[Freeipa-users] Sync & BaseDN change
Hello I hope this finds the right thread because the original thread was replied ot the list and not my email... I need to sync to another ldap directory which has a different SUFFIX than IPA sets up. I successfully imported from our OpenLDAP to IPA but I still need to sync with a separate master ldap server. So the provider server suffix is dc=example,dc=com. This suffix is different than the DNS suffix and there is no kerberos realm to match too for the provider side. IPA server suffix is dc=domain, dc=com. So the two options I see is create a script which connects and compares both ldaps ensuring it can match to different suffixs or some how change the suffix of the originally installed -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Sync & BaseDN change
On 7.7.2016 01:44, Brad Cesarone wrote: > I have two questions > 1) Is it possible to sync/replicate with another ldap server? i.e Oracle > Identity Manager IPA provides one-time import script called ipa-migrate-ds, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/using-migrate-ds.html It does not have any run-time synchronization capabilities. > 2) If #1 is true, is it possible to sync with two different suffixs? No. > 3) Is it possible to either install IPA with a custom ldap Suffix or change > the suffix once it is created? No, the suffix is derived from Kerberos realm and stays the same for lifetime of the IPA installation. What are you trying to achieve? Maybe we can approach it from a different angle. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Sync & BaseDN change
Hello I have two questions 1) Is it possible to sync/replicate with another ldap server? i.e Oracle Identity Manager 2) If #1 is true, is it possible to sync with two different suffixs? 3) Is it possible to either install IPA with a custom ldap Suffix or change the suffix once it is created? Thank you -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
