[Freeipa-users] export users/groups from one ipa server to another
Les Stott
Less at imagine-sw.com
Fri Jan 17 08:54:07 UTC 2014
Petr, Martin,
thanks for the suggestions, i will try next week.
fyi... it will be the same domain so i'll have a look at "ipa migrate-ds".
Regards,
Les
________________________________________
From: Martin Kosek [mkosek at redhat.com]
Sent: Friday, January 17, 2014 6:46 PM
To: Les Stott; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] export users/groups from one ipa server to another
On 01/17/2014 07:24 AM, Les Stott wrote:
> Hi All,
>
> Looking for the quickest and easiest way to export users from one freeipa server and install on another.
>
> I have an existing freeipa server, 3.0.0 standard rhel6 in a DR environment.
> I am setting up an identical freeipa server in a Production Environment.
>
> The two environments will not be configured to talk to each other. They will both have there own replicas.
>
> I simply want to export the users and groups I created in freeipa in DR, and import them (preserving details and passwords) into the freeipa server in Production.
>
> What is the recommendation? Is there an ipa tool? Or will ldif exports suffice?
>
> Thanks in advance,
>
> Les
I think the best way would be to use the "ipa migrate-ds" command. It should
work both with stand alone Directory Servers and IPA too. You may just need to
play with --userignoreobjectclass amd userignoreattribute to not migrate
Kerberos related attributes and objectclasses if for example your other DS has
a different realm.
Martin
More information about the Freeipa-users
mailing list