On 13.1.2014 15:50, Alexander Bokovoy wrote:
On Mon, 13 Jan 2014, tizo wrote:
Hi there,

We have a working authentication system for GNU/Linux consisting in a Mit
Kerberos Server, and an OpenLDAP directory with a particular structure. I
was wondering if we could use Freeipa to administer those working
components as they are, without having to deploy a new Freeipa server from
scratch.
In short, no, it is not possible.

I would like to elaborate this a bit more:
You really can't use FreeIPA WebUI with home-grown LDAP+Kerberos system, but FreeIPA provides migrate-ds scripts which ease the transition from OpenLDAP.

Please see
http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html

You need to migrate OpenLDAP data to one FreeIPA server and then you can simply create FreeIPA server replicas as need.

In other words, the migrate-ds script is run only once even if you have multiple servers with replicated data.

There are some limited capabilities for migration with user passwords, but I will let other people to elaborate - this is not area of my expertise.

Let us know if you need any assistance during migration.

--
Petr^2 Spacek

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to