On 01/13/2014 10:24 AM, Petr Spacek wrote: > On 13.1.2014 15:50, Alexander Bokovoy wrote: >> On Mon, 13 Jan 2014, tizo wrote: >>> Hi there, >>> >>> We have a working authentication system for GNU/Linux consisting in >>> a Mit >>> Kerberos Server, and an OpenLDAP directory with a particular >>> structure. I >>> was wondering if we could use Freeipa to administer those working >>> components as they are, without having to deploy a new Freeipa >>> server from >>> scratch. >> In short, no, it is not possible. > > I would like to elaborate this a bit more: > You really can't use FreeIPA WebUI with home-grown LDAP+Kerberos > system, but FreeIPA provides migrate-ds scripts which ease the > transition from OpenLDAP. > > Please see > http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html > > > You need to migrate OpenLDAP data to one FreeIPA server and then you > can simply create FreeIPA server replicas as need. > > In other words, the migrate-ds script is run only once even if you > have multiple servers with replicated data. > > There are some limited capabilities for migration with user passwords, > but I will let other people to elaborate - this is not area of my > expertise.
See the documentation about password migration. There are couple options. > > Let us know if you need any assistance during migration. > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
