Giulio Casella via FreeIPA-users wrote:
Hi,
it seems that last issue I had
(
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...)
has no easy resolution, so I'll try to bypass it.
I think the 389-ds team will be needed to help diagnose what is going on.
What is the best way to migrate an IPA setup? Maybe "ipa
migrate-ds"?
My goal is to reinstall from scratch an IPA server, and import (at
least) users, groups and group membership.
migrate-ds will do that but it loses user-private groups (they are
migrated as regular groups) and any role memberships.
What will remain to do after that? Rejoin all clients? Rebuild HBAC?
Add
misc services (nfs, ...)? What else?
Yeah, basically re-do all your customization: HBAC, sudo, automount, etc.
P.S. I could even change the domain name (e.g. old domain:
my.dom.ain,
new domain: second.dom.ain).
A new REALM would make it more obvious which clients need to be
re-enrolled but it isn't mandatory per-se.
rob