Alfred Victor wrote:
Hi Rob,
Thanks for confirming. Is there any way to simply accomplish a sync, or
will we need to achieve this by adding/removing groups using ipa
commands based on an ldapsearch?
There is no IPA tool to do a sync like this. If you add/remove groups in
IPA to achieve it you run the risk of losing changes some IPA admin has
made.
What is it you're syncing from?
rob
Paul
On Tue, Oct 6, 2020 at 12:42 PM Rob Crittenden <rcritten(a)redhat.com
<mailto:rcritten@redhat.com>> wrote:
Alfred Victor via FreeIPA-users wrote:
> Hi FreeIPA,
>
> Maybe I've misunderstood how migrate-ds should work, worth mentioning
> the source directory is RFC2307 - if ipa migrate-ds migrates a user,
> then later that user is added more groups and the same migrate-ds
> command is run again, should it not add the user into the
corresponding
> groups on IPA which did not have its memberUid prior?
It isn't a sync tool. If an entry already exists then it is considered
migrated and skipped.
rob