Hi list,

Currently in the midst of doing a migration of FreeIPA from v3.0.0 to
v4.2.0; I have setup the new IPA instances and I am looking at migrate the

Based on the section under 'Migrating from other FreeIPA to FreeIPA' here (
it is suggested to run the following sample command:

echo Secret123 | ipa migrate-ds --bind-dn="cn=Directory Manager"
--group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
--user-ignore-objectclass=mepOriginEntry --with-compat

My questions are:
1) Will this work as my new domain has changed (so realm is different)
2) Will this work for migration from 3.0.0 to 4.2.0?
3) Is this command safe to run from a production box?
4) If it fails or is not safe to run, what is the alternative/process?
(details would be appreciated)

Also on the same link, it mentions that "other objects (SUDO, HBAC, DNS,
...) have to be migrated manually, by exporting the LDIF from old FreeIPA
instance, selecting the records to be migrated, updating the attributes in
batch (e.g. new realm) and adding the cleaned LDIF to new FreeIPA."

I have some idea how to do LDIF import/export but is this process
documented anywhere (on the freeipa.org)?

Thanks, Anthony

Thanks, Anthony
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to