Bug 801553 - IPA NIS Integration and Migration documentation updates
IPA NIS Integration and Migration documentation updates
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: doc-Identity_Management_Guide (Show other bugs)
Unspecified Unspecified
medium Severity medium
: rc
: 6.3
Assigned To: Deon Ballard
: Documentation
Depends On:
  Show dependency treegraph
Reported: 2012-03-08 15:18 EST by Scott Poore
Modified: 2012-06-21 19:15 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-21 19:15:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Scott Poore 2012-03-08 15:18:11 EST
This is a request to update the EIM Guide with more info on NIS Migration.  

I have a test script that Rob Crittenden though would be a good starting point for Migration.  Whoever will update the document can contact me directly for more information.   

Below is a rough draft summary of the steps used in the script for importing NIS data:

1.  setup IPA server per standard guide instructions

Follow standard documentation using ipa-server-install here.

2.  enable NIS Listener

ipa-compat-manage enable
ipa-nis-manage enable
service rpcbind restart
service dirsrv restart

3.  import user data from NIS passwd map

ypcat -d <NISDOMAIN> -h <NISMASTER> passwd

Loop through output parsing and processing each entry:

echo <firstpassword>|ipa user-add <username> --first=NIS --last=USER --password

ipa user-mod <username> --gidnumber=<gid> --uid=<uid> --gecos=<gecos> --homedir=<homedir> --shell=<shell>

* Note that user-add --first=NIS and --last=USER can be replaced by more complex/custom logic to process gecos field into First and Last Name fields.

4.  import group data from NIS group map

ypcat -d <NISDOMAIN> -h <NISMASTER> group

loop through output parsing and processing each entry:

skip user private groups already created by ipa user-add

ipa group-add <groupname> --desc=NIS_GROUP_<groupname> --gid=<gid>

ipa group-add-member <groupname> --users=<users>

5.  import host data from NIS hosts map

ypcat -d <NISDOMAIN> -h <NISMASTER> hosts

loop through output parsing and processing each entry:

create reverse (PTR) zones (e.g. 0.168.192.in-addr.arpa.) for new networks
ipa dnszone-add <ptrzone> --name-server=<IPAMASTER> --admin-email=<emailaddress>

create forward zones for new DNS domains to be supported.
ipa dnszone-add <domainname> --name-server=<IPAMASTER> --admin-email=<emailaddress>

add host entry
ipa host-add <fqdn> --ip-address=<ip>

6.  import netgroup data from NIS netgroup map

ypcat -k -d <NISDOMAIN> -h <NISMASTER> netgroup 

loop through output parsing and processing each entry:
ipa netgroup-add <netgroupname> --desc=NIS_NG_<netgroupname>

if entry contains empty host field in triple "(,":
ipa netgroup-mod <netgroupname> --hostcat=all

if entry contains empty user field in triple ",,",:
ipa netgroup-mod <netgroupname> --usercat=all

loop through the netgroups/triples included in the netgroup:

if included entry is netgroup that doesn't already exist:
ipa netgroup-add <includednetgroup> --desc=NIS_NG_<includednetgroup>

add included netgroup
ipa netgroup-add-member <netgroupname> --netgroups=<includednetgroup>

if include entry is triple, parse and add based on host/user/domain fields
ipa negroup-add-member <netgroupname> --hosts=<host> --users=<user> --nisdomain=<domain>

7.  import automount data from NIS automount maps

create automount location to use for your nis domain
ipa automountlocation-add nis
ypcat -k -d <NISDOMAIN> -h <NISMASTER> auto.master

loop through output to get list of maps to configure and include auto.master in maps to process:
ypcat -k -d <NISDOMAIN> -h <NISMASTER> <MAP>
ipa automountmap-add nis <MAP>
cat <<EOF > /tmp/amap.ldif
dn: nis-domain=testrelm.com+nis-map=$MAP,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
nis-domain: $DOMAIN
nis-map: $MAP
nis-base: automountmapname=$MAP,cn=nis,cn=automount,$BASEDN
nis-filter: (objectclass=*)
nis-key-format: %{automountKey}
nis-value-format: %{automountInformation}       
ldapadd -x -h <MASTER> -D "<ROOTDN>" -w "<ROOTDNPASSWORD> -f /tmp/amap.ldif

loop through parsing and processing each automount entry in <MAP>
ipa automountkey-add nis <MAP> --key=<key> --info=<mountinfo>
Comment 3 Deon Ballard 2012-05-03 12:34:58 EDT
Setting all priority and severity to medium.
Comment 4 Deon Ballard 2012-05-03 14:13:30 EDT
Scott sent me his test scripts, which I have added as examples for the different 7.5.x migration areas.
Comment 6 Deon Ballard 2012-06-21 19:15:48 EDT

Note You need to log in before you can comment on or make changes to this bug.