Alfred Victor wrote:
> Hi Rob,
>
> Thanks for confirming. Is there any way to simply accomplish a sync, or
> will we need to achieve this by adding/removing groups using ipa
> commands based on an ldapsearch?
There is no IPA tool to do a sync like this. If you add/remove groups in
IPA to achieve it you run the risk of losing changes some IPA admin has
made.
What is it you're syncing from?
rob
>
> Paul
>
> On Tue, Oct 6, 2020 at 12:42 PM Rob Crittenden <rcritten(a)redhat.com
> <mailto:rcritten@redhat.com>> wrote:
>
> Alfred Victor via FreeIPA-users wrote:
> > Hi FreeIPA,
> >
> > Maybe I've misunderstood how migrate-ds should work, worth mentioning
> > the source directory is RFC2307 - if ipa migrate-ds migrates a user,
> > then later that user is added more groups and the same migrate-ds
> > command is run again, should it not add the user into the
> corresponding
> > groups on IPA which did not have its memberUid prior?
>
> It isn't a sync tool. If an entry already exists then it is considered
> migrated and skipped.
>
> rob
>