Janelle wrote: > Might it be possible with a user-mod or group-add/group-mod to accomplish? > > Just thinking outside the box I guess.
The hard part is the UPG. I think you'd need an ldapmodify to achieve that. IIRC you'd need to manually create the managed group entry and in the same update link the user to it. rob > ~J > > On 1/13/16 7:59 AM, Rob Crittenden wrote: >> Janelle wrote: >>> Hello, >>> >>> This may not be possible, or if it is I am going to guess it is not >>> going to be easy. If I have an old OpenLDAP environment with users who >>> never had unique UIG/GID - in other words, the GID was not unique to a >>> user, instead it was some global group. Well, I was hoping to migrate >>> over the OpenLDAP domain to IPA, but at the same time create a private >>> group for each user. Just wondering if this might be possible? >>> >>> Example OpenLDAP >>> user=freddy (UID=13) , GID=123456(friday) >>> >>> After migration to IPA: >>> user= uid=13(freddy), gid=13(freddy), groups=123456(friday) >>> >>> Does that make sense? >> It does but it isn't possible today. In fact the migration won't create >> user private groups at all (though there is an RFE for that, >> https://fedorahosted.org/freeipa/ticket/4738 ) >> >> I don't think this is an unreasonable request. It may be an extension of >> the above ticket, probably requiring a new option to deal with the >> existing primary group. >> >> rob >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project