Johnathan Phan wrote:
Hi everyone,
k pass authentication issues now. It's now complaining about objects not
there.
ipa: ERROR: uri=ldaps://ldap1.example.com:636
<http://ldap1.example.com:636>: Unable to retrieve LDAP schema: No such
object:
However when I run the following commands on the new IPA server.
ldapsearch -x -H ldaps://ldap.example.com:636
<http://ldap.example.com:636> -b ou=groups,ou=live,dc=example,dc=com -D
"cn=admin,dc=example,dc=com" -W
or
ldapsearch -x -H ldaps://ldap.example.com:636
<http://ldap.example.com:636> -b ou=ib,dc=example,dc=com -D
"cn=admin,dc=example,dc=com" -W and I get output
Ldap shows the users and groups in the old system. It just dumps out the
whole content of the OU.
I have tried to run the following two commands and I still get the same
error
ipa migrate-ds --bind-dn="cn=admin,dc=example,dc=com"
--user-container="ou=ib,dc=example,dc=com" ldaps://ldap1.example.com:636
<http://ldap1.example.com:636>
or
ipa migrate-ds --bind-dn="cn=admin,dc=example,dc=com"
--user-container="ou=ib,dc=example,dc=com"
--group-container="ou=groups,ou=live,dc=example,dc=com"
ldaps://ldap1.example.com:636 <http://ldap1.example.com:636>
What is IPA complaining about specifically? I know objects are in these
ou's Is it expecting something different?
It is failing trying to query cn=schema. We fetch the schema from the
remote server to know what types of data we're dealing with. What
version of openldap is this?
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
