[Freeipa-devel] [PATCH] Add DS to IPA migration plugin and password migration page.
Dmitri Pal
dpal at redhat.com
Mon Nov 2 15:52:56 UTC 2009
Rob Crittenden wrote:
> Pavel Zuna wrote:
>> Everyone wrote:
>> ...
>> A LOT and Thunderbird isn't able to display a thread on a mailing
>> list properly.
>>
>> I did some testing on how much time does it take to migrate "a few"
>> users. I started with 10000, but unfortunately my VM can't handle
>> that much (always running out of space and I already deleted
>> /usr/share/doc :D).
>>
>> Anyway, I successfully migrated about ~4200 users in 27 minutes using
>> the current method. I didn't test it using the IPA commands yet,
>> because I ran into the problem of making LDAP data valid for IPA
>> commands - it's actually not that easy. We can't pass user passwords
>> to them and we also cannot set attributes the command don't support,
>> so we have to manually set them using ldap2.update_entry anyway. I
>> know that the numbers at the beginning of this paragraph mean nothing
>> if I have nothing to compare them to, but I thought you might be
>> interested anyway. I'll keep you updated.
>
> Yes, something we need in baseldap.py is a way to pass in arbitrary
> attributes to Add and Modify. There are several modes we need:
>
> Add a new value to an attribute (this attr may or may not be in the
> entry)
> Set an attribute to a value (a replace operation)
> Remove a value from an attribute. Removing the last value should
> remove the attribute from the entry.
>
> We had the first two options in v1, delete was there but a bit flaky
> IIRC.
>
>> Another thing: with user friendliness/experience. I think users will
>> actually suffer a little after being migrated, because they will have
>> to take all of these steps:
>>
>> 1) login to the migration page
>> 2) use kinit
>> 3) if their password doesn't meet IPA password policy, change their
>> password
>> 4) go to ipa page, probably won't work
>> 5) configure their browsers
>> 6) go to ipa page again, this time it will work :)
>>
>> Just saying.
>>
>> Pavel
>
> Yes, though perhaps in the migration page we should add the "configure
> Firefox" button so they set their password, configure their browser,
> quit, kinit, restart and done.
>
And please, please, please document it for David.
> rob
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list