[Freeipa-users] Migration mode fun and confusion
Rob Crittenden
rcritten at redhat.com
Tue Mar 31 14:28:11 UTC 2015
Dmitri Pal wrote:
> On 03/31/2015 09:38 AM, Janelle wrote:
>> Hello again,
>>
>> Is this a feature or a bug?
>>
>> Migration mode - works fine the first time. However, if you need to
>> run it a second time because someone added either new users or groups
>> to your LDAP config and you want to bring those over, if you re-run
>> migration, it indeed brings all the new users over, but NOT their
>> secondary groups, only primary. And even if you have overwrite of the
>> GID option set.
>>
>> Would this be expected for some reason that I may be missing, or is it
>> a bug?
>>
>> Thank you
>> ~J
>>
> Let be know if I get you right.
>
> Setup:
> - Old LDAP server
> - IPA
>
> Users are migrated from LDAP to IPA using migrate-ds.
> Everything works as expected
> Now you add users to LDAP and put them into some groups (that were
> already been migrated the first time, right?)
> You run migrate-ds again and the new users are migrated but group
> membership is lost.
>
> Is this the scenario?
> If yes, looks like a bug.
I agree. IIRC it only looks at new entries, not at changes to existing
entries (this is migration after all, not sync). Changes in group
membership are overlooked.
Bringing in new users and looking up their groups probably wouldn't be a
big deal. Re-syncing all group memberships would likely be VERY expensive.
rob
More information about the Freeipa-users
mailing list