Hi! I'am a newbie here.. I just have a question with regards to LDAP.
I have two free ipa server, one with ldap and the other one has no ldap on it, I wanted to transfer/migrate the ldap config from one server to another server with no ldap, is it possible? I'm searching the internet but can't find any source I can use to as reference. Hoping for your kind response. Thank you!
On 07/26/2017 08:32 AM, Ed Aiduc via FreeIPA-users wrote:
Hi! I'am a newbie here.. I just have a question with regards to LDAP.
I have two free ipa server, one with ldap and the other one has no ldap on it, I wanted to transfer/migrate the ldap config from one server to another server with no ldap, is it possible? I'm searching the internet but can't find any source I can use to as reference. Hoping for your kind response. Thank you! _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Hi,
I am a little bit confused by your question. When an IPA server is installed, the LDAP server (389-ds) is installed, configured and started. So when you are speaking of one IPA server with no LDAP on it, do you mean that you installed an IPA client? If it is the case, then you can promote the client from client to server using ipa-replica-install command line (see [1]). This will transform your IPA client into a replica, ie install the server components and replicate the server's data.
Or do you mean that you have 2 servers, each one for a separate domain, and you want to migrate the data from server1 to server2? In this case, you can use ipa migrate-ds (see [2]).
I may have misunderstood your situation, feel free to clarify if your issue is completely different.
Flo
[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm... [2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
I apologize for the confusion. I am referring to 2 servers with two different domains. I will try your suggestion and get back for the result. Thanks for the response :)
Hi..
Sorry for my this late update.. Thank you for responding to my query. I was able to do it on my test vm environment, replication and migration also works.
I tried this process on production environment but unfortunately I am encountering an error. Here's my scenario, I have an FreeIPA server (old one) and another FreeIPA server with no users and etc. I need to do replication/migration so the data from the old one will be seen on the new ipa server. I was expecting to have a positive and smooth operation since I have tested it on test vm. But unfortunately an error was encountered "CRITICAL Failed to restart the directory server ".
I checked the certificates and they are all valid and not expired also the pki-tomcatd service stops. My senior said that this issue was present even before I handled this project and they are not able to resolve this. Someone suggested to try using ldap commands not the ipa-tools on this so I can transfer user details, etc to another server.
May I know if this is possible and can you give me some instructions on how I can do migration using ldap commands. Thank you!!
On 08/22/2017 07:53 AM, Mon Corotan via FreeIPA-users wrote:
Hi..
Sorry for my this late update.. Thank you for responding to my query. I was able to do it on my test vm environment, replication and migration also works.
I tried this process on production environment but unfortunately I am encountering an error. Here's my scenario, I have an FreeIPA server (old one) and another FreeIPA server with no users and etc. I need to do replication/migration so the data from the old one will be seen on the new ipa server. I was expecting to have a positive and smooth operation since I have tested it on test vm. But unfortunately an error was encountered "CRITICAL Failed to restart the directory server ".
I checked the certificates and they are all valid and not expired also the pki-tomcatd service stops. My senior said that this issue was present even before I handled this project and they are not able to resolve this. Someone suggested to try using ldap commands not the ipa-tools on this so I can transfer user details, etc to another server.
May I know if this is possible and can you give me some instructions on how I can do migration using ldap commands. Thank you!! _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Hi,
can you detail the exact steps you performed, and provide logs related to the failure when starting the directory server?
You may want to have a look at our Troubleshooting page [1], and check which files to provide for debugging [2].
HTH, Flo
[1] https://www.freeipa.org/page/Troubleshooting [2] https://www.freeipa.org/page/Files_to_be_attached_to_bug_report
On Tue, Aug 22, 2017 at 10:59 AM, Florence Blanc-Renaud via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 08/22/2017 07:53 AM, Mon Corotan via FreeIPA-users wrote:
Hi..
Sorry for my this late update.. Thank you for responding to my query. I was able to do it on my test vm environment, replication and migration also works.
I tried this process on production environment but unfortunately I am encountering an error. Here's my scenario, I have an FreeIPA server (old one) and another FreeIPA server with no users and etc. I need to do replication/migration so the data from the old one will be seen on the new ipa server. I was expecting to have a positive and smooth operation since I have tested it on test vm. But unfortunately an error was encountered "CRITICAL Failed to restart the directory server ".
I checked the certificates and they are all valid and not expired also the pki-tomcatd service stops. My senior said that this issue was present even before I handled this project and they are not able to resolve this. Someone suggested to try using ldap commands not the ipa-tools on this so I can transfer user details, etc to another server.
May I know if this is possible and can you give me some instructions on how I can do migration using ldap commands. Thank you!!
Do I understand it correctly that you have 2 completely separated FreeIPA servers. I.e. they are not replicas of each other created by ipa-replica-install. And you would like to transfer data from one to other.
If you want to transfer only users and groups then `ipa migrate-ds` command might be an option - but it has limitation that it doesn't create user private groups.
If you want to transfer more data then you would need to load the data and add it via FreeIPA API or CLI becaise FreeIPA-FreeIPA migration is not an implemented feature. See, old RFE: https://pagure.io/freeipa/issue/3656
More details in https://www.freeipa.org/page/Howto/Migration
But if you want to create only IPA replica then follow Flo's suggestions.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Hi,
can you detail the exact steps you performed, and provide logs related to the failure when starting the directory server?
You may want to have a look at our Troubleshooting page [1], and check which files to provide for debugging [2].
HTH, Flo
[1] https://www.freeipa.org/page/Troubleshooting [2] https://www.freeipa.org/page/Files_to_be_attached_to_bug_report
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org