[Freeipa-users] LDAP to Free IPA Migration SSSD migration : example configuration of sssd.conf file?
Jakub Hrozek
jhrozek at redhat.com
Thu Jul 23 07:54:53 UTC 2015
On Wed, Jul 22, 2015 at 06:45:17PM -0600, Matt Koch wrote:
> Hello,
> I’m looking for an example sssd.conf migrationconfiguration that will allow for the user to seamlessly authenticate to LDAP or freeIPA prior to installation of the freeipa client.
>
> This would be during migration to generate kerberos hashes for each
> user while still providing legacy LDAP support until migration can be
> completed. Hopefully with minimal changes to our existing sssd.conf file.
The configuration should be relatively straightforward, just use ldap
for both id and auth provider and set the search base to
cn=accounts,$DN, use your IPA server as LDAP URI and don't forget to set
ldap_tls_cacert = /etc/ipa/ca.crt.
But the bigger question is why? In order to set this hybrid mode, you
need to migrate your LDAP server data to your IPA server, isn't it
better to also enroll the client as an IPA client and let the user
migrate on first login?
More information about the Freeipa-users
mailing list