Bug 1476943

Summary: Migrated Users Private Group have different ObjectClass
Product: Red Hat Enterprise Linux 7 Reporter: Gaurav Swami <gswami>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED DUPLICATE QA Contact: ipa-qe <ipa-qe>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: mkosek, pvoborni, rcritten, tscherf
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-11 16:32:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
IDM Screen-shot none

Description Gaurav Swami 2017-07-31 21:30:26 UTC 
Created attachment 1307276 [details]
IDM Screen-shot

Description of problem:

When users and group migrated from FreeIPA to IDM, User private group have different objectclass.

We can see User private group under `User Groups` tab in Web-UI,  as compared to local users, when we 
create local IPA users, we can see UPG's under `User Groups -> ipausers` TAB.

Version-Release number of selected component (if applicable):

ipa-server-4.4.0-14.el7_3.7.x86_64

How reproducible:

Migrate Users From FreeIPA to IDM.

Steps to Reproduce:

1. Enable Migration mode on RHEL 

# ipa config-mod --enable-migration=True

2. Migrate users with below command,

# ipa migrate-ds --bind-dn="cn=Directory Manager" --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup --user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry} --user-ignore-objectclass=mepOriginEntry --with-compat ldap://freeipa1.example.com

3. Check Web-UI and Compare Objeclass for UPG's of local and migrated users.

Actual results:

Migrated User

----
[root@vm251-138 ~]# ipa group-find test9 --all --raw
---------------
1 group matched
---------------
  dn: cn=test9,cn=groups,cn=accounts,dc=gaurav,dc=local
  cn: test9
  description: User private group for test9
  gidnumber: 961600071
  ipaUniqueID: 4957301a-7232-11e7-a87c-001a4a00013a
  mepManagedBy: uid=test9,cn=users,cn=accounts,dc=gsslab,dc=pnq2,dc=redhat,dc=com
  objectClass: ipaobject
  objectClass: top
  objectClass: mepmanagedentry
  objectClass: ipausergroup
  objectClass: posixgroup
  objectClass: groupofnames
  objectClass: nestedgroup
----------------------------
Number of entries returned 1
----------------------------
[root@vm251-138 ~]# 
-----

Local User

----
[root@vm251-138 ~]# ipa group-find test11 --private --all --raw
---------------
1 group matched
---------------
  dn: cn=test11,cn=groups,cn=accounts,dc=gaurav,dc=local
  cn: test11
  description: User private group for test11
  gidnumber: 1938400008
  ipaUniqueID: f7ada67a-7233-11e7-b9f7-001a4a00013a
  mepManagedBy: uid=test11,cn=users,cn=accounts,dc=gaurav,dc=local
  objectClass: posixgroup
  objectClass: ipaobject
  objectClass: mepManagedEntry
  objectClass: top
----------------------------
Number of entries returned 1
----------------------------
[root@vm251-138 ~]# 
----


Expected results:

Migrated User

----
[root@vm251-138 ~]# ipa group-find test9 --all --raw
---------------
1 group matched
---------------
  dn: cn=test9,cn=groups,cn=accounts,dc=gaurav,dc=local
  cn: test9
  description: User private group for test9
  gidnumber: 961600071
  ipaUniqueID: 4957301a-7232-11e7-a87c-001a4a00013a
  mepManagedBy: uid=test9,cn=users,cn=accounts,dc=gsslab,dc=pnq2,dc=redhat,dc=com
  objectClass: posixgroup
  objectClass: ipaobject
  objectClass: mepManagedEntry
  objectClass: top
----------------------------
Number of entries returned 1
----------------------------
[root@vm251-138 ~]# 
-----

Local User

----
[root@vm251-138 ~]# ipa group-find test11 --private --all --raw
---------------
1 group matched
---------------
  dn: cn=test11,cn=groups,cn=accounts,dc=gaurav,dc=local
  cn: test11
  description: User private group for test11
  gidnumber: 1938400008
  ipaUniqueID: f7ada67a-7233-11e7-b9f7-001a4a00013a
  mepManagedBy: uid=test11,cn=users,cn=accounts,dc=gaurav,dc=local
  objectClass: posixgroup
  objectClass: ipaobject
  objectClass: mepManagedEntry
  objectClass: top
----------------------------
Number of entries returned 1
----------------------------
[root@vm251-138 ~]# 
----


Additional info:

Screen-shot attached to the Bugzilla.
Comment 2 Rob Crittenden 2017-07-31 21:50:10 UTC 
Migrated users don't get a user-private group.

I believe this is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1377241
Comment 3 Petr Vobornik 2017-08-11 16:32:51 UTC 

*** This bug has been marked as a duplicate of bug 1377241 ***