[Freeipa-users] How to restore data to a fresh IPA reinstall from a CA-less replica
Martin Kosek
mkosek at redhat.com
Tue May 26 06:42:25 UTC 2015
On 05/25/2015 05:46 PM, Sina Owolabi wrote:
> Hi!
>
> Please how do I restore data to a freshly reinstalled IPA server from
> an existing CA-less replica that has had replication agreements
> removed?
By restore, you mean actually migrate? We have a pending RFE for this:
https://fedorahosted.org/freeipa/ticket/3656
Migration of users/groups can be done via migrate-ds command. Migration of
SUDO/HBAC/automount/... can be done by LDIF export and import (with some
changes realms, etc.). But we have no automated way how to migrate Kerberos
keys or certificates as the underlying keys are different.
> Both servers are running rhel 6.6 with ipa-server versions 3.0.0
> ( For some reason the IPA servers do not upgrade beyond this version).
If you want a higher version than FreeIPA 3.0.0, please use RHEL-7.x. RHEL-7.1
has FreeIPA 4.1, which is much more cooler than 3.0.0 :-) This is what we
recommend for new deployments anyway.
> I have been searching for information from RHEL knowledgebase and from
> the FreeIPA site but I do not find information that exactly matches my
> situation.
>
> I am grateful for any assistance in this.
>
>
> Thanks!
>
HTH,
Martin
More information about the Freeipa-users
mailing list