On 04/30/2012 05:06 PM, David Copperfield wrote:
Hi folks,
We have quite a bunch of netgroups which are hosted on openldap
server presently, and now it is time to migrate them into freeIPA. The
NIS triples are in the format:
(-, username, - )
or
(hostname001, - , - )
And these openldap netgroups are used for variable purposes, host
listing for ssh/gssh, access control, sudoers, etc.
So after user accounts and groups are migrated, netgroups needs to be
migrated too for openldap/IPA migration/cutover. There is no Redhat
documents on this part though. Has any one tried netgroup migration
before? Or we have to input by hand into IPA (host, hostgroup,
user-group) and replace netgroup with hostgroup(which will create
respective netgroups in the background), and replace NIS user groups
and real posix user groups?
Please advice. Thanks a lot.
--David
We do not provide migration script for netgroups however it is very
simple to create a script that would recreate netgroups using IPA
command line.
The reason why we do not do netgroup migration automatically is because
it is a good time to reconsider now netgroups are used in your environment.
For example if you use netgroups to group hosts we recommend you
creating a host group for those hosts. Each host group by default has an
automatically created netgroup with the same name. This can be turned
off but out of box every host group creates a netgroup.
If you use netgroups for users consider switching to user groups rather
than using netgroups for users. Using user groups is more flexible and
preferred method.
Also see chapter 7. It has examples of the scripts that can help you to
migrate netgroups.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
