i've noticed that some of my users (imported from openldap) don't have
personal user groups, but the new ones that i make within freeipa do.
Is there a way of marking the existing accounts such that they get user
groups made for them ? I couldn't seem to see the groups that IPA is
making in the LDAP output so it must be creating them via some other means.
Is there some sort of 'ipa user create-private-group <userA>' command ?
The only work around i have is to make hundreds of fake private groups
by making normal user groups each with one user, which'll clutter the UI
up with pointless groups.
Yeah, there is a ticket open to allow UPG creation in migration but as
you see, it isn't done yet.
There is no documented way to do it but it should be possible with
ldapmodify. I forget the exact ordering but I'd probably do the group
first, then the user. In theory you can convert a group to be managed by
You also need to update the user with:
Just don't do this with any groups that have members.
Definitely worth experimenting on a non-production installation.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project