Bret Wortman via FreeIPA-users wrote: > I did figure out that I can use > > # ldapsearch -D 'directory manager' -W -E pr=20000 -b > idnsname=damascusgrp.com,cn=dns,dc=damascusgrp,dc=com > > to list out all the entries, but the format isn't what I'm expecting. > > What I'm actually trying to do is move our whole infrastructure from one > set of old & busted servers to some shiny new VMs. We'd like to extract > the data and start fresh, as our replication agreements just don't seem > to be working as expected. Changes to one don't always make it to the > other and vice versa. While I'd love to dig in and solve that, it's > easier right now to try to extract the data and reload it into a new > server, build new replicas, then unbind & re-bind every client to the > new server using ansible since we also lost our internal CA in the process. > > So while our current configuration is a mess, we can't afford to lose > all the host/user/dns/hbac data in our servers. Thus, I've been > capturing the output to text using various ipa *-find commands and have > parsers to turn those back into new entries on the fresh hosts. DNS is > the only thing that's holding me up.
I almost wonder if you'd be better off massaging an LDIF to achieve this. It could be rather horrible but it may be easier in the long-run and it'd just be one big text file to tweak. You probably will need to exclude some attributes (createdby, nsuniqueid, etc) but off the top of my head I think it might be otherwise straightforward. rob > > > Bret > > > On 02/14/2018 06:33 AM, Bret Wortman wrote: >> >> Also, this doesn't solve the fact that the Web UI always produces an >> error dialog whenever accessing our primary zone. >> >> >> On 02/13/2018 02:19 PM, Natxo Asenjo via FreeIPA-users wrote: >>> >>> >>> On Tue, Feb 13, 2018 at 8:13 PM, Natxo Asenjo <natxo.ase...@gmail.com >>> <mailto:natxo.ase...@gmail.com>> wrote: >>> >>> >>> the canonical way to do this is using ldap paging, with >>> ldapsearch you could try using the -E pr=xxxx parameter, where >>> xxxx could be 1000 for instance. That way you know you are always >>> under the limit imposed by the server. >>> >>> >>> if you use -E pr=1000/noprompt, it will not prompt to continue, nicer >>> for scripts obviously. >>> >>> -- >>> Groeten, >>> natxo >>> >>> >>> _______________________________________________ >>> FreeIPA-users mailing list -- email@example.com >>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> > > > > _______________________________________________ > FreeIPA-users mailing list -- firstname.lastname@example.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > _______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org