On 4.9.2013 15:04, Bret Wortman wrote:
What's the right venue for making a suggestion? In particular, I'd like to
toss out there that it would be really nice to be able to export, at a
minimum, DNS and user data from IPA in the form of a zone file and a
passwd/shadow file pair.

I realize there might be security implications to the latter, and masking
out passwords might be advisiable. And there's no easy way, necessarily, to
get out sudo information. But having DNS and user details would at least
permit a sysadmin having major issues (like I have been for the past two
weeks) to get up and running in some form, using puppet or some other tool
to distribute flat files with named running against a static zone file, or
even to migrate off IPA if absolutely necessary.


for DNS you can use normal zone transfer. Just configure IPA zone to allow zone transfer to an IP address (localhost means 'localy to IPA server') and use standard DNS tools, e.g. dig:

$ ipa dnszone-mod example.com --allow-transfer='localhost;'
$ dig +onesoa -t AXFR example.com > /root/example.com.db

That is all you need for DNS, you have the standard zone file.

I believe that you can use SSSD (with enumeration enabled) to run "getent passwd > /root/passwd.bck". I have no idea how it works with shadow map/password. Try to ask sssd-us...@lists.fedorahosted.org.

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to