[Freeipa-users] Migration from FreeIPA 3.0 to 4.x

[Dagan]

Hi, 

I am hoping someone will be able to help answer some questions about migrations. 

I have been asked to look at upgrading an existing FreeIPA installation on CentOS 6 (3.0.0) to a new installation on CentOS 7 with a recent stable release (4.4.0). 

The existing CentOS 6 installation does not manage DNS or have a CA that is being used (though the may be installed. It's primarily for user authentication and user group management. 

There are only a small number of users, groups, and hosts to migrate - less than 100 of each. 
But the data is used for LDAP integration in various applications so it needs to be consistent. 

Would it be recommended to do a straight LDIF type export and import of the data, and configure the new FreeIPA installation for the new access/sudo rules? 

Would that risk leaving behind any data I would need to know about? 

We are planning to review the sudo rules, host access lists etc as part of the migration work. So leaving behind some data may not be a blocker to upgrade. 

Any suggestions or links welcome. 

Cheers, 
Dagan McGregor