Please provide the Directory Server access log snippet from this failure as well. 

Thanks,
Mark

On 10/26/20 7:59 AM, Per Qvindesland via FreeIPA-users wrote:
Hi

While running the command:   echo password123 | ipa migrate-ds --with-compat ldap://ipofldap:389 --bind-dn="cn=admin,dc=company,dc=com"  --base-dn=dc=company,dc=com --user-container=ou=people --group-container=ou=groups --scope=subtree then it's failing with ipa:
ERROR: group LDAP search did not return any result (search base: ou=groups,dc=company,dc=com, objectclass: groupofuniquenames, groupofnames)

No matter how i change the command to ipa migrate-ds ldap://ldapserver:389 --bind-dn="cn=admin,dc=example,dc=com" then it still fails with the same error

Does anyone know how I can resolve this? in the sladp errors logs I see this:

[26/Oct/2020:11:18:18.622956777 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.
[26/Oct/2020:11:18:19.228133838 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.229323016 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.229952707 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.230652382 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.231285195 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.231934733 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.232593780 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.233232479 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.233866104 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.234486443 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.235118913 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.235747974 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.236394872 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.237060940 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.237715214 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.238356425 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.244588134 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.246571311 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.247223136 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:18:19.343344230 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[26/Oct/2020:11:18:19.348552041 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition.
[26/Oct/2020:11:18:19.378667333 +0100] - INFO - slapd_daemon - slapd started.  Listening on All Interfaces port 389 for LDAP requests
[26/Oct/2020:11:18:19.381366608 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
[26/Oct/2020:11:18:19.383976582 +0100] - INFO - slapd_daemon - Listening on /var/run/slapd-PROXDYNAMICS-COM.socket for LDAPI requests
[26/Oct/2020:11:24:47.858883691 +0100] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 1 max work q size 2 max work q stack size 2
[26/Oct/2020:11:24:47.958419078 +0100] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
[26/Oct/2020:11:24:49.018815611 +0100] - INFO - bdb_pre_close - Waiting for 4 database threads to stop
[26/Oct/2020:11:24:50.544575094 +0100] - INFO - bdb_pre_close - All database threads now stopped
[26/Oct/2020:11:24:50.557264313 +0100] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed
[26/Oct/2020:11:24:50.558354653 +0100] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack objects - freed 5 op stack objects
[26/Oct/2020:11:24:50.558915217 +0100] - INFO - main - slapd stopped.
[26/Oct/2020:11:25:31.985322130 +0100] - INFO - slapd_extract_cert - CA CERT NAME: PROXDYNAMICS.COM IPA CA
[26/Oct/2020:11:25:32.004250734 +0100] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password.
[26/Oct/2020:11:25:32.204204240 +0100] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert
[26/Oct/2020:11:25:32.784801369 +0100] - INFO - Security Initialization - SSL info: Enabling default cipher set.
[26/Oct/2020:11:25:32.785394876 +0100] - INFO - Security Initialization - SSL info: Configured NSS Ciphers
[26/Oct/2020:11:25:32.785945734 +0100] - INFO - Security Initialization - SSL info:     TLS_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.786493194 +0100] - INFO - Security Initialization - SSL info:     TLS_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.787079571 +0100] - INFO - Security Initialization - SSL info:     TLS_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.787564682 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.788075487 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.788559673 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.789102837 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.789589594 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.790077677 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.790578956 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.791113852 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.791943466 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.792531988 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.793207244 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.793713859 +0100] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.794224928 +0100] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.794737674 +0100] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[26/Oct/2020:11:25:32.795251667 +0100] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.795769593 +0100] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.796287159 +0100] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.796807154 +0100] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.797403513 +0100] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.797932212 +0100] - INFO - Security Initialization - SSL info:     TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/Oct/2020:11:25:32.798459755 +0100] - INFO - Security Initialization - SSL info:     TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[26/Oct/2020:11:25:32.799030910 +0100] - INFO - Security Initialization - SSL info:     TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[26/Oct/2020:11:25:32.799573067 +0100] - INFO - Security Initialization - SSL info:     TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/Oct/2020:11:25:32.800109380 +0100] - INFO - Security Initialization - SSL info:     TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[26/Oct/2020:11:25:32.800638525 +0100] - INFO - Security Initialization - SSL info:     TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/Oct/2020:11:25:33.345680476 +0100] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
[26/Oct/2020:11:25:33.346491118 +0100] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
[26/Oct/2020:11:25:33.347161756 +0100] - INFO - main - 389-Directory/1.4.2.4 B2020.255.2048 starting up
[26/Oct/2020:11:25:33.347693917 +0100] - INFO - main - Setting the maximum file descriptor limit to: 262144
[26/Oct/2020:11:25:34.438699059 +0100] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds
[26/Oct/2020:11:25:34.442181997 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
[26/Oct/2020:11:25:34.448132662 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
[26/Oct/2020:11:25:34.453494825 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
[26/Oct/2020:11:25:34.458647975 +0100] - NOTICE - ldbm_back_start - found 3868940k physical memory
[26/Oct/2020:11:25:34.459245844 +0100] - NOTICE - ldbm_back_start - found 3334504k available
[26/Oct/2020:11:25:34.459802577 +0100] - NOTICE - ldbm_back_start - cache autosizing: db cache: 96723k
[26/Oct/2020:11:25:34.460371153 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 131072k
[26/Oct/2020:11:25:34.461129521 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (3 total): 65536k
[26/Oct/2020:11:25:34.462282548 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 131072k
[26/Oct/2020:11:25:34.463016641 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca dn cache (3 total): 65536k
[26/Oct/2020:11:25:34.464194998 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog entry cache (3 total): 131072k
[26/Oct/2020:11:25:34.464956271 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog dn cache (3 total): 65536k
[26/Oct/2020:11:25:34.465703802 +0100] - NOTICE - ldbm_back_start - total cache size: 683215667 B;
[26/Oct/2020:11:25:35.118987768 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES
[26/Oct/2020:11:25:35.119820971 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped.  To recover the encrypted contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.408089893 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES
[26/Oct/2020:11:25:35.408739079 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped.  To recover the encrypted contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.409291926 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.
[26/Oct/2020:11:25:35.699507155 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES
[26/Oct/2020:11:25:35.700197858 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped.  To recover the encrypted contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.993821262 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES
[26/Oct/2020:11:25:35.995400166 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped.  To recover the encrypted contents, keep the wrapped symmetric key value.
[26/Oct/2020:11:25:35.996128828 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.
[26/Oct/2020:11:25:36.676724884 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.677458024 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.678097744 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.678801681 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist
[26/Oct/2020:1  1:25:36.679445978 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.680107840 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.680752352 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.681421435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.682075173 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.682731538 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.683392435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.683961442 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.684550864 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.685159287 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.685757939 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.686370905 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.692387853 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.694119273 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.694778890 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[26/Oct/2020:11:25:36.790882675 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[26/Oct/2020:11:25:36.796103722 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition.
[26/Oct/2020:11:25:36.826914731 +0100] - INFO - slapd_daemon - slapd started.  Listening on All Interfaces port 389 for LDAP requests
[26/Oct/2020:11:25:36.828243699 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
[26/Oct/2020:11:25:36.829512166 +0100] - INFO - slapd_daemon - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests

Regards
Per




_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
-- 

389 Directory Server Development Team