The command ipa migrate-ds fails to complete when the source LDAP server contains a referral entry, and complains that the LDAP server does not contain user entries although it does:
ipa migrate-ds ldap://vm-058-034.abc.idm.lab.eng.brq.redhat.com:1389 --base-dn=dc=oud,dc=com --user-container=ou=mypeople --group-container=ou=mygroups --scope=subtree Password: ipa: ERROR: user LDAP search did not return any result (search base: ou=mypeople,dc=oud,dc=com, objectclass: person)
Content of source LDAP server:
dn: ou=mypeople,dc=oud,dc=com ou: mypeople objectClass: top objectClass: organizationalunit dn: cn=myref,ou=mypeople,dc=oud,dc=com objectClass: referral objectClass: extensibleobject objectClass: top cn: myref ref: ldap:///ou=mypeople,dc=oud,dc=com??sub?(uid=manageruid) dn: cn=managercn,ou=mypeople,dc=oud,dc=com sn: managersn cn: managercn objectClass: top objectClass: inetorgperson objectClass: posixaccount objectClass: organizationalPerson objectClass: person homeDirectory: /home/dir gidNumber: 123 uidNumber: 12 uid: manageruid
Debug log attached.
We can see that the referral entry is properly found but the method LDAPClient._convert_result returns an empty res_list, which is interpreted as a Search Result Done by LDAPClient.find_entries and stops the processing of entries found.
attachment bug_migrate_referral.txt
master:
Metadata Update from @frenaud: - Issue assigned to frenaud - Issue set to the milestone: FreeIPA 4.5
Log in to comment on this ticket.