#2604 Do not create private groups for migrated users
Closed: Fixed None Opened 11 years ago by mkosek.

User private groups should not be created for migrated posix users, their GID points to another group:

# echo "secret123" | ipa migrate-ds ldap://vm-054.idm.lab.bos.redhat.com --with-compat --base-dn="dc=greyoak,dc=com"
-----------
migrate-ds:
-----------
Migrated:
  user: darcee_leeson, ayaz_kreiger, mollee_weisenberg
  group: ipagroup
Failed user:
Failed group:
----------
Passwords have been migrated in pre-hashed format.
IPA is unable to generate Kerberos keys unless provided
with clear text passwords. All migrated users need to
login at https://your.domain/ipa/migration/ before they
can use their Kerberos accounts.

# ipa user-show darcee_leeson
  User login: darcee_leeson
  First name: Darcee
  Last name: Leeson
  Home directory: /home/Darcee_Leeson
  Email address: Darcee_Leeson@greyoak.com
  UID: 11731
  GID: 21731         <<<<<<<<<
  Telephone Number: +1 804 913-8558
  Org. Unit: Product Testing
  Job Title: Supreme Product Testing Visionary
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: False
# ipa group-show darcee_leeson
  Group name: darcee_leeson
  Description: User private group for darcee_leeson
  GID: 11731        <<<<<<<<<

Metadata Update from @mkosek:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/04

7 years ago

Login to comment on this ticket.

Metadata