[Freeipa-users] tricky one in OpenLDAP migration, groups
Rob Crittenden
rcritten at redhat.com
Wed Jan 13 16:21:36 UTC 2016
Janelle wrote:
> Might it be possible with a user-mod or group-add/group-mod to accomplish?
>
> Just thinking outside the box I guess.
The hard part is the UPG. I think you'd need an ldapmodify to achieve
that. IIRC you'd need to manually create the managed group entry and in
the same update link the user to it.
rob
> ~J
>
> On 1/13/16 7:59 AM, Rob Crittenden wrote:
>> Janelle wrote:
>>> Hello,
>>>
>>> This may not be possible, or if it is I am going to guess it is not
>>> going to be easy. If I have an old OpenLDAP environment with users who
>>> never had unique UIG/GID - in other words, the GID was not unique to a
>>> user, instead it was some global group. Well, I was hoping to migrate
>>> over the OpenLDAP domain to IPA, but at the same time create a private
>>> group for each user. Just wondering if this might be possible?
>>>
>>> Example OpenLDAP
>>> user=freddy (UID=13) , GID=123456(friday)
>>>
>>> After migration to IPA:
>>> user= uid=13(freddy), gid=13(freddy), groups=123456(friday)
>>>
>>> Does that make sense?
>> It does but it isn't possible today. In fact the migration won't create
>> user private groups at all (though there is an RFE for that,
>> https://fedorahosted.org/freeipa/ticket/4738 )
>>
>> I don't think this is an unreasonable request. It may be an extension of
>> the above ticket, probably requiring a new option to deal with the
>> existing primary group.
>>
>> rob
>>
>
More information about the Freeipa-users
mailing list