Martin Kosek wrote:
On 01/17/2014 07:24 AM, Les Stott wrote:
Hi All,
Looking for the quickest and easiest way to export users from one freeipa
server and install on another.
I have an existing freeipa server, 3.0.0 standard rhel6 in a DR environment.
I am setting up an identical freeipa server in a Production Environment.
The two environments will not be configured to talk to each other. They will
both have there own replicas.
I simply want to export the users and groups I created in freeipa in DR, and
import them (preserving details and passwords) into the freeipa server in
Production.
What is the recommendation? Is there an ipa tool? Or will ldif exports suffice?
Thanks in advance,
Les
I think the best way would be to use the "ipa migrate-ds" command. It should
work both with stand alone Directory Servers and IPA too. You may just need to
play with --userignoreobjectclass amd userignoreattribute to not migrate
Kerberos related attributes and objectclasses if for example your other DS has
a different realm.
Kerberos attributes are already excluded by default.
You'll need to enable password migration mode on the production IPA
server, ipa config-mod --enable-migration=true
The first time your migrated production users authenticate with their
password their Kerberos credentials will be generated.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
