I guess what I was looking for was something really easy -- like a
pushbutton in the UI. I've got 20+ zones, so even doing this means
scripting to keep from missing something.
On Wed, Sep 4, 2013 at 9:26 AM, Petr Spacek <pspa...@redhat.com> wrote:
> On 4.9.2013 15:04, Bret Wortman wrote:
>> What's the right venue for making a suggestion? In particular, I'd like to
>> toss out there that it would be really nice to be able to export, at a
>> minimum, DNS and user data from IPA in the form of a zone file and a
>> passwd/shadow file pair.
>> I realize there might be security implications to the latter, and masking
>> out passwords might be advisiable. And there's no easy way, necessarily,
>> get out sudo information. But having DNS and user details would at least
>> permit a sysadmin having major issues (like I have been for the past two
>> weeks) to get up and running in some form, using puppet or some other tool
>> to distribute flat files with named running against a static zone file, or
>> even to migrate off IPA if absolutely necessary.
> for DNS you can use normal zone transfer. Just configure IPA zone to allow
> zone transfer to an IP address (localhost means 'localy to IPA server') and
> use standard DNS tools, e.g. dig:
> $ ipa dnszone-mod example.com --allow-transfer='localhost;'
> $ dig +onesoa -t AXFR example.com > /root/example.com.db
> That is all you need for DNS, you have the standard zone file.
> I believe that you can use SSSD (with enumeration enabled) to run "getent
> passwd > /root/passwd.bck". I have no idea how it works with shadow
> map/password. Try to ask
> Petr^2 Spacek
> Freeipa-users mailing list
Freeipa-users mailing list