I guess what I was looking for was something really easy -- like a pushbutton in the UI. I've got 20+ zones, so even doing this means scripting to keep from missing something.
* * *Bret Wortman* http://damascusgrp.com/ http://about.me/wortmanbret On Wed, Sep 4, 2013 at 9:26 AM, Petr Spacek <pspa...@redhat.com> wrote: > On 4.9.2013 15:04, Bret Wortman wrote: > >> What's the right venue for making a suggestion? In particular, I'd like to >> toss out there that it would be really nice to be able to export, at a >> minimum, DNS and user data from IPA in the form of a zone file and a >> passwd/shadow file pair. >> >> I realize there might be security implications to the latter, and masking >> out passwords might be advisiable. And there's no easy way, necessarily, >> to >> get out sudo information. But having DNS and user details would at least >> permit a sysadmin having major issues (like I have been for the past two >> weeks) to get up and running in some form, using puppet or some other tool >> to distribute flat files with named running against a static zone file, or >> even to migrate off IPA if absolutely necessary. >> > > Hello, > > for DNS you can use normal zone transfer. Just configure IPA zone to allow > zone transfer to an IP address (localhost means 'localy to IPA server') and > use standard DNS tools, e.g. dig: > > $ ipa dnszone-mod example.com --allow-transfer='localhost;' > $ dig +onesoa -t AXFR example.com > /root/example.com.db > > That is all you need for DNS, you have the standard zone file. > > > I believe that you can use SSSD (with enumeration enabled) to run "getent > passwd > /root/passwd.bck". I have no idea how it works with shadow > map/password. Try to ask > sssd-users@lists.fedorahosted.**org<sssd-us...@lists.fedorahosted.org> > . > > -- > Petr^2 Spacek > > ______________________________**_________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users> >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
