actually ipa-backup isn’t such a bad approach. It produces ipa-data.tar, If you look in
the tar file you’ll find DOMAIN-userRoot.ldif. This is the whole database as an LDIF
fills. If you’ll spend a few minutes looking at the format, it’s actually pretty easy to
pull out individual entries or groups of entries. The lines in the LDIF files include
all the attributes, so it’s not hard to see how to put things back.
On Jun 25, 2018, at 5:17:20 PM, John Petrini via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hi Rob,
Exactly. I just need a quick way to restore in case someone fat fingers a change. I was
curious if there was a baked in way to do this using FreeIPA but it sounds like there
isn't.
Thanks for the other suggestions. It looks like a zone transfer will probably be the
simplest way to get a backup. I also stumbled across this tool:
https://github.com/freeipa/zone2dyndb-ldif
<
https://github.com/freeipa/zone2dyndb-ldif> for converting the zone transfer to
something usable by bind-dyndb-ldap so I'm going throw together a script to automate
the backups of the zones and another that uses zone2dyndb-ldif to import the backups.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...