CentOS 8.x Freeipa migration from openldap to freeipa

From Notes_Wiki

Home > CentOS > CentOS 8.x > CentOS 8.x authentication servers > CentOS 8.x FreeIPA > CentOS 8.x Freeipa migration from openldap to freeipa

To migrate openLDAP to freeipa use:

  1. To create kerebros ticket run
    kinit admin
  2. Run migration from LDAP server using:
    ipa migrate-ds --bind-dn='cn=root,dc=sbarjatiya,dc=com' --with-compat ldap://openldap1.rnd.com:389
    and then enter bind DN's password. Bind DN should have administrative access so that it can read userPassword attributes and even migrate them.
    Note that normal posixUser get migrated but for groups ipa expects 'groupOfNames' with multiple member attribute per member with value of DN of group member instead of posixGroup

Refer:


Home > CentOS > CentOS 8.x > CentOS 8.x authentication servers > CentOS 8.x FreeIPA > CentOS 8.x Freeipa migration from openldap to freeipa