On 07/09/2015 01:25 PM, Joseph, Matthew (EXP) wrote:

We are currently in the process of replacing our IdM 3.x server with 4.x.

There are going to be some major directory changes during the upgrade so I need
to keep both the old and new IdM servers up and running separately.

This dangerous. I am not sure what platform do you use, but if you are using RHEL or CentOS, the general migration procedure to IdM 4.x (i.e. RHEL-7.0+) is to simply create RHEL-7 replicas for your RHEL-6 servers and deprecate the old ones.

In case you do some split brain migration, where old and new IdM live separately, you may hit problems.

More info here:

Part of our configuration is using the password sync between IdM and Active

I can’t find any information on this so I figured I’d ask you guys to see if
anyone has done this before.

Can I have two CA certificates from 2 IdM servers installed on the Active
Directory server? And will this cause any issues with our password sync?



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to