On 01/13/2014 10:24 AM, Petr Spacek wrote:
> On 13.1.2014 15:50, Alexander Bokovoy wrote:
>> On Mon, 13 Jan 2014, tizo wrote:
>>> Hi there,
>>> We have a working authentication system for GNU/Linux consisting in
>>> a Mit
>>> Kerberos Server, and an OpenLDAP directory with a particular
>>> structure. I
>>> was wondering if we could use Freeipa to administer those working
>>> components as they are, without having to deploy a new Freeipa
>>> server from
>>> scratch.
>> In short, no, it is not possible.
> I would like to elaborate this a bit more:
> You really can't use FreeIPA WebUI with home-grown LDAP+Kerberos
> system, but FreeIPA provides migrate-ds scripts which ease the
> transition from OpenLDAP.
> Please see
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html
> You need to migrate OpenLDAP data to one FreeIPA server and then you
> can simply create FreeIPA server replicas as need.
> In other words, the migrate-ds script is run only once even if you
> have multiple servers with replicated data.
> There are some limited capabilities for migration with user passwords,
> but I will let other people to elaborate - this is not area of my
> expertise.

See the documentation about password migration. There are couple options.

> Let us know if you need any assistance during migration.

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to