> > > Date: Tue, 23 Aug 2016 10:20:32 -0400 > From: Rob Crittenden <rcrit...@redhat.com> > To: "siology.io" <siology...@gmail.com>, freeipa-users > <freeipa-users@redhat.com> > Subject: Re: [Freeipa-users] private user groups for existing users > Message-ID: <57bc5bb0.7090...@redhat.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > siology.io wrote: > > i've noticed that some of my users (imported from openldap) don't have > > personal user groups, but the new ones that i make within freeipa do. > > > > Is there a way of marking the existing accounts such that they get user > > groups made for them ? I couldn't seem to see the groups that IPA is > > making in the LDAP output so it must be creating them via some other > means. > > > > Is there some sort of 'ipa user create-private-group <userA>' command ? > > > > The only work around i have is to make hundreds of fake private groups > > by making normal user groups each with one user, which'll clutter the UI > > up with pointless groups. > > Yeah, there is a ticket open to allow UPG creation in migration but as > you see, it isn't done yet. > > There is no documented way to do it but it should be possible with > ldapmodify. I forget the exact ordering but I'd probably do the group > first, then the user. In theory you can convert a group to be managed by > adding: > > objectclass: mepmanagedentry > mepmanagedby: uid=<user>,cn=users,cn=accounts,$SUFFIX > > And removing: > > objectclass: groupofnames > objectclass: nestedgroup > > You also need to update the user with: > > objectclass: meporiginentry > mepmanagedentry: cn=<user>,cn=groups,cn=accounts,$SUFFIX > > Just don't do this with any groups that have members. > > Definitely worth experimenting on a non-production installation. > > rob >
I'm not too hot with ldapmodify at all. So far i've got: http://pastebin.com/MDE1SN0F but i dont think that's working for me.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
