On 01/22/2014 06:57 PM, Petr Viktorin wrote: > On 01/22/2014 06:26 PM, Dimitar Georgievski wrote: >> Would you use ldapmodify -f file-name-with-exported-data to import the >> data back to a new copy of FreeIPA? > > No, that generally won't work. There's more to IPA than the data in LDAP. > Instead of copying data you should install the new server as a replica of the > old one.
That would give you FreeIPA with the same domain, realm or certificate subject name. If you want to start with different settings, I would recommend: 1) Installing new IPA server 2) Using "ipa migrate-ds" command to migrate users and groups 3) Use the ldapsearch&ldapmodify to migrate DNS (you may need to change the DN in the LDIF file to use correct SUFFIX if the realm changed) 4) For all hosts - unenroll and enroll again against the new IPA. This is needed to regenerate the new certificates or host keytab HTH, Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users