On 13.1.2014 15:50, Alexander Bokovoy wrote:
On Mon, 13 Jan 2014, tizo wrote:
Hi there,
We have a working authentication system for GNU/Linux consisting in a Mit
Kerberos Server, and an OpenLDAP directory with a particular structure. I
was wondering if we could use Freeipa to administer those working
components as they are, without having to deploy a new Freeipa server from
scratch.
In short, no, it is not possible.
I would like to elaborate this a bit more:
You really can't use FreeIPA WebUI with home-grown LDAP+Kerberos system, but
FreeIPA provides migrate-ds scripts which ease the transition from OpenLDAP.
Please see
http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html
You need to migrate OpenLDAP data to one FreeIPA server and then you can
simply create FreeIPA server replicas as need.
In other words, the migrate-ds script is run only once even if you have
multiple servers with replicated data.
There are some limited capabilities for migration with user passwords, but I
will let other people to elaborate - this is not area of my expertise.
Let us know if you need any assistance during migration.
--
Petr^2 Spacek
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
