[Freeipa-users] Exporting data?
Petr Spacek
pspacek at redhat.com
Wed Sep 4 13:26:31 UTC 2013
On 4.9.2013 15:04, Bret Wortman wrote:
> What's the right venue for making a suggestion? In particular, I'd like to
> toss out there that it would be really nice to be able to export, at a
> minimum, DNS and user data from IPA in the form of a zone file and a
> passwd/shadow file pair.
>
> I realize there might be security implications to the latter, and masking
> out passwords might be advisiable. And there's no easy way, necessarily, to
> get out sudo information. But having DNS and user details would at least
> permit a sysadmin having major issues (like I have been for the past two
> weeks) to get up and running in some form, using puppet or some other tool
> to distribute flat files with named running against a static zone file, or
> even to migrate off IPA if absolutely necessary.
Hello,
for DNS you can use normal zone transfer. Just configure IPA zone to allow
zone transfer to an IP address (localhost means 'localy to IPA server') and
use standard DNS tools, e.g. dig:
$ ipa dnszone-mod example.com --allow-transfer='localhost;'
$ dig +onesoa -t AXFR example.com > /root/example.com.db
That is all you need for DNS, you have the standard zone file.
I believe that you can use SSSD (with enumeration enabled) to run "getent
passwd > /root/passwd.bck". I have no idea how it works with shadow
map/password. Try to ask sssd-users at lists.fedorahosted.org.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list