Janelle wrote:
> Might it be possible with a user-mod or group-add/group-mod to accomplish?
> Just thinking outside the box I guess.

The hard part is the UPG. I think you'd need an ldapmodify to achieve
that. IIRC you'd need to manually create the managed group entry and in
the same update link the user to it.


> ~J
> On 1/13/16 7:59 AM, Rob Crittenden wrote:
>> Janelle wrote:
>>> Hello,
>>> This may not be possible, or if it is I am going to guess it is not
>>> going to be easy. If I have an old OpenLDAP environment with users who
>>> never had unique UIG/GID - in other words, the GID was not unique to a
>>> user, instead it was some global group. Well, I was hoping to migrate
>>> over the OpenLDAP domain to IPA, but at the same time create a private
>>> group for each user. Just wondering if this might be possible?
>>> Example OpenLDAP
>>> user=freddy (UID=13) , GID=123456(friday)
>>> After migration to IPA:
>>> user= uid=13(freddy), gid=13(freddy), groups=123456(friday)
>>> Does that make sense?
>> It does but it isn't possible today. In fact the migration won't create
>> user private groups at all (though there is an RFE for that,
>> https://fedorahosted.org/freeipa/ticket/4738 )
>> I don't think this is an unreasonable request. It may be an extension of
>> the above ticket, probably requiring a new option to deal with the
>> existing primary group.
>> rob

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to