Simo Sorce via FreeIPA-users wrote:
On Wed, 2018-09-05 at 14:32 -0400, Rob Crittenden via FreeIPA-users
wrote:
> Heather A. Selbe via FreeIPA-users wrote:
>> This is going to be a strange one. I have a new instance of IPA I am
>> standing up, and did an migrate of users and groups from a prior IPA
>> instance. In the old instance, all of the user private groups were
>> hidden in the WebUI, but do still exist in the server, since I can find
>> them with ipa group_show and group_find. I've done some digging, but I'm
>> still unsure how to replicate this behavior on the new IPA master. The
>> new IPA is on 4.5.4-10 for reference. Any help will be appreciated.
>
> Migration does not currently create user-private groups.
>
> The reasoning is that it was computationally heavy to check the group
> for every user to see if there are any exceptions in which case either
> the migration would be perhaps aborted, or an override, something.
>
> We have an RFE to add this capability, along with a number of other
> enhancements for migration, it just hasn't been put onto the roadmap yet.
A clarification that may not be evident from Rob's reply.
What he implied is that migration moves "user-private groups" in the
new instance as regular groups. This is why you see them in the UI.
Unfortunately there is no "blessed" method to turn a regular group into
a user-private group ...
Thank you, I sometimes forget context :-(
I was curious so I poked at this a little to see how one can convert a
group into a UPG. It requires that the group has zero members but is
otherwise pretty straightforward.
I wrote it up at
https://rcritten.wordpress.com/2018/09/05/migration-and-user-private-groups/
<insert all usual disclaimers here>
rob