[Freeipa-users] Export data
Martin Kosek
mkosek at redhat.com
Thu Jan 23 06:32:07 UTC 2014
On 01/22/2014 06:57 PM, Petr Viktorin wrote:
> On 01/22/2014 06:26 PM, Dimitar Georgievski wrote:
>> Would you use ldapmodify -f file-name-with-exported-data to import the
>> data back to a new copy of FreeIPA?
>
> No, that generally won't work. There's more to IPA than the data in LDAP.
> Instead of copying data you should install the new server as a replica of the
> old one.
That would give you FreeIPA with the same domain, realm or certificate subject
name.
If you want to start with different settings, I would recommend:
1) Installing new IPA server
2) Using "ipa migrate-ds" command to migrate users and groups
3) Use the ldapsearch&ldapmodify to migrate DNS (you may need to change the DN
in the LDIF file to use correct SUFFIX if the realm changed)
4) For all hosts - unenroll and enroll again against the new IPA. This is
needed to regenerate the new certificates or host keytab
HTH,
Martin
More information about the Freeipa-users
mailing list