[Freeipa-devel] [PATCH] Add DS to IPA migration plugin and password migration page.
Pavel Zuna
pzuna at redhat.com
Mon Nov 2 15:19:08 UTC 2009
Everyone wrote:
...
A LOT and Thunderbird isn't able to display a thread on a mailing list properly.
I did some testing on how much time does it take to migrate "a few" users. I
started with 10000, but unfortunately my VM can't handle that much (always
running out of space and I already deleted /usr/share/doc :D).
Anyway, I successfully migrated about ~4200 users in 27 minutes using the
current method. I didn't test it using the IPA commands yet, because I ran into
the problem of making LDAP data valid for IPA commands - it's actually not that
easy. We can't pass user passwords to them and we also cannot set attributes the
command don't support, so we have to manually set them using ldap2.update_entry
anyway. I know that the numbers at the beginning of this paragraph mean nothing
if I have nothing to compare them to, but I thought you might be interested
anyway. I'll keep you updated.
Another thing: with user friendliness/experience. I think users will actually
suffer a little after being migrated, because they will have to take all of
these steps:
1) login to the migration page
2) use kinit
3) if their password doesn't meet IPA password policy, change their password
4) go to ipa page, probably won't work
5) configure their browsers
6) go to ipa page again, this time it will work :)
Just saying.
Pavel
More information about the Freeipa-devel
mailing list