<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 01/22/2013 03:39 PM, Matthew Barr wrote:
<blockquote
cite="mid:BE3AEC0F-C0B4-4DAF-8E2B-F6F57E21FF25@snap-interactive.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
We've got a freeipa system installed, but it's experiencing some
bugs. I suspect some of it came from adding & removing a
replica, as well as upgrading from prior versions.
<div>(we're on centos 6.3 now)</div>
<div><br>
</div>
<div>We're about to do a datacenter rebuild & move, and I'd
like to start from scratch, yet still import the users &
their passwords. I suspect we can just do a clean build in
the new site, and just do a migrate of the users via the ldap
method.</div>
</blockquote>
<br>
Which exactly LDAP method?<br>
ldif dump and load? This would not work well unless you also manage
to move certs and kerberos master key over which is really hard.<br>
<br>
<br>
<blockquote
cite="mid:BE3AEC0F-C0B4-4DAF-8E2B-F6F57E21FF25@snap-interactive.com"
type="cite">
<div><br>
</div>
<div>Thoughts? I don't anticipate moving any hardware that's
enrolled from site to site, so certs & the like shouldn't be
a factor.<br>
<div apple-content-edited="true">
<span class="Apple-style-span" style="border-collapse:
separate; color: rgb(0, 0, 0); font-family: Helvetica;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: 2; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
font-size: medium;">
<div><br class="Apple-interchange-newline">
</div>
</span></div>
</div>
</blockquote>
If you are instead of dump and load will install a new IPA server it
will not have any old data and will have new certs and kerberos
keys.<br>
You would have to re-enroll all your clients once again. Users would
have to deal with the password change after you read in users using
ipa migrate-ds.<br>
Other information also would have be precreated using ipa commands
but this can be scripted by taking an LDIF and creating a series of
ipa commands to add data into the new instance.<br>
<br>
<blockquote
cite="mid:BE3AEC0F-C0B4-4DAF-8E2B-F6F57E21FF25@snap-interactive.com"
type="cite">
<div>
<div apple-content-edited="true"><span class="Apple-style-span"
style="border-collapse: separate; color: rgb(0, 0, 0);
font-family: Helvetica; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-align: -webkit-auto;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px;
-webkit-border-horizontal-spacing: 0px;
-webkit-border-vertical-spacing: 0px;
-webkit-text-decorations-in-effect: none;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; font-size: medium; ">
<div><br>
</div>
<div>Matthew Barr</div>
<div>Technical Architect</div>
<div>E: <a moz-do-not-send="true"
href="mailto:mbarr@snap-interactive.com">mbarr@snap-interactive.com</a></div>
<div>AIM: matthewbarr1</div>
<div>c: (646) 727-0535</div>
</span>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>