IBM HPSS manual Prepare the 6.2 System, Create Local Site Information using hpssldapadmin

The conversion program that imports DCE authorization information into LDAP is called hpss_ldap_import.

Usage: hpss_ldap_import <input dir> -realmname <realm>

%hpss_ldap_import /var/hpss/convert/6.2 -realmname "cn=hpss.acme.com"

Where the realmname option should use the name of the realm desired in LDAP.

The program requires a path to the directory where expected input files reside (the same path used when running hpss_dce_export). The program also allows some options for specifying what should be imported. Executing the program with no optional commands will result in a full import of group, principal, and cell information into LDAP. Sites are only recommended to use options if previous steps fail and only part of the import should take place.

The program may output warnings like "WARNING: this group has no members". The groups are still properly imported exactly as they existed in DCE (i.e. with no members), but the warning may help the site determine if the group really is necessary or not in HPSS 6.2.

The hpss_ldap_admin utility must be run following the hpss_ldap_import utility.

Create Local Site Information using hpss_ldap_admin

There is no utility provided to convert the local site information from the Location Server Policy (LS Policy) into LDAP. However, the Location Server needs to be able to lookup the local site entry in LDAP to register endpoints with the RPC group to successfully initialize and start in HPSS 6.2. Use the new LDAP administration tool, hpss_ldap_admin, to create a new site entry using the correct local site name from the Location Server Policy in HPSS 4.5 or 5.1. For example, if the local site name was “hpss.acme.com”:

% hpss_ldap_admin

LDAP: connected to hpss.acme.com:389

realm: cn=hpss.acme.com

hla> site create -name hpss.acme.com

dn: cn=hpss.acme.com,cn=hpssSite,cn=hpss.acme.com

return code: 0 (HPSS_E_NOERROR)

In the example above, the hpss_ldap_admin program created a new site entry called “hpss.acme.com” to match the local site name in HPSS 4.5 or 5.1 from the LS Policy metadata.

Import DCE Information into Kerberos

There is not utility provided to convert DCE principals and their passwords and UIDs into Kerberos. Instead, sites should consider creating new Kerberos accounts for each DCE principal that requires access to HPSS 6.2 that will have new Kerberos passwords. A site could create a Kerberos keytab file in the event that users aren’t required to know a password to access HPSS.

6.3.19. Prepare the 6.2 System

The following steps should be performed only if the metadata conversion completed successfully and no errors were reported by the conversion verification utilities. If there is a possibility that the HPSS system will be reverted back to the 4.5 or 5.1 level, do not attempt to continue with the remaining conversion steps.