Petr, Martin, thanks for the suggestions, i will try next week.
fyi... it will be the same domain so i'll have a look at "ipa migrate-ds". Regards, Les ________________________________________ From: Martin Kosek [[email protected]] Sent: Friday, January 17, 2014 6:46 PM To: Les Stott; [email protected] Subject: Re: [Freeipa-users] export users/groups from one ipa server to another On 01/17/2014 07:24 AM, Les Stott wrote: > Hi All, > > Looking for the quickest and easiest way to export users from one freeipa > server and install on another. > > I have an existing freeipa server, 3.0.0 standard rhel6 in a DR environment. > I am setting up an identical freeipa server in a Production Environment. > > The two environments will not be configured to talk to each other. They will > both have there own replicas. > > I simply want to export the users and groups I created in freeipa in DR, and > import them (preserving details and passwords) into the freeipa server in > Production. > > What is the recommendation? Is there an ipa tool? Or will ldif exports > suffice? > > Thanks in advance, > > Les I think the best way would be to use the "ipa migrate-ds" command. It should work both with stand alone Directory Servers and IPA too. You may just need to play with --userignoreobjectclass amd userignoreattribute to not migrate Kerberos related attributes and objectclasses if for example your other DS has a different realm. Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
