream. master: 0cb9882be9dc13781fb566df11df8bb962ea1ca9 ipa-2-2: 26b968c993ba65414d08e3d58991826cd229ed91
Verified Passwords have been migrated in pre-hashed format. IPA is unable to generate Kerberos keys unless provided with clear text passwords. All migrated users need to login at https://your.domain/ipa/migration/ before they can use their Kerberos accounts. Migration of 10,000 users and 12 groups completed successfully. version: ipa-server-2.2.0-4.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html