On 01/22/2013 06:28 PM, Matthew Barr wrote: > On Jan 22, 2013, at 5:15 PM, Dmitri Pal <d...@redhat.com> wrote: >> Which exactly LDAP method? >> ldif dump and load? This would not work well unless you also manage to move >> certs and kerberos master key over which is really hard. > I was assuming the ipa migrate-ds. > > >>> Thoughts? I don't anticipate moving any hardware that's enrolled from site >>> to site, so certs & the like shouldn't be a factor. >>> >> If you are instead of dump and load will install a new IPA server it will >> not have any old data and will have new certs and kerberos keys. >> You would have to re-enroll all your clients once again. Users would have to >> deal with the password change after you read in users using ipa migrate-ds. >> Other information also would have be precreated using ipa commands but this >> can be scripted by taking an LDIF and creating a series of ipa commands to >> add data into the new instance. > > I intend to re-enroll all clients. Only clients in the new site will be in > the system. > > Most of my users (25 users) use linux, and sssd will take care of most of the > kerberos hashes. The rest - 10 -15 users - can be told to login to the > migrate LDAP page, later on in the migration. > > We've got very little other information in IPA, so it's not a huge issue. > > > I thought this might be easier than trying to clean up old crud, and moving > the master IPA server. There doesn't seem to be a very good process for > moving all the components to a new master easily. > > > > Thanks! You are correct. There is no good process to move data over but it seems that you thought through things very well. You described the same sequence as I would recommend at the moment to anyone who wants to move from one IPA instance into a completely new one.
-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users