Bret Wortman via FreeIPA-users wrote:
> I did figure out that I can use
> 
> # ldapsearch -D 'directory manager' -W -E pr=20000 -b
> idnsname=damascusgrp.com,cn=dns,dc=damascusgrp,dc=com
> 
> to list out all the entries, but the format isn't what I'm expecting.
> 
> What I'm actually trying to do is move our whole infrastructure from one
> set of old & busted servers to some shiny new VMs. We'd like to extract
> the data and start fresh, as our replication agreements just don't seem
> to be working as expected. Changes to one don't always make it to the
> other and vice versa. While I'd love to dig in and solve that, it's
> easier right now to try to extract the data and reload it into a new
> server, build new replicas, then unbind & re-bind every client to the
> new server using ansible since we also lost our internal CA in the process.
> 
> So while our current configuration is a mess, we can't afford to lose
> all the host/user/dns/hbac data in our servers. Thus, I've been
> capturing the output to text using various ipa *-find commands and have
> parsers to turn those back into new entries on the fresh hosts. DNS is
> the only thing that's holding me up.

I almost wonder if you'd be better off massaging an LDIF to achieve
this. It could be rather horrible but it may be easier in the long-run
and it'd just be one big text file to tweak.

You probably will need to exclude some attributes (createdby,
nsuniqueid, etc) but off the top of my head I think it might be
otherwise straightforward.

rob

> 
> 
> Bret
> 
> 
> On 02/14/2018 06:33 AM, Bret Wortman wrote:
>>
>> Also, this doesn't solve the fact that the Web UI always produces an
>> error dialog whenever accessing our primary zone.
>>
>>
>> On 02/13/2018 02:19 PM, Natxo Asenjo via FreeIPA-users wrote:
>>>
>>>
>>> On Tue, Feb 13, 2018 at 8:13 PM, Natxo Asenjo <natxo.ase...@gmail.com
>>> <mailto:natxo.ase...@gmail.com>> wrote:
>>>
>>>
>>>     the canonical way to do this is using ldap paging, with
>>>     ldapsearch  you could try using the -E pr=xxxx parameter, where
>>>     xxxx could be 1000 for instance. That way you know you are always
>>>     under the limit imposed by the server.
>>>
>>>
>>> if you use -E pr=1000/noprompt, it will not prompt to continue, nicer
>>> for scripts obviously.
>>>
>>> --
>>> Groeten,
>>> natxo
>>>
>>>
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>>
> 
> 
> 
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to