CentOS 8.x Freeipa migration from openldap to freeipa

From Notes_Wiki

Revision as of 13:37, 8 February 2021 by Saurabh (talk | contribs) (Created page with "<yambe:breadcrumb self="Freeipa migration from openldap to freeipa">CentOS 8.x FreeIPA|FreeIPA</yambe:breadcrumb> =CentOS 8.x Freeipa migration from openldap to freeipa= To m...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

<yambe:breadcrumb self="Freeipa migration from openldap to freeipa">CentOS 8.x FreeIPA|FreeIPA</yambe:breadcrumb>

CentOS 8.x Freeipa migration from openldap to freeipa

To migrate openLDAP to freeipa use:

To create kerebros ticket run
```
kinit admin
```
Run migration from LDAP server using:
```
ipa migrate-ds --bind-dn='cn=root,dc=sbarjatiya,dc=com' --with-compat ldap://openldap1.rnd.com:389
```
and then enter bind DN's password. Bind DN should have administrative access so that it can read userPassword attributes and even migrate them.

Note that normal posixUser get migrated but for groups ipa expects 'groupOfNames' with multiple member attribute per member with value of DN of group member instead of posixGroup

Refer:

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=CentOS_8.x_Freeipa_migration_from_openldap_to_freeipa&oldid=4781"