[Freeipa-users] Export data

Petr Viktorin pviktori at redhat.com
Wed Jan 22 17:57:11 UTC 2014 

On 01/22/2014 06:26 PM, Dimitar Georgievski wrote:
> Would you use ldapmodify -f file-name-with-exported-data to import the
> data back to a new copy of FreeIPA?

No, that generally won't work. There's more to IPA than the data in LDAP.
Instead of copying data you should install the new server as a replica 
of the old one.

>
> Thanks
>
> Dimitar
>
>
> On Wed, Jan 22, 2014 at 8:52 AM, Petr Spacek <pspacek at redhat.com
> <mailto:pspacek at redhat.com>> wrote:
>
>     On 22.1.2014 14:40, Rob Crittenden wrote:
>
>         Martin Kosek wrote:
>
>             On 01/22/2014 01:48 PM, Choudhury, Suhail wrote:
>
>                 Hi guys,
>
>                 I trying to get a dump of all users, hosts and DNS
>                 entries from IPA so
>                 we can run scripts/Puppet against them.
>
>                 Tried searching for it but cannot find anything, so was
>                 hoping someone
>                 can give some hints on how best to do this please.
>
>
>             You can either export them via ldapsearch:
>
>             $ kinit admin
>             $ ldapsearch -h `hostname` -Y GSSAPI -b
>             'cn=users,cn=accounts,dc=__example,dc=com'
>
>
>             ... or for write a Python script to do what you want. Very
>             simple example:
>
>             $ kinit admin
>             $ python
>
>                         from ipalib import api
>                         api.bootstrap()
>                         api.finalize()
>                         api.Backend.xmlclient.connect(__)
>                         users = api.Command.user_find()
>                         for user in users['result']:...     print
>                         "%s:%s:%s" % (user['uid'][0],
>
>             user['uidnumber'][0], user['gidnumber'][0])
>             ...
>             admin:1913600000:1913600000
>             tuser:1913600001:1913600001
>
>
>         Be aware that there are some search limits too, both in size and
>         time. Some of
>         this is configurable from the client side, some on the server.
>
>
>     You can use standard zone transfer for DNS:
>
>     See
>     https://www.redhat.com/__archives/freeipa-users/2013-__September/msg00022.html
>     <https://www.redhat.com/archives/freeipa-users/2013-September/msg00022.html>
>     https://www.redhat.com/__archives/freeipa-users/2013-__September/msg00047.html
>     <https://www.redhat.com/archives/freeipa-users/2013-September/msg00047.html>
>


-- 
Petr³

More information about the Freeipa-users mailing list