Rob Crittenden wrote:
> Michael Kang wrote:
>> Dear all,
>> I got a LDIF file which is exported from Fedora 389 Directory Server.
>> I want to import those user info into FreeIPA. What should I do? I
>> just need the group,username and passwd information which is exported
>> from another Fedora 389 Directory Server.
> You won't be able to import it without some changes. You'll need to
> match the IPA DIT ( to begin
> with. You'll probably want to update the objectclasses in each user
> entry as well to include: top, organizationalperson, inetorgperson,
> inetuser, posixaccount and krbprincipalaux.
> You'll need to set krbprincipalname to u...@realm in each user entry.
> The existing userPassword entry can be imported but you won't have
> usable kerberos credentials (it will probably generate keys but it
> will use the pre-hashed password so the keys will be unusable).
> As you can see, directly importing the LDIF would be quite a bit of work.
>> As far as I considered, I need to write a shell script to read user
>> name from LDIF file and use */ipa-useradd/* command to archive my goal.
> This is probably a better way, you'll just need to set a password on
> each user. The first time the user logs in they will need to reset the
> password (so only they know it)

If you can create a script that invokes IPA CLI like ipa-adduser would
be the best.
In this case you do not need to worry about any schema differences.

>> FreeIPA also use 389 ds. Can I use */389-console/* java platform to
>> manage FreeIPA?
> This is not recommended. Someone figured out how to do this at one
> point and posted instructions to either freeipa-devel or
> freeipa-users, I can't recall at this point.
> It isn't recommended because you can easily create users outside of
> the IPA DIT, create non-posix users, etc. It will probably end up
> causing more problems in the long-run. We recommend using the IPA tools.
> rob
> ------------------------------------------------------------------------
> _______________________________________________
> Freeipa-users mailing list

Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to