[Freeipa-users] Migrating a Directory Server from 389-ds to FreeIPA
Rob Crittenden
rcritten at redhat.com
Wed Sep 23 14:45:53 UTC 2009
Jenny Galipeau wrote:
> Michael Kang wrote:
>> Dear FreeIPA community,
>>
>> My PL wants to migrate a directory server(storing employees info and
>> Linux user accounts) from 389-ds(1.1.x) to FreeIPA(1.2.2). I backed up
>> from the command line using the */db2bak/* command-line script. I got
>> two LDIF files and two folders(userRoot and NetscapeRoot) which
>> contains many db4 files.
>>
>> After reading the FreeIPA Administrator Guide, I realized there is no
>> */db2bak/* or */bak2db/* commands for FreeIPA users. So I copy those
>> LDIF files and folders to /var/lib/dirsrv/<ds instance> directly. Then
>> I run */service dirsvr restart/*, the dirsvr instance cannot start
>> anymore. The instance names of 389-ds and FreeIPA are different.
>>
>> How can I finish this hard job? Have anybody ever migrated
>> successfully? I need your help..
>>
>> remove any unneeded structural and configuration options from the ldif
>> convert this ldif to the IPA DIT
>> load the ldif
>>
>> You can see the DIT we use at http://freeipa.org/page/UsingRhdsWithIpa
> HTH
> Jenny
Note that this will get the users added with their existing passwords
but does not give them kerberos principals. We don't currently provide
any mechanism for setting this on a migrated user though we are working
on it.
What I would recommend also is to create a few IPA users and compare the
objectclasses that we use to the users you are migrating.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20090923/89f796de/attachment.bin>
More information about the Freeipa-users
mailing list