Janelle wrote: > Hello, > > This may not be possible, or if it is I am going to guess it is not > going to be easy. If I have an old OpenLDAP environment with users who > never had unique UIG/GID - in other words, the GID was not unique to a > user, instead it was some global group. Well, I was hoping to migrate > over the OpenLDAP domain to IPA, but at the same time create a private > group for each user. Just wondering if this might be possible? > > Example OpenLDAP > user=freddy (UID=13) , GID=123456(friday) > > After migration to IPA: > user= uid=13(freddy), gid=13(freddy), groups=123456(friday) > > Does that make sense?
It does but it isn't possible today. In fact the migration won't create user private groups at all (though there is an RFE for that, https://fedorahosted.org/freeipa/ticket/4738 ) I don't think this is an unreasonable request. It may be an extension of the above ticket, probably requiring a new option to deal with the existing primary group. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project