Red Hat Bugzilla – Bug 488891
Document how to migrate user identities from an existing directory or identity store into IPA
Last modified: 2015-01-04 18:37:03 EST
Description of problem:
Version-Release number of selected component (if applicable):
I'll need more info or draft doc on this to proceed.
Version set to 1.1 by mistake. Resetting to 2.0
Added to Migration Guide. This guide is still in draft form, untested, and not public yet.
We have a command plugin for the purpose of migrating identities from an existing 389/RH DS to IPA. All migration tools can be examined using the built-in interface:
ipa help migration
Only one command is currently available. It can be used to migrate identities from DS or from IPAv1:
ipa migrate-ds LDAP_URI [--bind-dn=BIND_DN] [--user-container=USER_CONT]
BIND_DN - DN of the entry the command is going to bind as, defaults to "cn=Directory Manager"
USER_CONT - parent entry under which user identities are stored, defaults to "ou=People"
GROUP_CONT - parent entry under which group information is stored, defaults to "ou=Groups"
EXC_USERS - comma-separated list of user names to be excluded from migration
EXC_GROUPS - comma-separated list of groups to be excluded from migration
After executing the command, you will be prompted to enter the BIND password.
Note that migration mode has to be enabled first, you can do so using:
ipa config-mod --enable-migration=TRUE
To migrate users and groups from an existing default configuration DS reachable at ldap://example.com, it should be enough to execute:
ipa migrate-ds ldap://example.com
To migrate users and groups from an existing default configuration IPAv1 with DS reachable at ldap://example.com, you will need to execute:
ipa migrate-ds --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts ldap://example.com
Hope that helps.
*** Bug 488900 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 646210 ***