CentOS 8.x Freeipa migration from openldap to freeipa
From Notes_Wiki
<yambe:breadcrumb self="Freeipa migration from openldap to freeipa">CentOS 8.x FreeIPA|FreeIPA</yambe:breadcrumb>
CentOS 8.x Freeipa migration from openldap to freeipa
To migrate openLDAP to freeipa use:
- To create kerebros ticket run
- kinit admin
- Run migration from LDAP server using:
- ipa migrate-ds --bind-dn='cn=root,dc=sbarjatiya,dc=com' --with-compat ldap://openldap1.rnd.com:389
- and then enter bind DN's password. Bind DN should have administrative access so that it can read userPassword attributes and even migrate them.
- Note that normal posixUser get migrated but for groups ipa expects 'groupOfNames' with multiple member attribute per member with value of DN of group member instead of posixGroup
Refer:
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/migrating_from_a_directory_server_to_ipa
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/using-migrate-ds