freeipa

Clone
Source Code
GIT

#3318 [RFE] Support migration from the sync solution to the trust solution
Closed: Fixed None Opened 11 years ago by dpal.

Closed: Fixed
Reopen Issue

Provide, procedure or tool or both to migrate from the sync based solution to the AD based solution.

Scope

Implement a new concept of ID Views (see #3979) that allows overriding selected attributes (like name, UID, home directory, ...) on users or groups from Active Directory by specifying the overrides either for all IdM clients in Default ID View or per-host in host/hostgroup-based view.

Sync to Trust Migration Procedure

In a nutshell, synced users (i.e. users with own UID and GID) can be migrated to Trust-based setup following a simple procedure:

  1. Select a user/group entry to be migrated
  2. Create a default or host-based ID View override specifying previously used UID or other tools
  3. Backup migrated user/group
  4. Delete user/group original entry

In future, the procedure will be easier with proposed tool for automated migration - #4524.

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=891984

Move all uncompleted tickets to next month bucket.

Is this going to be possible? These migrated users will have IPA-based UID/GID and trying to extract (e.g. cancel the sync agreement and delete from IPA) them somehow so they can be trust users instead will have them mapped via SID instead so any files they own will be orphaned.

The way how it can be accomplished is to stick known UID and GID into the service ticket when we create it on the IPA side and make the client extract this data.

Moving unfinished March tickets to April milestone.

Rename "trusts" component to "Trusts" to achieve correct sorting.

Moving to next month bucket.

Moving open tickets to next month bucket.

3.3 development is finishing, FreeIPA now has 2 new features to help integrating FreeIPA in existing environments. Moving back to NEEDS_TRIAGE to decide what to do with this ticket further.

3.4 development was shifted for one month, moving tickets to reflect reality better.

See also #3979

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

This ticket is being worked on, but will not end in 4.0 GA, moving to needs triage to decide the target milestone.

We do not have time to finish for 4.0, but we plan to revisit the ideas in 4.1.

Worked on by Alexander, Sumit and Tomas.

The last set of patches was posted for review: https://www.redhat.com/archives/freeipa-devel/2014-October/msg00009.html

Ticket #3979 is closed - ID Views are ready!

Metadata Update from @dpal:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.1
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
critical
None
None
None
None
enhancement
None
None
Trusts
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=891984
None
None
http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.