[Freeipa-users] Migrate FreeIPA data from v2.0. to v4.2.0

[Anthony Cheng]

Hi list,

Currently in the midst of doing a migration of FreeIPA from v3.0.0 to
v4.2.0; I have setup the new IPA instances and I am looking at migrate the
data.

Based on the section under 'Migrating from other FreeIPA to FreeIPA' here (
http://www.freeipa.org/page/Howto/Migration#Migrating_existing_FreeIPA_deployment),
it is suggested to run the following sample command:

echo Secret123 | ipa migrate-ds --bind-dn="cn=Directory Manager"
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
--user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry}
--user-ignore-objectclass=mepOriginEntry --with-compat
ldap://migrated.freeipa.server.test

My questions are:
1) Will this work as my new domain has changed (so realm is different)
2) Will this work for migration from 3.0.0 to 4.2.0?
3) Is this command safe to run from a production box?
4) If it fails or is not safe to run, what is the alternative/process?
(details would be appreciated)

Also on the same link, it mentions that "other objects (SUDO, HBAC, DNS,
...) have to be migrated manually, by exporting the LDIF from old FreeIPA
instance, selecting the records to be migrated, updating the attributes in
batch (e.g. new realm) and adding the cleaned LDIF to new FreeIPA."

I have some idea how to do LDIF import/export but is this process
documented anywhere (on the freeipa.org)?

Thanks, Anthony
-- 

Thanks, Anthony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160425/0dacdcdc/attachment.htm>