[Freeipa-users] migrating 3.0 -> 4.1: passwords not migrated?
Christopher Lamb
christopher.lamb at ch.ibm.com
Wed Jun 10 13:32:46 UTC 2015
Hi Tamas
I think the general advice is to replicate rather than to migrate. I am
sure Martin K will jump in on this.
However some weeks ago, when doing a very similar move to yours, we chose
to migrate (we were misled by some very old FreeIPA docus that have since
been archived).
In our case passwords were successfully migrated, so the users were able to
use the same user / password combo as before.
I will see if I can dig out the migrate command we used at the time.
Chris
From: Tamas Papp <tompos at martos.bme.hu>
To: freeipa-users at redhat.com
Date: 10.06.2015 15:19
Subject: [Freeipa-users] migrating 3.0 -> 4.1: passwords not migrated?
Sent by: freeipa-users-bounces at redhat.com
hi,
Currently there are CentOS 6.5 servers and IPA 3.0.
The goal is migrating users to CentOS 7.1 and IPA 4.1.
This is the command I use:
$ ipa migrate-ds ldap://ipa11
--user-container=cn=users,cn=accounts,dc=foo
--group-container=cn=groups,cn=accounts,dc=foo --base-dn=dc=foo
--with-compat < ~/.pw.manager
Users are migrated successfully but password must be reset, otherwise
they cannot logon. Any idea, what's going on?
I also have a bonus question.
How can I migrate the cn=sysaccounts,cn=etc,dc=cxn tree? Do I need to
export/import it as ldif and that's all?
Thanks,
tamas
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list