On 03/31/2015 04:50 PM, Janelle wrote: > > > On 3/31/15 6:49 AM, Dmitri Pal wrote: >> On 03/31/2015 09:38 AM, Janelle wrote: >>> Hello again, >>> >>> Is this a feature or a bug? >>> >>> Migration mode - works fine the first time. However, if you need to run it a >>> second time because someone added either new users or groups to your LDAP >>> config and you want to bring those over, if you re-run migration, it indeed >>> brings all the new users over, but NOT their secondary groups, only primary. >>> And even if you have overwrite of the GID option set. >>> >>> Would this be expected for some reason that I may be missing, or is it a >>> bug? >>> >>> Thank you >>> ~J >>> >> Let be know if I get you right. > That's it exactly. > Ok - Bug. > :-)
I am personally not convinced this is a bug. As Rob mentioned, this is a migration solution, not sync. So what likely happens is that you add new memberships to already-migrated groups (i.e. member attribute in group object), which are then not migrated as they are already present in the FreeIPA. So if anything, I would call it an RFE, for allowing overwriting the memberships for existing groups... > >> >> Setup: >> - Old LDAP server >> - IPA >> >> Users are migrated from LDAP to IPA using migrate-ds. >> Everything works as expected >> Now you add users to LDAP and put them into some groups (that were already >> been migrated the first time, right?) >> You run migrate-ds again and the new users are migrated but group membership >> is lost. >> >> Is this the scenario? >> If yes, looks like a bug. >> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project