[Freeipa-devel] [PATCH] 134 Improve handling of GIDs when migrating groups
Martin Kosek
mkosek at redhat.com
Thu Oct 6 08:15:14 UTC 2011
On Wed, 2011-10-05 at 13:44 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > Since IPA v2 server already contain predefined groups that may collide
> > with groups in migrated (IPA v1) server (for example admins, ipausers),
> > users having colliding group as their primary group may happen to belong
> > to an unknown group on new IPA v2 server.
> >
> > Implement --group-overwrite-gid option to overwrite GID of already
> > existing groups to prevent this issue.
> >
> > https://fedorahosted.org/freeipa/ticket/1866
>
> For argument's sake, what is the user going to see the first time they
> run this? I assume they won't think about these duplicate groups and
> just do the migration. This means that the result may be some users
> pointing to non-existent GIDs.
At first I was thinking about making the GID the default behavior and
just add flag "--dont-overwrite-gid. But I was afraid this could do some
damage and change GIDs where it is not required. However, I made some
improvements in this area, please see below.
>
> If they re-run the migration with this option will it then fix
> everything up?
Yep.
>
> I'm wondering if we need a --test argument so people can run the
> migration w/o writing entries to look for problems like this.
>
> rob
If we want to do this, we would have to add a lot of LDAP query checks
since mostly try doing the LDAP write and write failures in case of an
exception.
However, I updated the patch so that user is notified about existence of
--group-overwrite-gid option better. If a migration of a group with a
GID number fails because of DuplicateError, a notice about GID is
displayed. This should make him check this situation and either use
group-mod --gidnumber=... or re-run the migration with
--group-overwrite-gid.
I also updated the Password option not to ask user for LDAP password
twice, because it makes me really mad :-)
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-134-2-improve-handling-of-gids-when-migrating-groups.patch
Type: text/x-patch
Size: 10207 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111006/c7ff11ff/attachment.bin>
More information about the Freeipa-devel
mailing list