Yes, though it might be a bit more data than you're expecting.

Here's what we did to get the details out of a server (and import them into another). I'm sure there's a more elegant solution, but this worked for us. Also note that we didn't use all the data this export script generated, but felt it was better to have it than to not.

EXPORT:

#!/bin/sh
#
# Generate latest ipa config files for possible re-import later.
#
# (C) 2014, The Damascus Group
#

CONFIGDIR=/opt/ipa_config

[ ! -d $CONFIGDIR ] && mkdir $CONFIGDIR
pushd $CONFIGDIR

ipa dnszone-find --all > dnszone.txt
grep 'Zone name' dnszone.txt | awk '{print $3}' | sed 's/\r//' > zones.txt
for line in $(cat zones.txt); do
    fn=$(echo $line | sed 's/\.in-addr\.arpa\.//')
    echo "For zone $line -> dnsrecord-$fn.txt"
ipa dnsrecord-find $line --sizelimit=99999 --all --structured > dnsrecord-${fn}.txt
done
ipa user-find --all > users.txt
ipa host-find --sizelimit=99999 --all > hosts.txt
ipa policy-find --all > policy.txt
ipa sudorule-find --all > sudorule.txt
ipa sudocmdgroup-find --all > sudocmdgroup.txt
ipa sudocmd-find --all > sudocmd.txt
ipa role-find --all > roles.txt
ipa pwpolicy-find --all > pwpolicy.txt
ipa privilege-find --all > privilege.txt
ipa permission-find --all > permission.txt
ipa netgroup-find --all > netgroup.txt
ipa usergroup-find --all > usergroup.txt
ipa idrange-find --all > idrange.txt
ipa hostgroup-find --all > hostgroup.txt
ipahbacrule-find --all > hbacrule.txt
ipa hbacsvc-find --all > hbacsvc.txt
ipa group-find --all > group.txt
ipa cert-find --all > cert.txt
ipa automember-find --type=group --all > automember-group.txt
ipa automember-find --type=hostgroup --all > automember-hostgroup.txt
popd
------cut-------

Then, for example, you can import these into a new IPA server using something like these:

#!/bin/bash
#
#  parse_hosts
#
# (C) 2014, The Damascus Group
#

FN=$1
OTP=MyOnetimePassword

RE_HOSTNAME="Host name:\s+(.*)$"

name=""

while read line; do
    if [[ $line =~ "$name" ]]; then
        if [[ -n "$name" ]]; then
            echo "Adding $name"
            ipa host-add $name --password $OTP --force
        fi
        name=${BASH_REMATCH[1]}
    fi
done < $FN
echo "Adding $name"
ipa host-add $name --password $OTP --force
-------cut----------

And this for users:

#!/bin/bash
#
# parse_users
#
# (C) 2014, The Damascus Group

FN=$1

RE_DN="dn:\s+(.*)$"
RE_LOGIN="User login:\s+(.*)$"
RE_LAST="Last name:\s+(.*)$"
RE_FIRST="First name:\s+(.*)$"
RE_CN="Full name:\s+(.*)$"
RE_DISPLAYNAME="Display name:\s+(.*)$"
RE_INITIALS="Initials:\s+(.*)$"
RE_SHELL="Login shell:\s+(.*)$"
RE_HOMEDIR="Home directory:\s+(.*)$"
RE_PRINCIPAL="Kerberos principal:\s+(.*)$"
RE_EMAIL="Email address:\s+(.*)$"
RE_SSHPUBKEY="SSH public key:\s+(.*)$"
RE_UID="UID:\s+(.*)$"
RE_GID="GID:\s+(.*)$"

login=""
last=""
first=""
cn=""
displayname=""
initials=""
shell=""
homedir=""
prinicpal=""
email=""
sshpubkey=""
uid=""
gid=""

while read line; do
    if [[ $line =~ $RE_DN ]]; then
        ipa user-add $login \
            --last=$last \
            --first=$first \
            --cn="$cn" \
            --displayname="$displayname" \
            --initials=$initials \
            --shell=$shell \
            --homedir=$homedir \
            --principal=$principal \
            --email=$email \
            --sshpubkey="$sshpubkey" \
            --uid=$uid \
            --gid=$gid
        login=""
        last=""
        first=""
        cn=""
        displayname=""
        initials=""
        shell=""
        homedir=""
        prinicpal=""
        email=""
        sshpubkey=""
        uid=""
        gid=""
    fi
    if [[ $line =~  $RE_LOGIN ]]; then
        login=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_LAST ]]; then
        last=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_FIRST ]]; then
        first=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_CN ]]; then
        cn=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_DISPLAYNAME ]]; then
        displayname=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_INITIALS ]]; then
        initials=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_SHELL ]]; then
        shell=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_HOMEDIR ]]; then
        homedir=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_PRINCIPAL ]]; then
        principal=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_EMAIL ]]; then
        email=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_SSHPUBKEY ]]; then
        sshpubkey1=${BASH_REMATCH[1]}
        read sshpubkey2
        read sshpubkey3
        sshpubkey="$sshpubkey1 $sshpubkey2 $sshpubkey3"
    fi
    if [[ $line =~  $RE_UID ]]; then
        uid=${BASH_REMATCH[1]}
    fi
    if [[ $line =~  $RE_GID ]]; then
        gid=${BASH_REMATCH[1]}
    fi
done < $FN
ipa user-add $login \
    --last=$last \
    --first=$first \
    --cn="$cn" \
    --displayname="$displayname" \
    --initials=$initials \
    --shell=$shell \
    --homedir=$homedir \
    --principal=$principal \
    --email=$email \
    --sshpubkey="$sshpubkey" \
    --uid=$uid \
    --gid=$gid
---------cut----------

If there's any interest, I can toss these scripts plus a handful of other parsers for things like DNS, hbac and sudo into a github project. Unless someone points out a compelling reason to not do things this way.


Bret

On 05/23/2014 12:42 AM, Sanju A wrote:
Dear All,

Is there any command to export the user and host list to a csv or text format


Regards
Sanju Abraham
___________

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to