Syncing from OpenLDAP RFC2307, for now we are ok losing change an IPA admin has made with OpenLDAP being the source of truth until we cut over to IPA. I can accomplish this another way but seems to get tricky if a group is removed on the source system, I have to get it removed at IPA as well.
Alfred On Tue, Oct 6, 2020 at 2:02 PM Rob Crittenden <rcrit...@redhat.com> wrote: > Alfred Victor wrote: > > Hi Rob, > > > > Thanks for confirming. Is there any way to simply accomplish a sync, or > > will we need to achieve this by adding/removing groups using ipa > > commands based on an ldapsearch? > > There is no IPA tool to do a sync like this. If you add/remove groups in > IPA to achieve it you run the risk of losing changes some IPA admin has > made. > > What is it you're syncing from? > > rob > > > > > Paul > > > > On Tue, Oct 6, 2020 at 12:42 PM Rob Crittenden <rcrit...@redhat.com > > <mailto:rcrit...@redhat.com>> wrote: > > > > Alfred Victor via FreeIPA-users wrote: > > > Hi FreeIPA, > > > > > > Maybe I've misunderstood how migrate-ds should work, worth > mentioning > > > the source directory is RFC2307 - if ipa migrate-ds migrates a > user, > > > then later that user is added more groups and the same migrate-ds > > > command is run again, should it not add the user into the > > corresponding > > > groups on IPA which did not have its memberUid prior? > > > > It isn't a sync tool. If an entry already exists then it is > considered > > migrated and skipped. > > > > rob > > > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
