[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] migration of netgroups into IPA ??

On 04/30/2012 05:06 PM, David Copperfield wrote:
Hi folks,

 We have quite a bunch of netgroups which are hosted on openldap server presently, and now it is time to migrate them into freeIPA. The NIS triples are in the format:

 (-, username, - )


 (hostname001, - , - )

And these openldap netgroups are used for variable purposes, host listing for ssh/gssh, access control, sudoers, etc.

So after user accounts and groups are migrated, netgroups needs to be migrated too for openldap/IPA migration/cutover. There is no Redhat documents on this part though. Has any one tried netgroup migration before?  Or we have to input by hand into IPA (host, hostgroup, user-group) and replace netgroup with hostgroup(which will create respective netgroups in the background), and replace NIS user groups and real posix user groups?

Please advice. Thanks a lot.

We do not provide migration script for netgroups however it is very simple to create a script that would recreate netgroups using IPA command line.
The reason why we do not do netgroup migration automatically is because it is a good time to reconsider now netgroups are used in your environment.
For example if you use netgroups to group hosts we recommend you creating a host group for those hosts. Each host group by default has an automatically created netgroup with the same name. This can be turned off but out of box every host group creates a netgroup.
If you use netgroups for users consider switching to user groups rather than using netgroups for users. Using user groups is more flexible and preferred method.

Also see chapter 7. It has examples of the scripts that can help you to migrate netgroups.

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]