[Freeipa-users] Exporting ipa LDAP DB
Rob Crittenden
rcritten at redhat.com
Fri Oct 30 19:27:26 UTC 2015
Gronde, Christopher (Contractor) wrote:
> We have had huge issues with our ipa servers which has left some of our
> applications offline. We want to stand up a temporary OpenLDAP server
> to transfer the users to until we can get IPA back online. Is there a
> way to export the ipa LDAP DB so that I can migrate the users into openldap?
A pretty drastic step that could open another can of worms, but you'd
want to do something like:
# service service dirsrv stop EXAMPLE-COM
# /var/lib/dirsrv/scripts-EXAMPLE-COM/db2ldif -n userRoot
The output will contain a pointer to the LDIF it produces.
Be forewarned it is going to contain a slew of IPA and 389-ds specific
elements you'll need to filter out.
Also be very careful with this file as it not only contains the user
password hashes for all your users but also the Kerberos master key.
rob
>
>
>
> V/r
>
> Chris Gronde (CTR)
>
> Navstar, INC.
>
> Linux Systems Administrator
>
> Network Monitoring Engineer
>
> Financial Crimes Enforcement Network (FinCEN)
>
> Technology Solutions and Services Division (TSSD)
>
> Tel: 703-905-3578
>
> Cell: 571-318-7743
>
> Office: 2041K
>
>
>
>
>
More information about the Freeipa-users
mailing list