So I went ahead and ran the migrate-ds command; ran into issue that was described here: https://www.redhat.com/archives/freeipa-users/2015-March/msg00398.html when trying to change password
I re-ran migrate-ds option; but I actually don't see the user accounts being migrated at all when I run a "ipa user-show user_name --all" I supposed manual option/script is the only option at this point? Anthony On Mon, Apr 25, 2016 at 1:06 PM Anthony Cheng <anthony.wan.ch...@gmail.com> wrote: > Hi list, > > Currently in the midst of doing a migration of FreeIPA from v3.0.0 to > v4.2.0; I have setup the new IPA instances and I am looking at migrate the > data. > > Based on the section under 'Migrating from other FreeIPA to FreeIPA' here ( > http://www.freeipa.org/page/Howto/Migration#Migrating_existing_FreeIPA_deployment), > it is suggested to run the following sample command: > > echo Secret123 | ipa migrate-ds --bind-dn="cn=Directory Manager" > --user-container=cn=users,cn=accounts > --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup > --user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry} > --user-ignore-objectclass=mepOriginEntry --with-compat > ldap://migrated.freeipa.server.test > > My questions are: > 1) Will this work as my new domain has changed (so realm is different) > 2) Will this work for migration from 3.0.0 to 4.2.0? > 3) Is this command safe to run from a production box? > 4) If it fails or is not safe to run, what is the alternative/process? > (details would be appreciated) > > Also on the same link, it mentions that "other objects (SUDO, HBAC, DNS, > ...) have to be migrated manually, by exporting the LDIF from old FreeIPA > instance, selecting the records to be migrated, updating the attributes in > batch (e.g. new realm) and adding the cleaned LDIF to new FreeIPA." > > I have some idea how to do LDIF import/export but is this process > documented anywhere (on the freeipa.org)? > > Thanks, Anthony > -- > > Thanks, Anthony > -- Thanks, Anthony
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project