Ticket #4846 fixed crash in some situations. However, it also hides the real problem when users/groups cannot be migrated for some reason.
This is current output, when users cannot be migrated for some reason:
# ipa migrate-ds ... ipa: ERROR: Found no users/groups to migrate from 'ldap://vm-086.example.com'.
This is the output with reverted patch:
# ipa migrate-ds ... ----------- migrate-ds: ----------- Migrated: Failed user: admin: This entry already exists fbar: attribute "krbPrincipalName" not allowed non-pug: attribute "krbPrincipalName" not allowed Failed group: admins: This entry already exists. Check GID of the existing group. Use --group-overwrite-gid option to overwrite the GID editors: This entry already exists. Check GID of the existing group. Use --group-overwrite-gid option to overwrite the GID ipausers: This entry already exists. Check GID of the existing group. Use --group-overwrite-gid option to overwrite the GID trust admins: This entry already exists ---------- Passwords have been migrated in pre-hashed format. IPA is unable to generate Kerberos keys unless provided with clear text passwords. All migrated users need to login at https://your.domain/ipa/migration/ before they can use their Kerberos accounts.
ipa-4-1:
master:
Metadata Update from @mkosek: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.1.4
Login to comment on this ticket.