[Freeipa-users] Migration mode fun and confusion

[Martin Kosek]

On 03/31/2015 04:50 PM, Janelle wrote:
> 
> 
> On 3/31/15 6:49 AM, Dmitri Pal wrote:
>> On 03/31/2015 09:38 AM, Janelle wrote:
>>> Hello again,
>>>
>>> Is this a feature or a bug?
>>>
>>> Migration mode - works fine the first time. However, if you need to run it a
>>> second time because someone added either new users or groups to your LDAP
>>> config and you want to bring those over, if you re-run migration, it indeed
>>> brings all the new users over, but NOT their secondary groups, only primary.
>>> And even if you have overwrite of the GID option set.
>>>
>>> Would this be expected for some reason that I may be missing, or is it a bug?
>>>
>>> Thank you
>>> ~J
>>>
>> Let be know if I get you right.
> That's it exactly.
> Ok - Bug.
> :-)

I am personally not convinced this is a bug. As Rob mentioned, this is a
migration solution, not sync. So what likely happens is that you add new
memberships to already-migrated groups (i.e. member attribute in group object),
which are then not migrated as they are already present in the FreeIPA.

So if anything, I would call it an RFE, for allowing overwriting the
memberships for existing groups...

> 
>>
>> Setup:
>> - Old LDAP server
>> - IPA
>>
>> Users are migrated from LDAP to IPA using migrate-ds.
>> Everything works as expected
>> Now you add users to LDAP and put them into some groups (that were already
>> been migrated the first time, right?)
>> You run migrate-ds again and the new users are migrated but group membership
>> is lost.
>>
>> Is this the scenario?
>> If yes, looks like a bug.
>>
>>
>