[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] Migrating a Directory Server from 389-ds to FreeIPA



Thank you for your help.

Hope I could handle this job... Thank you guys.

On Wed, Sep 23, 2009 at 10:45 PM, Rob Crittenden <rcritten redhat com> wrote:
Jenny Galipeau wrote:
Michael Kang wrote:
Dear FreeIPA community,

My PL wants to migrate a directory server(storing employees info and Linux user accounts) from 389-ds(1.1.x) to FreeIPA(1.2.2). I backed up from the command line using the */db2bak/* command-line script. I got two LDIF files and two folders(userRoot and NetscapeRoot) which contains many db4 files.

After reading the FreeIPA Administrator Guide, I realized there is no */db2bak/* or */bak2db/* commands for FreeIPA users. So I copy those LDIF files and folders to /var/lib/dirsrv/<ds instance> directly. Then I run */service dirsvr restart/*, the dirsvr instance cannot start anymore. The instance names of 389-ds and FreeIPA are different.

How can I finish this hard job? Have anybody ever migrated successfully? I need your help..

remove any unneeded structural and configuration options from the ldif
convert this ldif to the IPA DIT
load the ldif

You can see the DIT we use at http://freeipa.org/page/UsingRhdsWithIpa
HTH
Jenny

Note that this will get the users added with their existing passwords but does not give them kerberos principals. We don't currently provide any mechanism for setting this on a migrated user though we are working on it.

What I would recommend also is to create a few IPA users and compare the objectclasses that we use to the users you are migrating.

rob



--
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles happen.

Personal blog: http://ufusion.org - United Fusion

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]