On to, 28 tammi 2021, Jacquelin Charbonnel via FreeIPA-users wrote:
Hi folks,
Overall, what is the goal of the IPA compat mode, and what are the
consequences of enabling/disabling it ?
Please read documentation in
https://pagure.io/slapi-nis/blob/master/f/doc
And specifically, what's the differences between :
# ipa migrate-ds --with-compat ...
and
# ipa-compat-manage disable
# ipa migrate-ds ...
The first one will force running migration process even when compat tree
plugin is enabled. It means adding a user or group would cause automatic
generation of a virtual entry in the compat tree. When many updates
happen at the same time this can slow down the actual migration process.
Without compat plugin disabled, 'ipa migrate-ds' will refuse to proceed
to actual migration unless you specified the --with-compat option.
The second one is the recommended sequence.
This is documented in 'ipa help migration':
--------------------------------------------------------------------------
Two LDAP schemas define how group members are stored: RFC2307 and
RFC2307bis. RFC2307bis uses member and uniquemember to specify group
members, RFC2307 uses memberUid. The default schema is RFC2307bis.
The schema compat feature allows IPA to reformat data for systems that
do not support RFC2307bis. It is recommended that this feature is disabled
during migration to reduce system overhead. It can be re-enabled after
migration. To migrate with it enabled use the "--with-compat" option.
--------------------------------------------------------------------------
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland