Tried those command before ,,,seem the web page and LDAP separate or I missed some parts. it can turn on the ldap but the web page not allow to login ...mostly it related to ?
2018-03-02 17:24 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>: > On 01/03/2018 10:37, barrykfl--- via FreeIPA-users wrote: > >> ic ..but the full restore can success run in clean installed master with >> new CA overwrite? >> >> e.g. master with CA and ldap all crashed with replication servers but >> data aslo crashed...can it be use as restore using the same hostname and >> rebuild the replication agreements with others? >> >> Hi, > > yes, the doc explains how to restore in a multi-master environment: > https://access.redhat.com/documentation/en-us/red_hat_enterp > rise_linux/7/html/linux_domain_identity_authentication_and_ > policy_guide/restore#restore-multiple-masters > > HTH, > Flo > > 2018-03-01 15:19 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com <mailto: >> f...@redhat.com>>: >> >> On 03/01/2018 12:10 AM, barrykfl--- via FreeIPA-users wrote: >> >> any ref. full backup.of 4.5? >> I only can found v3 . will it recover all cert ca related ? I >> tried such recover in v3 it seem it broken the relationship of >> others agreement. or I missed the backup of some files. >> >> Hi, >> >> you can find the doc for 4.5 in >> https://access.redhat.com/documentation/en-us/red_hat_enterp >> rise_linux/7/html/linux_domain_identity_authentication_and_ >> policy_guide/backup-restore >> <https://access.redhat.com/documentation/en-us/red_hat_enter >> prise_linux/7/html/linux_domain_identity_authentication_and_ >> policy_guide/backup-restore> >> >> The full backup of a master with CA also contains the certs and the >> CA. >> >> HTH, >> Flo >> >> is it possible to use very old vm image plus the regular ldif >> backup recovery? >> >> 2018年3月1日 上午7:02 於 "Rob Crittenden" <rcrit...@redhat.com >> <mailto:rcrit...@redhat.com> <mailto:rcrit...@redhat.com >> >> <mailto:rcrit...@redhat.com>>> 寫道: >> >> barrykfl--- via FreeIPA-users wrote: >> > Hi all: >> > >> > any one has better solution of freeipa backup ? assume >> all ldap >> db crash >> > ,all ca fail, no backup of cert ...etc but need cleanly >> install >> one with >> > same hostname. >> > >> > and we have /usr/sbin/ipa-backup ldif backup . >> > >> > Can I use an old image but restore back ldif such backup? >> > >> > or any better solution for clean install with this ldif >> copy. >> >> If you have a full backup of a master with a CA and have >> saved it >> off-machine and your machine dies then you can re-install >> using the >> EXACT SAME OPTIONS. >> >> Then restore the backup. Then re-initialize all other >> masters (this >> should all be documented already). >> >> If you have only one master with a CA and it dies and you >> have no >> backups then you are pretty much hosed at the moment. >> >> IPA is so much more than just an LDIF. >> >> _Could_ you use an LDIF to restore the data minus the >> certs? Yeah, >> probably, with a whole ton of work and expertise. Would it >> be worth the >> trouble and would you ever fully trust that you got it 100% >> right? >> >> The best solution is to maintain multiple masters and > 1 >> CA. If one >> dies then you delete it and provision a new master. You can >> maintain the >> old name if you want. >> >> Or if you use VMs you can use disk snapshots to maintain >> backups. >> >> rob >> >> >> >> _______________________________________________ >> FreeIPA-users mailing list -- >> freeipa-users@lists.fedorahosted.org >> <mailto:freeipa-users@lists.fedorahosted.org> >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> <mailto:freeipa-users-le...@lists.fedorahosted.org> >> >> >> >> >> >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedo >> rahosted.org >> >> >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
