When migrated LDAP tree contains 2 groups with identical GID, IPA migration plugin returns incomprehensible error:
# echo "secret123" | ipa migrate-ds ldap://vm-054.idm.lab.bos.redhat.com --with-compat --base-dn=dc=greyoak,dc=com ipa: ERROR: The search criteria was not specific enough. Expected 1 and found 2.
This is indeed an invalid LDAP on user side, but the error message we provide should be clearer - so that user knows what to fix.
This is the part in the migration plugin that raises the error:
if entry_attrs['gidnumber'][0] not in valid_gids: try: (remote_dn, remote_entry) = ds_ldap.find_entry_by_attr( 'gidnumber', entry_attrs['gidnumber'][0], 'posixgroup', [''], search_bases['group'] ) valid_gids.append(entry_attrs['gidnumber'][0]) except errors.NotFound: api.log.warn('Migrated user\'s GID number %s does not point to a known group.' % entry_attrs['gidnumber'][0])
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=813389
attachment freeipa-mkosek-252-do-not-fail-migration-because-of-duplicate-groups.patch
Patch freeipa-mkosek-252-do-not-fail-migration-because-of-duplicate-groups.patch sent for review
master: 88927fb
ipa-2-2: 49f8695
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/04
Login to comment on this ticket.