[Freeipa-users] Migrate FreeIPA data from v3.0. to v4.2.0
Anthony Cheng
anthony.wan.cheng at gmail.com
Mon Apr 25 21:33:29 UTC 2016
So I went ahead and ran the migrate-ds command; ran into issue that was
described here:
https://www.redhat.com/archives/freeipa-users/2015-March/msg00398.html when
trying to change password
I re-ran migrate-ds option; but I actually don't see the user accounts
being migrated at all when I run a "ipa user-show user_name --all"
I supposed manual option/script is the only option at this point?
Anthony
On Mon, Apr 25, 2016 at 1:06 PM Anthony Cheng <anthony.wan.cheng at gmail.com>
wrote:
> Hi list,
>
> Currently in the midst of doing a migration of FreeIPA from v3.0.0 to
> v4.2.0; I have setup the new IPA instances and I am looking at migrate the
> data.
>
> Based on the section under 'Migrating from other FreeIPA to FreeIPA' here (
> http://www.freeipa.org/page/Howto/Migration#Migrating_existing_FreeIPA_deployment),
> it is suggested to run the following sample command:
>
> echo Secret123 | ipa migrate-ds --bind-dn="cn=Directory Manager"
> --user-container=cn=users,cn=accounts
> --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
> --user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry}
> --user-ignore-objectclass=mepOriginEntry --with-compat
> ldap://migrated.freeipa.server.test
>
> My questions are:
> 1) Will this work as my new domain has changed (so realm is different)
> 2) Will this work for migration from 3.0.0 to 4.2.0?
> 3) Is this command safe to run from a production box?
> 4) If it fails or is not safe to run, what is the alternative/process?
> (details would be appreciated)
>
> Also on the same link, it mentions that "other objects (SUDO, HBAC, DNS,
> ...) have to be migrated manually, by exporting the LDIF from old FreeIPA
> instance, selecting the records to be migrated, updating the attributes in
> batch (e.g. new realm) and adding the cleaned LDIF to new FreeIPA."
>
> I have some idea how to do LDIF import/export but is this process
> documented anywhere (on the freeipa.org)?
>
> Thanks, Anthony
> --
>
> Thanks, Anthony
>
--
Thanks, Anthony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160425/3c5bf4d2/attachment.htm>
More information about the Freeipa-users
mailing list