Reproducer:
# ipa config-mod --enable-migration=1 # echo kokos123 | ipa migrate-ds ldap://vm-236.idm.lab.eng.brq.redhat.com --user-container='cn=groups,cn=accounts' --bind-dn="cn=Directory Manager" --with-compat ipa: ERROR: user LDAP search did not return any result (search base: cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com, objectclass: person) # ipa group-show ipausers Group name: ipausers Description: Default group for all users
As you see, ipausers does not have any members even though more than 100 users were migrated, see log in error_log:
/var/log/httpd/error_log:
[Mon Jan 27 04:26:14.663821 2014] [:error] [pid 29166] ipa: INFO: 100 users migrated. 0:01:48.884679 elapsed.
Patch ''freeipa-mkosek-454-migration-does-not-add-users-to-default-group.patch'' sent for review freeipa-mkosek-454-migration-does-not-add-users-to-default-group.patch
AFAIR there was a huge performance problem with that in the past and this might have been the reason that it was removed. Rob might remember better.
The intention was to add the users in batches to reduce the performance hit.
Replying to [comment:3 dpal]:
Just FYI, the original ticket implementing adding users to ipausers in batcn is #3386.
master:[[BR]] 03ba31b Migration does not add users to default group
ipa-3-3:[[BR]] da70c6d Migration does not add users to default group
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.3.5 (bug fixing)
Login to comment on this ticket.