On Wed, 2018-09-05 at 14:32 -0400, Rob Crittenden via FreeIPA-users
wrote:
Heather A. Selbe via FreeIPA-users wrote:
> This is going to be a strange one. I have a new instance of IPA I am
> standing up, and did an migrate of users and groups from a prior IPA
> instance. In the old instance, all of the user private groups were
> hidden in the WebUI, but do still exist in the server, since I can find
> them with ipa group_show and group_find. I've done some digging, but I'm
> still unsure how to replicate this behavior on the new IPA master. The
> new IPA is on 4.5.4-10 for reference. Any help will be appreciated.
Migration does not currently create user-private groups.
The reasoning is that it was computationally heavy to check the group
for every user to see if there are any exceptions in which case either
the migration would be perhaps aborted, or an override, something.
We have an RFE to add this capability, along with a number of other
enhancements for migration, it just hasn't been put onto the roadmap yet.
A clarification that may not be evident from Rob's reply.
What he implied is that migration moves "user-private groups" in the
new instance as regular groups. This is why you see them in the UI.
Unfortunately there is no "blessed" method to turn a regular group into
a user-private group ...
Simo.
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc