<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yes, though it might be a bit more data than you're expecting.<br>
<br>
Here's what we did to get the details out of a server (and import
them into another). I'm sure there's a more elegant solution, but
this worked for us. Also note that we didn't use all the data this
export script generated, but felt it was better to have it than to
not.<br>
<br>
EXPORT:<br>
<br>
<tt>#!/bin/sh</tt><tt><br>
</tt><tt>#</tt><tt><br>
</tt><tt># Generate latest ipa config files for possible re-import
later.</tt><tt><br>
</tt><tt>#</tt><tt><br>
</tt><tt># (C) 2014, The Damascus Group</tt><tt><br>
</tt><tt>#</tt><tt><br>
</tt><tt><br>
</tt><tt>CONFIGDIR=/opt/ipa_config</tt><tt><br>
</tt><tt><br>
</tt><tt>[ ! -d $CONFIGDIR ] && mkdir $CONFIGDIR</tt><tt><br>
</tt><tt>pushd $CONFIGDIR</tt><tt><br>
</tt><tt><br>
</tt><tt>ipa dnszone-find --all > dnszone.txt</tt><tt><br>
</tt><tt>grep 'Zone name' dnszone.txt | awk '{print $3}' | sed
's/\r//' > zones.txt</tt><tt><br>
</tt><tt>for line in $(cat zones.txt)</tt><tt>; do</tt><tt><br>
</tt><tt> fn=$(echo $line | sed 's/\.in-addr\.arpa\.//')</tt><tt><br>
</tt><tt> echo "For zone $line -> dnsrecord-$fn.txt"</tt><tt><br>
</tt><tt> ipa dnsrecord-find $line --sizelimit=99999 --all
--structured > dnsrecord-${fn}.txt</tt><tt><br>
</tt><tt>done</tt><tt><br>
</tt><tt>ipa user-find --all > users.txt</tt><tt><br>
</tt><tt>ipa host-find --sizelimit=99999 --all > hosts.txt</tt><tt><br>
</tt><tt>ipa policy-find --all > policy.txt</tt><tt><br>
</tt><tt>ipa sudorule-find --all > sudorule.txt</tt><tt><br>
</tt><tt>ipa sudocmdgroup-find --all > sudocmdgroup.txt</tt><tt><br>
</tt><tt>ipa sudocmd-find --all > sudocmd.txt</tt><tt><br>
</tt><tt>ipa role-find --all > roles.txt</tt><tt><br>
</tt><tt>ipa pwpolicy-find --all > pwpolicy.txt</tt><tt><br>
</tt><tt>ipa privilege-find --all > privilege.txt</tt><tt><br>
</tt><tt>ipa permission-find --all > permission.txt</tt><tt><br>
</tt><tt>ipa netgroup-find --all > netgroup.txt</tt><tt><br>
</tt><tt>ipa usergroup-find --all > usergroup.txt</tt><tt><br>
</tt><tt>ipa idrange-find --all > idrange.txt</tt><tt><br>
</tt><tt>ipa hostgroup-find --all > hostgroup.txt</tt><tt><br>
</tt><tt>ipa</tt><tt> hbacrule-find --all > hbacrule.txt</tt><tt><br>
</tt><tt>ipa hbacsvc-find --all > hbacsvc.txt</tt><tt><br>
</tt><tt>ipa group-find --all > group.txt</tt><tt><br>
</tt><tt>ipa cert-find --all > cert.txt</tt><tt><br>
</tt><tt>ipa automember-find --type=group --all >
automember-group.txt</tt><tt><br>
</tt><tt>ipa automember-find --type=hostgroup --all >
automember-hostgroup.txt</tt><tt><br>
</tt><tt>popd</tt><tt><br>
</tt>------cut-------<br>
<br>
Then, for example, you can import these into a new IPA server using
something like these:<br>
<br>
<tt>#!/bin/bash</tt><tt><br>
</tt><tt>#</tt><tt><br>
</tt><tt># parse_hosts</tt><tt><br>
</tt><tt>#</tt><tt><br>
</tt><tt># (C) 2014, The Damascus Group</tt><tt><br>
</tt><tt>#</tt><tt><br>
</tt><tt><br>
</tt><tt>FN=$1</tt><tt><br>
</tt><tt>OTP=MyOnetimePassword</tt><tt><br>
</tt><tt><br>
</tt><tt>RE_HOSTNAME="Host name:\s+(.*)$"</tt><tt><br>
</tt><tt><br>
</tt><tt>name=""</tt><tt><br>
</tt><tt><br>
</tt><tt>while read line; do</tt><tt><br>
</tt><tt> if [[ $line =~ "$name" ]]; then</tt><tt><br>
</tt><tt> if [[ -n "$name" ]]; then</tt><tt><br>
</tt><tt> echo "Adding $name"</tt><tt><br>
</tt><tt> ipa host-add $name --password $OTP --force</tt><tt><br>
</tt><tt> fi</tt><tt><br>
</tt><tt> name=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt> fi</tt><tt><br>
</tt><tt>done < $FN</tt><tt><br>
</tt><tt>echo "Adding $name"</tt><tt><br>
</tt><tt>ipa host-add $name --password $OTP --force</tt><tt><br>
</tt>-------cut----------<br>
<br>
And this for users:<br>
<tt><br>
</tt><tt>#!/bin/bash</tt><tt><br>
#<br>
# parse_users<br>
#<br>
# (C) 2014, The Damascus Group<br>
</tt><tt><br>
</tt><tt>FN=$1</tt><tt><br>
</tt><tt><br>
</tt><tt>RE_DN="dn:\s+</tt><tt>(.*)$"</tt><tt><br>
</tt><tt>RE_LOGIN="User login:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_LAST="Last name:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_FIRST="First name:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_CN="Full name:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_DISPLAYNAME="Display name:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_INITIALS="Initials:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_SHELL="Login shell:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_HOMEDIR="Home directory:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_PRINCIPAL="Kerberos principal:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_EMAIL="Email address:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_SSHPUBKEY="SSH public key:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_UID="UID:\s+(.*)$"</tt><tt><br>
</tt><tt>RE_GID="GID:\s+(.*)$"</tt><tt><br>
</tt><tt><br>
</tt><tt>login=""</tt><tt><br>
</tt><tt>last</tt><tt>=""</tt><tt><br>
</tt><tt>first=""</tt><tt><br>
</tt><tt>cn=""</tt><tt><br>
</tt><tt>displayname</tt><tt>=""</tt><tt><br>
</tt><tt>initials=""</tt><tt><br>
</tt><tt>shell=""</tt><tt><br>
</tt><tt>homedir=""</tt><tt><br>
</tt><tt>prinicpal=""</tt><tt><br>
</tt><tt>email=""</tt><tt><br>
</tt><tt>sshpubkey=""</tt><tt><br>
</tt><tt>uid=""</tt><tt><br>
</tt><tt>gid=""</tt><tt><br>
</tt><tt><br>
</tt><tt>while read line; do</tt><tt><br>
</tt><tt> if [[ $line =~ $RE_DN ]]; then</tt><tt><br>
</tt><tt> ipa user-add $login \</tt><tt><br>
</tt><tt> --last=$last \</tt><tt><br>
</tt><tt> --first=$first \</tt><tt><br>
</tt><tt> --cn="$cn" \</tt><tt><br>
</tt><tt> --displayname="$displayname" \</tt><tt><br>
</tt><tt> --initials=$initials \</tt><tt><br>
</tt><tt> --shell=$shell \</tt><tt><br>
</tt><tt> --homedir=$homedir \</tt><tt><br>
</tt><tt> --principal=$principal \</tt><tt><br>
</tt><tt> --email=$email </tt><tt>\</tt><tt><br>
</tt><tt> --sshpubkey="$sshpubkey" \</tt><tt><br>
</tt><tt> --uid=$uid \</tt><tt><br>
</tt><tt> --gid=$gid</tt><tt><br>
</tt><tt> login=""</tt><tt><br>
</tt><tt> last=""</tt><tt><br>
</tt><tt>
first=""</tt><tt><br>
</tt><tt> cn=""</tt><tt><br>
</tt><tt>
displayname=""</tt><tt><br>
</tt><tt>
initials=""</tt><tt><br>
</tt><tt>
shell=""</tt><tt><br>
</tt><tt>
homedir=""</tt><tt><br>
</tt><tt>
prinicpal=""</tt><tt><br>
</tt><tt> email=""</tt><tt><br>
</tt><tt>
sshpubkey=""</tt><tt><br>
</tt><tt>
uid=""</tt><tt><br>
</tt><tt>
gid=""</tt><tt><br>
</tt><tt>
</tt><tt> fi</tt><tt><br>
</tt><tt> if [[ $line =~ $RE_LOGIN ]]; then</tt><tt><br>
</tt><tt> login=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt> fi</tt><tt><br>
</tt><tt> if [[ $line =~ $RE_LAST ]]; then</tt><tt><br>
</tt><tt>
last=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_FIRST ]]; then</tt><tt><br>
</tt><tt>
first=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_CN ]]; then</tt><tt><br>
</tt><tt>
cn=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_DISPLAYNAME ]]; then</tt><tt><br>
</tt><tt>
displayname=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_INITIALS ]]; then</tt><tt><br>
</tt><tt>
initials=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_SHELL ]]; then</tt><tt><br>
</tt><tt>
shell=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_HOMEDIR ]]; then</tt><tt><br>
</tt><tt>
homedir=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_PRINCIPAL ]]; then</tt><tt><br>
</tt><tt>
principal=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_EMAIL ]]; then</tt><tt><br>
</tt><tt>
email=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_SSHPUBKEY ]]; then</tt><tt><br>
</tt><tt>
sshpubkey1=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt> read sshpubkey2</tt><tt><br>
</tt><tt> read sshpubkey3</tt><tt><br>
</tt><tt> sshpubkey="$sshpubkey1 $sshpubkey2 $sshpubkey3"</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_UID ]]; then</tt><tt><br>
</tt><tt>
uid=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
if [[ $line =~ $RE_GID ]]; then</tt><tt><br>
</tt><tt>
gid=${BASH_REMATCH[1]}</tt><tt><br>
</tt><tt>
fi</tt><tt><br>
</tt><tt>
done < $FN</tt><tt><br>
</tt><tt>ipa user-add $login \</tt><tt><br>
</tt><tt> --last=$last \</tt><tt><br>
</tt><tt>
--first=$first \</tt><tt><br>
</tt><tt>
--cn="$cn" \</tt><tt><br>
</tt><tt>
--displayname="$displayname" \</tt><tt><br>
</tt><tt>
--initials=$initials \</tt><tt><br>
</tt><tt>
--shell=$shell \</tt><tt><br>
</tt><tt>
--homedir=$homedir \</tt><tt><br>
</tt><tt>
--principal=$principal \</tt><tt><br>
</tt><tt>
--email=$email \</tt><tt><br>
</tt><tt>
--sshpubkey="$sshpubkey" \</tt><tt><br>
</tt><tt>
--uid=$uid \</tt><tt><br>
</tt><tt>
--gid=$gid</tt><br>
---------cut----------<br>
<br>
If there's any interest, I can toss these scripts plus a handful of
other parsers for things like DNS, hbac and sudo into a github
project. Unless someone points out a compelling reason to not do
things this way.<br>
<br>
<br>
Bret<br>
<br>
<div class="moz-cite-prefix">On 05/23/2014 12:42 AM, Sanju A wrote:<br>
</div>
<blockquote
cite="mid:OFB4F6C045.2C9326AD-ON65257CE1.0019E55C-65257CE1.0019E55E@tcs.com"
type="cite"><font face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif" size="2">
<div>Dear All,</div>
<div><br>
</div>
<div>Is there any command to export the user and host list to a
csv or text format<br>
<br>
<br>
Regards<br>
Sanju Abraham<br>
___________</div>
</font>
<p>=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>