Heather A. Selbe via FreeIPA-users wrote:
I am using ipa migrate-ds to move entries from an old single master
IPA
instance to an IDM instance on a new environment with a new realm name.
I was able to use the ipa migrate-ds command to get the users and groups
moved successfully, but I am missing stuff such as my host groups and
hbac and sudo rules. Are there flags to pull those over as well? For
host groups I don't need to move over the hosts since I will have to
register all of the boxes to the new realm anyhow to ensure they can
properly fine both of the masters that I will have in the new
environment. If need be I can do these by hand, but copying over these
sets as is since I know they work for my environment will be preferable.
If there's a better guide for options and flags for ipa migrate-ds,
please point me to it. All my searching brings me to the same pages that
have a very limited and specific set of usages for this command, and in
the os there isn't a man or help page for migrate-ds that I was able to
find.
migrate-ds only migrates users and groups at the moment.
It is possible to use ldapsearch to create an ldif of the data, massage
it for the new install, and then import it, but it does require some
knowledge of how IPA stores its data.
rob