Bug 1476943 - Migrated Users Private Group have different ObjectClass
Migrated Users Private Group have different ObjectClass
Status: CLOSED DUPLICATE of bug 1377241
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: IPA Maintainers
ipa-qe
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-31 17:30 EDT by Gaurav Swami
Modified: 2017-08-11 12:32 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-11 12:32:51 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
IDM Screen-shot (106.29 KB, image/png)
2017-07-31 17:30 EDT, Gaurav Swami
no flags Details

  None (edit)
Description Gaurav Swami 2017-07-31 17:30:26 EDT
Created attachment 1307276 [details]
IDM Screen-shot

Description of problem:

When users and group migrated from FreeIPA to IDM, User private group have different objectclass.

We can see User private group under `User Groups` tab in Web-UI,  as compared to local users, when we 
create local IPA users, we can see UPG's under `User Groups -> ipausers` TAB.

Version-Release number of selected component (if applicable):

ipa-server-4.4.0-14.el7_3.7.x86_64

How reproducible:

Migrate Users From FreeIPA to IDM.

Steps to Reproduce:

1. Enable Migration mode on RHEL 

# ipa config-mod --enable-migration=True

2. Migrate users with below command,

# ipa migrate-ds --bind-dn="cn=Directory Manager" --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup --user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry} --user-ignore-objectclass=mepOriginEntry --with-compat ldap://freeipa1.example.com

3. Check Web-UI and Compare Objeclass for UPG's of local and migrated users.

Actual results:

Migrated User

----
[root@vm251-138 ~]# ipa group-find test9 --all --raw
---------------
1 group matched
---------------
  dn: cn=test9,cn=groups,cn=accounts,dc=gaurav,dc=local
  cn: test9
  description: User private group for test9
  gidnumber: 961600071
  ipaUniqueID: 4957301a-7232-11e7-a87c-001a4a00013a
  mepManagedBy: uid=test9,cn=users,cn=accounts,dc=gsslab,dc=pnq2,dc=redhat,dc=com
  objectClass: ipaobject
  objectClass: top
  objectClass: mepmanagedentry
  objectClass: ipausergroup
  objectClass: posixgroup
  objectClass: groupofnames
  objectClass: nestedgroup
----------------------------
Number of entries returned 1
----------------------------
[root@vm251-138 ~]# 
-----

Local User

----
[root@vm251-138 ~]# ipa group-find test11 --private --all --raw
---------------
1 group matched
---------------
  dn: cn=test11,cn=groups,cn=accounts,dc=gaurav,dc=local
  cn: test11
  description: User private group for test11
  gidnumber: 1938400008
  ipaUniqueID: f7ada67a-7233-11e7-b9f7-001a4a00013a
  mepManagedBy: uid=test11,cn=users,cn=accounts,dc=gaurav,dc=local
  objectClass: posixgroup
  objectClass: ipaobject
  objectClass: mepManagedEntry
  objectClass: top
----------------------------
Number of entries returned 1
----------------------------
[root@vm251-138 ~]# 
----


Expected results:

Migrated User

----
[root@vm251-138 ~]# ipa group-find test9 --all --raw
---------------
1 group matched
---------------
  dn: cn=test9,cn=groups,cn=accounts,dc=gaurav,dc=local
  cn: test9
  description: User private group for test9
  gidnumber: 961600071
  ipaUniqueID: 4957301a-7232-11e7-a87c-001a4a00013a
  mepManagedBy: uid=test9,cn=users,cn=accounts,dc=gsslab,dc=pnq2,dc=redhat,dc=com
  objectClass: posixgroup
  objectClass: ipaobject
  objectClass: mepManagedEntry
  objectClass: top
----------------------------
Number of entries returned 1
----------------------------
[root@vm251-138 ~]# 
-----

Local User

----
[root@vm251-138 ~]# ipa group-find test11 --private --all --raw
---------------
1 group matched
---------------
  dn: cn=test11,cn=groups,cn=accounts,dc=gaurav,dc=local
  cn: test11
  description: User private group for test11
  gidnumber: 1938400008
  ipaUniqueID: f7ada67a-7233-11e7-b9f7-001a4a00013a
  mepManagedBy: uid=test11,cn=users,cn=accounts,dc=gaurav,dc=local
  objectClass: posixgroup
  objectClass: ipaobject
  objectClass: mepManagedEntry
  objectClass: top
----------------------------
Number of entries returned 1
----------------------------
[root@vm251-138 ~]# 
----


Additional info:

Screen-shot attached to the Bugzilla.
Comment 2 Rob Crittenden 2017-07-31 17:50:10 EDT
Migrated users don't get a user-private group.

I believe this is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1377241
Comment 3 Petr Vobornik 2017-08-11 12:32:51 EDT

*** This bug has been marked as a duplicate of bug 1377241 ***

Note You need to log in before you can comment on or make changes to this bug.