Bug 801553

This is a request to update the EIM Guide with more info on NIS Migration.  

I have a test script that Rob Crittenden though would be a good starting point for Migration.  Whoever will update the document can contact me directly for more information.   

Below is a rough draft summary of the steps used in the script for importing NIS data:

1.  setup IPA server per standard guide instructions

Follow standard documentation using ipa-server-install here.

2.  enable NIS Listener

ipa-compat-manage enable
ipa-nis-manage enable
service rpcbind restart
service dirsrv restart

3.  import user data from NIS passwd map

ypcat -d <NISDOMAIN> -h <NISMASTER> passwd

Loop through output parsing and processing each entry:

echo <firstpassword>|ipa user-add <username> --first=NIS --last=USER --password

ipa user-mod <username> --gidnumber=<gid> --uid=<uid> --gecos=<gecos> --homedir=<homedir> --shell=<shell>

* Note that user-add --first=NIS and --last=USER can be replaced by more complex/custom logic to process gecos field into First and Last Name fields.

4.  import group data from NIS group map

ypcat -d <NISDOMAIN> -h <NISMASTER> group

loop through output parsing and processing each entry:

skip user private groups already created by ipa user-add

ipa group-add <groupname> --desc=NIS_GROUP_<groupname> --gid=<gid>

ipa group-add-member <groupname> --users=<users>

5.  import host data from NIS hosts map

ypcat -d <NISDOMAIN> -h <NISMASTER> hosts

loop through output parsing and processing each entry:

create reverse (PTR) zones (e.g. 0.168.192.in-addr.arpa.) for new networks
ipa dnszone-add <ptrzone> --name-server=<IPAMASTER> --admin-email=<emailaddress>

create forward zones for new DNS domains to be supported.
ipa dnszone-add <domainname> --name-server=<IPAMASTER> --admin-email=<emailaddress>

add host entry
ipa host-add <fqdn> --ip-address=<ip>

6.  import netgroup data from NIS netgroup map

ypcat -k -d <NISDOMAIN> -h <NISMASTER> netgroup 

loop through output parsing and processing each entry:
ipa netgroup-add <netgroupname> --desc=NIS_NG_<netgroupname>

if entry contains empty host field in triple "(,":
ipa netgroup-mod <netgroupname> --hostcat=all

if entry contains empty user field in triple ",,",:
ipa netgroup-mod <netgroupname> --usercat=all

loop through the netgroups/triples included in the netgroup:

if included entry is netgroup that doesn't already exist:
ipa netgroup-add <includednetgroup> --desc=NIS_NG_<includednetgroup>

add included netgroup
ipa netgroup-add-member <netgroupname> --netgroups=<includednetgroup>

if include entry is triple, parse and add based on host/user/domain fields
ipa negroup-add-member <netgroupname> --hosts=<host> --users=<user> --nisdomain=<domain>

7.  import automount data from NIS automount maps

create automount location to use for your nis domain
ipa automountlocation-add nis
ypcat -k -d <NISDOMAIN> -h <NISMASTER> auto.master

loop through output to get list of maps to configure and include auto.master in maps to process:
ypcat -k -d <NISDOMAIN> -h <NISMASTER> <MAP>
ipa automountmap-add nis <MAP>
cat <<EOF > /tmp/amap.ldif
dn: nis-domain=testrelm.com+nis-map=$MAP,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
nis-domain: $DOMAIN
nis-map: $MAP
nis-base: automountmapname=$MAP,cn=nis,cn=automount,$BASEDN
nis-filter: (objectclass=*)
nis-key-format: %{automountKey}
nis-value-format: %{automountInformation}       
EOF
ldapadd -x -h <MASTER> -D "<ROOTDN>" -w "<ROOTDNPASSWORD> -f /tmp/amap.ldif

loop through parsing and processing each automount entry in <MAP>
ipa automountkey-add nis <MAP> --key=<key> --info=<mountinfo>