In my case DNS is not an issue, FreeIPA is integrated with existing DNS servers.
The above procedure would work for migrating the user's data to a new IPA server that has a new host name. What if I would like to restore the original IPA server ? Could I repeat the above steps with the exception of #4, in which I would restore backed-up certificates and keytab files. This should avoid the need to regenerate them, no? In short how would you perform a full back-up and restore of the Primary IPA server? I understand this is not a trivial task for the IPA server and from what I've learned it is probably not fully supported in the current ver 3.x Thanks, Dimitar On Thu, Jan 23, 2014 at 1:32 AM, Martin Kosek <mko...@redhat.com> wrote: > On 01/22/2014 06:57 PM, Petr Viktorin wrote: > > On 01/22/2014 06:26 PM, Dimitar Georgievski wrote: > >> Would you use ldapmodify -f file-name-with-exported-data to import the > >> data back to a new copy of FreeIPA? > > > > No, that generally won't work. There's more to IPA than the data in LDAP. > > Instead of copying data you should install the new server as a replica > of the > > old one. > > That would give you FreeIPA with the same domain, realm or certificate > subject > name. > > If you want to start with different settings, I would recommend: > > 1) Installing new IPA server > 2) Using "ipa migrate-ds" command to migrate users and groups > 3) Use the ldapsearch&ldapmodify to migrate DNS (you may need to change > the DN > in the LDIF file to use correct SUFFIX if the realm changed) > 4) For all hosts - unenroll and enroll again against the new IPA. This is > needed to regenerate the new certificates or host keytab > > HTH, > Martin >
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users