On 01/22/2013 03:39 PM, Matthew Barr wrote:
> We've got a freeipa system installed, but it's experiencing some bugs.
>  I suspect some of it came from adding & removing a replica, as well
> as upgrading from prior versions.
> (we're on centos 6.3 now)
>
> We're about to do a datacenter rebuild & move, and I'd like to start
> from scratch, yet still import the users & their passwords.    I
> suspect we can just do a clean build in the new site, and just do a
> migrate of the users via the ldap method.

Which exactly LDAP method?
ldif dump and load? This would not work well unless you also manage to
move certs and kerberos master key over which is really hard.


>
> Thoughts?  I don't anticipate moving any hardware that's enrolled from
> site to site, so certs & the like shouldn't be a factor.
>
If you are instead of dump and load will install a new IPA server it
will not have any old data and will have new certs and kerberos keys.
You would have to re-enroll all your clients once again. Users would
have to deal with the password change after you read in users using ipa
migrate-ds.
Other information also would have be precreated using ipa commands but
this can be scripted by taking an LDIF and creating a series of ipa
commands to add data into the new instance.

>
> Matthew Barr
> Technical Architect
> E: mb...@snap-interactive.com <mailto:mb...@snap-interactive.com>
> AIM: matthewbarr1
> c:  (646) 727-0535
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to