[Freeipa-users] migration of netgroups into IPA ??

[David Copperfield]

Hi folks,

 We have quite a bunch of netgroups which are hosted on openldap server presently, and now it is time to migrate them into freeIPA. The NIS triples are in the format:

 (-, username, - ) 

or 

 (hostname001, - , - )

And these openldap netgroups are used for variable purposes, host listing for ssh/gssh, access control, sudoers, etc.

So after user accounts and groups are migrated, netgroups needs to be migrated too for openldap/IPA migration/cutover. There is no Redhat documents on this part though. Has any one tried netgroup migration before?  Or we have to input by hand into IPA (host, hostgroup, user-group) and replace netgroup with hostgroup(which will create respective netgroups in the background), and replace NIS user groups and real posix user groups?

Please advice. Thanks a lot.

--David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120430/1c7f5838/attachment.htm>