This is an umbrella ticket. Here is a quick outline of what should happen.
- Procedure to dump data from Kerbers DB (doc) - Procedure to load data into LDAP using LDIF or scripts (doc + example script) - Procedure to extract master key and apply it to IPA - Procedure to migrate user passwords
a. Have a new migration mode (I suspect we need to be able to differentiate at least three modes: from LDAP, from Kerberos, from other IdM) b. Make changes to migration page to do kerb auth first and then bind to update LDAP hashes c. Teach SSSD to do extra bind in Kerberos migration mode to set the LDAP hash. It might need to check if hash is even set on the user in a migration mode.
This is related to #3656 as this would solve part of FreeIPA-to-FreeIPA migration.
Metadata Update from @dpal: - Issue assigned to someone - Issue set to the milestone: Future Releases
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.