Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at
Bug 1150040 - ignoring user attributes in migrate-ds does not work if uppercase characters are returned by ldap
Summary: ignoring user attributes in migrate-ds does not work if uppercase characters ...
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: 22
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 1159816
TreeView+ depends on / blocked
Reported: 2014-10-07 10:18 UTC by david
Modified: 2015-03-05 12:38 UTC (History)
6 users (show)

Fixed In Version: freeipa-4.1.3-2.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1159816 (view as bug list)
Last Closed: 2015-03-05 12:38:55 UTC
Type: Bug

Attachments (Terms of Use)

Description david 2014-10-07 10:18:27 UTC
Description of problem:
I tried to migrate a openldap based directory to FreeIPA, while removing several objectclasses. --user-ignore-attribute didn't work.

The Problem seems to be, that the LDAPEntry Object entry_attry in isn't lowercased while the blacklist is force to lower case by the script.

the problem can be resolved by replacing
        if attr in attr_blacklist:
        if attr.lower() in attr_blacklist:

Version-Release number of selected component (if applicable): 4.0.3 on Fedora 20

How reproducible: use migrate-ds with --user-ignore-attribute

Steps to Reproduce:

Actual results:

Failed user:
  xxx: attribute "shadowLastChange" not allowed
  xxx: attribute "shadowLastChange" not allowed

Expected results:
user is migrated

Additional info:

Comment 1 Martin Kosek 2014-10-07 10:59:28 UTC
Thanks for the bug report! I will clone it to upstream Trac. The change looks OK, would you consider sending it in form of a patch to freeipa-devel list? This way, your contribute could be recognized in FreeIPA git repository!

Comment 2 Martin Kosek 2014-10-07 10:59:57 UTC
Upstream ticket:

Comment 4 Fedora Update System 2015-02-23 14:40:58 UTC
freeipa-4.1.3-2.fc21 has been submitted as an update for Fedora 21.

Comment 5 Fedora Update System 2015-02-25 13:25:32 UTC
Package freeipa-4.1.3-2.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeipa-4.1.3-2.fc21'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 6 Jaroslav Reznik 2015-03-03 17:19:01 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:

Comment 7 Fedora Update System 2015-03-05 12:38:55 UTC
freeipa-4.1.3-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.