Our AEM users (authoring instances) have their groups synced in to AEM from LDAP when user attempts to login . Basically on a fresh instance we create user groups (with same name as defined in Ldap ) and set permissions via scripts and keep it ready when instance is freshly set up . When user attempts to login , as his group name is identical and is already found in AEM his profile is added to the group . The group already existing in AEM has permission set which is inherited by the profile .
This is how we have set up permisisons .
Now we are trying to set up new instances and trying to migrate everything from old instances to new instances including groups and permissions . We are atatinging good results using crx2oak migration but some how groups and permissions doesn't seem to flow through and work as expected .
In our migration paths we do mention --merge-path=/jcr:system/rep:permissionStore and the path below seem to be migrating , however i don't see groups under /useradmin and the above mentioned mechanism doesn't seem to work any more . Ideally i would have expected after migration , i can see all my groups with its permissions set from /useradmin .
Alternately I tried with ACS commons ACL packager post the migration with crx2oak and with ACL package i can see all groups with its permissions coming up as expected .
I would like to skip this additional step to align user groups on to new stacks and achieve everything as part of crx2oak migration . Am i missing any paths from crx2oak migration related groups /permissions ? Any help to resolve this issue ?