On 23.9.2013 09:54, Fred van Zwieten wrote:
Suppose we would "bite the bullet" and*move*  IPA to another domain. This
would be a subdomain (IPA.MYCOMP.EDU). I have to install 2 new IPA servers.
No problems there. However, I have to migrate the data. That is a real
problem, I think. For HBAC rules, SUDO rules, etc we can do this manually.
However Users and DNS is quit a lot*and*  we want to migrate the user

For DNS we could use zone transfers
FreeIPA stores all the data in LDAP, it would be better to do this:
1) export whole DNS sub-tree to LDIF (via ldapsearch)
2) change LDAP DNs (add dc=ipa to the DN components)
3) import all the data back (via ldapadd)

SRV & FreeIPA host records will need some manual work, but basically you just need to add '.ipa.' component to all host names and references to them. Don't forget to add/change delegation NS+A records in the parent DNS zone (MYCOMP.EDU).

Let us know if you need any assistance.

But for user passwords?
Guys, could migrate-ds script help?

Is there IPA export import type of functionality (in RHEL64) that can
provide this?

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to