Bug 488891 - Document how to migrate user identities from an existing directory or identity store into IPA
Document how to migrate user identities from an existing directory or identit...
Status: CLOSED DUPLICATE of bug 646210
Product: freeIPA
Classification: Community
Component: Documentation (Show other bugs)
2.0
All Linux
medium Severity medium
: v2 release
: ---
Assigned To: David O'Brien
Chandrasekar Kannan
: Documentation
: 488900 (view as bug list)
Depends On:
Blocks: 431020 freeipa20 489811 646210 646217
  Show dependency treegraph
 
Reported: 2009-03-05 23:35 EST by David O'Brien
Modified: 2015-01-04 18:37 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 646210 (view as bug list)
Environment:
Last Closed: 2011-01-13 03:47:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David O'Brien 2009-03-05 23:35:02 EST
Description of problem:


Version-Release number of selected component (if applicable):


Additional info:
I'll need more info or draft doc on this to proceed.
Comment 1 David O'Brien 2009-03-08 17:55:21 EDT
Version set to 1.1 by  mistake. Resetting to 2.0
Comment 5 David O'Brien 2009-08-13 23:48:21 EDT
Added to Migration Guide. This guide is still in draft form, untested, and not public yet.
Comment 7 Pavel Zuna 2010-02-24 08:31:02 EST
We have a command plugin for the purpose of migrating identities from an existing 389/RH DS to IPA. All migration tools can be examined using the built-in interface:

ipa help migration

Only one command is currently available. It can be used to migrate identities from DS or from IPAv1:

ipa migrate-ds LDAP_URI [--bind-dn=BIND_DN] [--user-container=USER_CONT]
                                            [--group-container=GROUP_CONT]
                                            [--exclude-users=EXC_USERS]
                                            [--exclude-groups=EXC_GROUPS]

BIND_DN - DN of the entry the command is going to bind as, defaults to "cn=Directory Manager"
USER_CONT - parent entry under which user identities are stored, defaults to "ou=People"
GROUP_CONT - parent entry under which group information is stored, defaults to "ou=Groups"
EXC_USERS - comma-separated list of user names to be excluded from migration
EXC_GROUPS - comma-separated list of groups to be excluded from migration

After executing the command, you will be prompted to enter the BIND password.

Note that migration mode has to be enabled first, you can do so using:

ipa config-mod --enable-migration=TRUE

To migrate users and groups from an existing default configuration DS reachable at ldap://example.com, it should be enough to execute:

ipa migrate-ds ldap://example.com

To migrate users and groups from an existing default configuration IPAv1 with DS reachable at ldap://example.com, you will need to execute:

ipa migrate-ds --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts ldap://example.com

Hope that helps.
Comment 8 David O'Brien 2010-09-14 21:54:23 EDT
*** Bug 488900 has been marked as a duplicate of this bug. ***
Comment 9 David O'Brien 2011-01-13 03:47:40 EST

*** This bug has been marked as a duplicate of bug 646210 ***

Note You need to log in before you can comment on or make changes to this bug.