On 01/22/2014 06:57 PM, Petr Viktorin wrote:
> On 01/22/2014 06:26 PM, Dimitar Georgievski wrote:
>> Would you use ldapmodify -f file-name-with-exported-data to import the
>> data back to a new copy of FreeIPA?
> No, that generally won't work. There's more to IPA than the data in LDAP.
> Instead of copying data you should install the new server as a replica of the
> old one.

That would give you FreeIPA with the same domain, realm or certificate subject

If you want to start with different settings, I would recommend:

1) Installing new IPA server
2) Using "ipa migrate-ds" command to migrate users and groups
3) Use the ldapsearch&ldapmodify to migrate DNS (you may need to change the DN
in the LDIF file to use correct SUFFIX if the realm changed)
4) For all hosts - unenroll and enroll again against the new IPA. This is
needed to regenerate the new certificates or host keytab


