On Fri, 2017-09-08 at 12:36 -0400, Mark Haney wrote:
> On 09/08/2017 12:10 PM, Simo Sorce wrote:
> > On Fri, 2017-09-08 at 10:06 -0400, Mark Haney via FreeIPA-users
> > wrote:
> > > Probably the dumbest question you'll get all day, but we've got a
> > > hundred or so VMs with OpenLDAP on them (as clients pointing to a
> > > master). Are there any gotchas to replacing OpenLDAP with
> > > FreeIPA?
> > Do you mean that you are replicating your whole ldap directory on
> > each
> > client ?
> Unfortunately, yes in the case of the boxes we supply to our
> Disclaimer: This was decided on LONG before I arrived and never
> worked well anyway, hence the need to do it right this time.
> > > I'm
> > > using Ansible to push the client install to the VMs, with a task
> > > for
> > > uninstalling OpenLDAP prior to IPA setup.
> > >
> > > Does this plan sound cunning enough? Or am I missing something?
> > ENOINFO to comment on whether this is genius or madness :-)
> Maybe I should clarify. We're moving away from a full OpenLDAP
> running on customer servers (which is really small, mainly the 5 or
> Operations accounts that need logins) and replacing it with FreeIPA
> client setups. The Ansible playbook would be (more or less) 3 tasks:
> Uninstall openldap-servers package (these are all Centos 6 boxes)
> Install freeipa-client
> Run the unattended setup with all settings passed as variables.
> I can't see any issues with this method, but I like having other eyes
> over it when it's something I've never had to do before.
Sounds like a nice upgrade :-)
If the data is the same I see no issue on the general approach.
Sr. Principal Software Engineer
Red Hat, Inc
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org