On 13.1.2014 15:50, Alexander Bokovoy wrote:
On Mon, 13 Jan 2014, tizo wrote:
Hi there,

We have a working authentication system for GNU/Linux consisting in a Mit
Kerberos Server, and an OpenLDAP directory with a particular structure. I
was wondering if we could use Freeipa to administer those working
components as they are, without having to deploy a new Freeipa server from
In short, no, it is not possible.

I would like to elaborate this a bit more:
You really can't use FreeIPA WebUI with home-grown LDAP+Kerberos system, but FreeIPA provides migrate-ds scripts which ease the transition from OpenLDAP.

Please see

You need to migrate OpenLDAP data to one FreeIPA server and then you can simply create FreeIPA server replicas as need.

In other words, the migrate-ds script is run only once even if you have multiple servers with replicated data.

There are some limited capabilities for migration with user passwords, but I will let other people to elaborate - this is not area of my expertise.

Let us know if you need any assistance during migration.

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to