<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 09/04/2014 11:24 PM, Andrew Krause
wrote:<br>
</div>
<blockquote
cite="mid:CAJw3_NSYdrx5fQ35jfZpvk7r9G12nK0qD=4cuT_Evk+xb5aDew@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>I realize this question has been brought forth
previously, but I am unable to find a clear answer. I have
a 389-ds environment that is serving as an authentication
back end for a python application. The plan was to use this
as a kind of SSO for other future applications and we have
MANY users/groups/OUs and different policies involved
already. Since it's not really feasible to re-create
everything, and it will not integrate directly with FreeIPA
I would like to be able to import my subtree to the 389-ds
instance within my new FreeIPA install and manage that
subtree separately from all my hosts and POSIX users. <br>
<br>
</div>
The short question, how can I manage to get the admin console
working with the 389-ds that is included in FreeIPA?<br>
<br>
</div>
I'd really like to use FreeIPA for all my host based
authentication, but it becomes a non-option if we have to run
multiple directory clusters. <br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
The best way is to use ipa migrate-ds command to load the users from
the external LDAP server.<br>
You can connect a console to IPA DS instance but we do not recommend
doing modifications via it because IPA creates all sorts of object
classes on the entries on top of usual posix account. You can use
the console to validate on the low level that all data has been
properly migrated.<br>
But again ipa has ipa user-find and user-show commands that allow
you to validation too so console might actually not be needed.<br>
<br>
Please refer to ipa help and online downstream manuals on how to use
migrate-ds command.<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>