[Freeipa-users] How to migrate from freeipa distribution to separate components

[Simo Sorce]

On Wed, 2016-01-13 at 15:10 +0100, bahan w wrote:
> Hello Simo !
> 
> For the reason :
> The production team wants to use only the two components openLDAP and MIT
> Kerberos, possibily on different servers.
> 
> For the explanation :
> They want to install only MIT Kerberos and openLDAP.
> We already have an existing FreeIPA installation, with users, groups,
> principals, pwpolicies.
> We would like to migrate this to an openLDAP for the users, groups and
> pwpolicies, and to another MIT Kerberos for the principals (hope I'm not
> forgetting anything).

Sorry but FreeIPA is not just a generic directory server and an MIT KDC,
it is an integrated solution. There is no path to use loose parts
instead of the integrated set.

I do not mean this snarkly in any way, but with a car analogy what you
asked is something like: Can we migrate this Toyota Corolla to a set of
loose parts (including and engine from Mercedes and the chassis of an
Honda) that our mechanic can put together ? 

Simo.

> Best regards.
> 
> Bahan
> 
> On Wed, Jan 13, 2016 at 2:58 PM, Simo Sorce <simo at redhat.com> wrote:
> 
> > On Wed, 2016-01-13 at 14:54 +0100, bahan w wrote:
> > > Hello !
> > >
> > > I send you this mail because I have a question relative to the migration
> > > from the IPA distribution to the separate components.
> > >
> > > With FreeIPA, we are using only :
> > > - MIT Kerberos
> > > - DS389
> > > - The PKI CA is installed but not used from our side
> > >
> > > Is it possible to migrate to the following separate components :
> > > - MIT Kerberos (we keep the same)
> > > - OpenLDAP
> > >
> > > I often found documentation to migrate from MIT Kerberos and OpenLDAP to
> > > FreeIPA but not the opposite.
> >
> > Can you explain what you mean by "migrate to the following separate
> > components" ? And why you want to do so ?
> >
> > Simo.
> >
> > --
> > Simo Sorce * Red Hat, Inc * New York
> >
> >


-- 
Simo Sorce * Red Hat, Inc * New York