[Freeipa-devel] [PATCH] Add DS to IPA migration plugin and password migration page.
Rob Crittenden
rcritten at redhat.com
Mon Nov 2 15:31:31 UTC 2009
Pavel Zuna wrote:
> Everyone wrote:
> ...
> A LOT and Thunderbird isn't able to display a thread on a mailing list
> properly.
>
> I did some testing on how much time does it take to migrate "a few"
> users. I started with 10000, but unfortunately my VM can't handle that
> much (always running out of space and I already deleted /usr/share/doc :D).
>
> Anyway, I successfully migrated about ~4200 users in 27 minutes using
> the current method. I didn't test it using the IPA commands yet, because
> I ran into the problem of making LDAP data valid for IPA commands - it's
> actually not that easy. We can't pass user passwords to them and we also
> cannot set attributes the command don't support, so we have to manually
> set them using ldap2.update_entry anyway. I know that the numbers at the
> beginning of this paragraph mean nothing if I have nothing to compare
> them to, but I thought you might be interested anyway. I'll keep you
> updated.
Yes, something we need in baseldap.py is a way to pass in arbitrary
attributes to Add and Modify. There are several modes we need:
Add a new value to an attribute (this attr may or may not be in the entry)
Set an attribute to a value (a replace operation)
Remove a value from an attribute. Removing the last value should remove
the attribute from the entry.
We had the first two options in v1, delete was there but a bit flaky IIRC.
> Another thing: with user friendliness/experience. I think users will
> actually suffer a little after being migrated, because they will have to
> take all of these steps:
>
> 1) login to the migration page
> 2) use kinit
> 3) if their password doesn't meet IPA password policy, change their
> password
> 4) go to ipa page, probably won't work
> 5) configure their browsers
> 6) go to ipa page again, this time it will work :)
>
> Just saying.
>
> Pavel
Yes, though perhaps in the migration page we should add the "configure
Firefox" button so they set their password, configure their browser,
quit, kinit, restart and done.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091102/687d68ac/attachment.bin>
More information about the Freeipa-devel
mailing list