[[linux_wiki:freeipa_migrate_rollback_to_ldap]]

FreeIPA Migrate Rollback To LDAP

General Information

Rollback IPA settings and restore LDAP with NSCD/NSLCD.

Checklist

  • Client having issues with new setup, roll-back in order to fix issues and try again later.

The Script

Run this script on a client that needs to rollback an IPA migration.

ldap_rollback-ipa-client-to-nscd.sh
#!/bin/bash
# Name: ldap_rollback-ipa-client-to-nscd.sh
# Description: Disables sssd and restores original ldap settings
# Last Updated: 03/16/2016
# Recent Changes:-Set authconfig to enable ldap for ident and auth
###############################################################################################
 
#### Functions Here: Main Starts After ####
function check_os_type
{
  if [ -f /etc/system-release-cpe ];then
    distro=$(awk -F: '{printf "%s", $3}' /etc/system-release-cpe)
    major_version=$(awk -F: '{printf "%d", $5}' /etc/system-release-cpe)
  elif [ -f /etc/redhat-release ];then
    distro=$(awk '{printf "%s", $1}' /etc/redhat-release)
    major_version=$(awk -F. '{print $1}' /etc/redhat-release | awk '{printf "%d", $3}')
  fi
}
#### End of Functions ####
 
#==================
# Main Starts Here
#==================
 
# Pre-checks
check_os_type
 
#==============================================================
# Confirm running the script
#==============================================================
echo -e "======================================================"
echo -e "####====== LDAP: Rollback IPA Client to NSCD =====####"
echo -e "======================================================"
echo
echo -e "Warning: This script will remove the ipa-client, enable nscd/nslcd, and set LDAP authentication."
echo -e "Detected Distro: ${distro} ${major_version}"
echo -e "\n=>Continue?[y/n]:\c"
read run_script
 
if [[ ${run_script} != "y" ]]; then
  echo -e "\n>>Will not run the LDAP rollback script. Exiting..."
  exit 1
fi
 
echo -e "\n>>Uninstalling ipa-client..."
ipa-client-install --uninstall
 
echo -e "\n>>Forcing Legacy Services and enabling ldap identification and auth..."
case ${major_version} in
  "7"|"6")
    authconfig --enableforcelegacy --enableldap --enableldapauth --update 
  ;;
  "5")
    authconfig --enableldap --enableldapauth --update
  ;;
esac
 
echo -e "\n>>Starting/enabling nscd/nslcd..."
case ${major_version} in
  "7")
    systemctl restart nscd nslcd
    systemctl enable nscd nslcd
  ;;
  "6")
    service nscd restart
    service nslcd restart
    chkconfig nscd on
    chkconfig nslcd on
  ;;
  "5")
    service nscd restart
    chkconfig nscd on
  ;;
esac
 
echo -e "\n======================================================"
echo -e "####==== Rollback IPA Client to NSCD Complete ====####"
echo -e "======================================================"

  • linux_wiki/freeipa_migrate_rollback_to_ldap.txt
  • Last modified: 2019/05/26 03:50
  • (external edit)