> Finn Fysj via FreeIPA-users wrote: > > What's the use-case for this? > > I think this is likely because migration currently doesn't support > user-private groups and a default IPA user doesn't have a memberof their > private groups. > > migrate-ds was designed to migrate users who used only LDAP to use IPA. > IPA to IPA migration is possible for users and groups but its full of > pitfalls. This may be another one. > > rob Understood.
When I try to delete the User Groups itself and try a new migration, the user will be member of these groups again... I'm experiencing a lot of inconsistency with my server + replica setup: - I'm not able to ssh into my IPA servers, even tho I have created an allow_all HBAC. I don't find anything relevant in the logs after settings debug_level = 9, other than: [ipa_pam_access_handler_done] (0x0020): [RID#16] Unable to fetch HBAC rules [22]: Invalid argument. - In the log file I get the service: sshd, but shouldn't the log file also include testing of HBAC rules? Now it suddenly doens't do this. - Whenever I create a HBAC rule on my server, it takes a long time for it to be synced to the replica, however, if something is created on the replica server this is synced immediately. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
