On Mon, 2012-06-11 at 13:05 +0200, Sigbjorn Lie wrote: > On Mon, June 11, 2012 12:53, Sigbjorn Lie wrote: > > > > > On Mon, June 11, 2012 12:21, Martin Kosek wrote: > > > >> On Sat, 2012-06-09 at 14:12 +0200, Sigbjorn Lie wrote: > >> > >> > >>> Hi, > >>> > >>> > >>> > >>> Is there a supported method for converting a posix user group to a > >>> non-posix user group? > >>> > >>> > >>> Regards, > >>> Siggi > >>> > >>> > >> > >> I am not aware of any supported method. This step is more tricky than > >> making a non-posix group a posix one, because you could break for example > >> some existing file > >> ownerships for such group. > >> > >> But if you really want to make a posix group non-posix you could run > >> this group-mod command: > >> > >> # ipa group-show posix > >> Group name: posix > >> Description: foo > >> GID: 1994800003 > >> > >> > >> > >> # ipa group-mod posix --delattr=objectclass=posixgroup > >> --setattr=gidnumber= > >> ---------------------- > >> Modified group "posix" > >> ---------------------- > >> Group name: posix > >> Description: foo > >> > >> > > > > Ah, excellent. Yes I'm aware that it might break ownerships if the POSIX > > attrs is in use. However > > we have some groups that are POSIX that does not need to be POSIX groups. > > > > I've done the change with an LDAP editor earlier, but that was the > > "supported" solution I was > > looking for. > > > > Thanks. > > > Is the "--delattr=" option new for 2.2? It does not exist in my 2.1 > installation. > > > Rgds, > Siggi > >
It is new in IPA 2.2. In your case, you would need to set --setattr and specify all required object classes minus "posixgroup". Unfortunately, I see that new objectclass handling is not right in IPA 2.1: # ipa group-mod posix --setattr=gidnumber= --setattr=objectclass=top,groupofnames,nestedgroup,ipausergroup,ipaobject ipa: ERROR: unknown object class "top,groupofnames,nestedgroup,ipausergroup,ipaobject" Thus, I think that using an LDIF you created may be the easiest way to perform this task in IPA 2.1. Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
