[Freeipa-users] tricky one in OpenLDAP migration, groups
Rob Crittenden
rcritten at redhat.com
Wed Jan 13 15:59:26 UTC 2016
Janelle wrote:
> Hello,
>
> This may not be possible, or if it is I am going to guess it is not
> going to be easy. If I have an old OpenLDAP environment with users who
> never had unique UIG/GID - in other words, the GID was not unique to a
> user, instead it was some global group. Well, I was hoping to migrate
> over the OpenLDAP domain to IPA, but at the same time create a private
> group for each user. Just wondering if this might be possible?
>
> Example OpenLDAP
> user=freddy (UID=13) , GID=123456(friday)
>
> After migration to IPA:
> user= uid=13(freddy), gid=13(freddy), groups=123456(friday)
>
> Does that make sense?
It does but it isn't possible today. In fact the migration won't create
user private groups at all (though there is an RFE for that,
https://fedorahosted.org/freeipa/ticket/4738 )
I don't think this is an unreasonable request. It may be an extension of
the above ticket, probably requiring a new option to deal with the
existing primary group.
rob
More information about the Freeipa-users
mailing list