On 23.9.2013 09:54, Fred van Zwieten wrote:
Suppose we would "bite the bullet" and*move* IPA to another domain. This
would be a subdomain (IPA.MYCOMP.EDU). I have to install 2 new IPA servers.
No problems there. However, I have to migrate the data. That is a real
problem, I think. For HBAC rules, SUDO rules, etc we can do this manually.
However Users and DNS is quit a lot*and* we want to migrate the user
For DNS we could use zone transfers
FreeIPA stores all the data in LDAP, it would be better to do this:
1) export whole DNS sub-tree to LDIF (via ldapsearch)
2) change LDAP DNs (add dc=ipa to the DN components)
3) import all the data back (via ldapadd)
SRV & FreeIPA host records will need some manual work, but basically you just
need to add '.ipa.' component to all host names and references to them. Don't
forget to add/change delegation NS+A records in the parent DNS zone (MYCOMP.EDU).
Let us know if you need any assistance.
But for user passwords?
Guys, could migrate-ds script help?
Is there IPA export import type of functionality (in RHEL64) that can
Freeipa-users mailing list