Manuals / Sun Microsystems / Computer Equipment / Server

Sun Microsystems 8190994 manual Migrating Identity Synchronization for Windows

Models: 8190994

1 148

Download 148 pages 5.33 Kb

Page 105

Migrating Identity Synchronization for Windows

C 7H A P T E R 7

Migrating Identity Synchronization for Windows

This chapter explains how to migrate your system from Identity Synchronization for Windows version 1.1, and 1.1 SP1, to version 6.0.

In the remainder of this chapter, version 1.1 includes version 1.1 SP1.

Note – When you install Identity Synchronization for Windows version 1.1, Message Queue is also installed on your system. Identity Synchronization for Windows 6.0 does not install Message Queue.

For installation and upgrade information about Message Queue, read the installation instructions for Java Enterprise System software at http://docs.sun.com/coll/1286.2 (http://docs.sun.com/coll/1286.2).

This chapter includes the following sections:

■“Migration Overview” on page 106

■“Before You Migrate Identity Synchronization for Windows” on page 106

■“Preparing for Identity Synchronization for Windows Migration” on page 107

■“Migrating Your System” on page 116

■“What to Do if the 1.1 Uninstallation Fails” on page 125

■“Other Migration Scenarios” on page 139

■“Checking the Logs” on page 144

105

Sun Confidential: Registered

Image 105

Sun Microsystems 8190994 manual Migrating Identity Synchronization for Windows, “Migration Overview” on page

Contents

Sun Java System Directory Server Enterprise Edition 6.0 Migration GuideSun Microsystems, Inc 4150 Network Circle Santa Clara, CA U.S.A Sun Confidential RegisteredThis distribution may include materials developed by third parties Sun Confidential Registered2 Automated Migration Using the dsmig Command Contents1 Overview of the Migration Process for Directory Server 3 Migrating Directory Server ManuallyMigrating the Schema Manually New Plug-Ins in Directory Server 7 Migrating Identity Synchronization for Windows Index ContentsSun Confidential Registered Sun Confidential Registered Migrating a Single-Host Deployment FiguresMigrating a Multi-Master Replication Deployment Migrating a Multi-Host Deployment with Windows NTSun Confidential Registered Mapping Between 5 and 6.0 Password Policy Attributes TablesTools Previously Under ServerRoot/shared/bin Location of Certificate and Key FilesTables Examples Sample Export Configuration FileSun Confidential Registered EXAMPLESun Confidential Registered Who Should Use This Book PrefaceBefore You Read This Book How This Book Is OrganizedTABLE P-1 Directory Server Enterprise Edition Documentation Directory Server Enterprise Edition Documentation SetTABLE P-1 Directory Server Enterprise Edition Documentation Related ReadingContinued http//docs.sun.com/coll/DirEdit05q1Default Paths and Command Locations Default PathsRedistributable Files Java Enterprise System installer, the default install-path is TABLE P-2 Default PathsSun Confidential Registered of Directory Server or Directory ProxyTABLE P-3 Command Locations Command LocationsTABLE P-3 Command Locations Typographic ConventionsContinued TABLE P-4 Typographic ConventionsSymbol Conventions Shell Prompts in Command ExamplesSymbol Conventions ContinuedDocumentation, Support, and Training Third-Party Web Site ReferencesSearching Sun Product Documentation Sun Welcomes Your Comments Before You Migrate Overview of the Migration Process for Directory Server“Before You Migrate” on page “Deciding on the New Product Distribution” on pagePrerequisites to Migrating a Single Directory Server Instance From Prerequisites to Migrating a Single Directory Server Instance FromBefore You Migrate Outline of Migration Steps Deciding on the New Product DistributionTABLE 1-1 Migration Matrix Showing Support for Automated Migration Deciding on Automatic or Manual Migration“Using dsmig to Migrate the Schema” on page Automated Migration Using the dsmig Command“Using dsmig to Migrate Security Data” on page “Using dsmig to Migrate Configuration Data” on pagePrerequisites for Running dsmig Using dsmig to Migrate the SchemaUsing dsmig to Migrate Configuration Data Using dsmig to Migrate Security Data$ dsmig migrate-config old-instance-path new-instance-path $ dsmig migrate-security old-instance-path new-instance-pathChained Suffix Configuration Data Plug-in Configuration DataReplication Configuration Data Configuration Data For Suffixes With Multiple BackendsConfiguration Data for o=netscapeRoot Configuration Attributes Not Migrated by dsmignsabandonedsearchcheckinterval Using dsmig to Migrate User Data Tasks to be Performed After Automatic Migration$ dsmig migrate-data old-instance-path new-instance-path Sun Confidential Registered “Migrating Configuration Data Manually” on page “Migrating the Schema Manually” on page“Migrating Security Settings Manually” on page Migrating Directory Server ManuallyMigrating the Schema Manually Migrating Configuration Data ManuallyMigration of Specific Configuration Attributes Global Configuration Attributes Migrating Configuration Data ManuallyChapter 3 Migrating Directory Server Manually Security Configuration Attributes Feature Configuration AttributesMapping Tree Configuration Attributes Fractional Replication Configuration Attributes Replication Configuration AttributesReplica Configuration Attributes Change Log AttributesReplication Agreement Configuration Password Policy Configuration AttributesTABLE 3-3 Mapping Between 5 and 6.0 Password Policy Attributes Database Configuration Attributes UniqueID Generator Configuration AttributesSNMP Attributes TABLE 3-3 Mapping Between 5 and 6.0 Password Policy AttributesChained Suffix Attributes Class of Service Plug-In Plug-In Configuration Attributes7-Bit Check Plug-In DSML Frontend Plug-InPassword Synchronization Plug-In Pass Through Authentication Plug-InReferential Integrity Plug-In Retro Change Log Plug-InMigrating Security Settings Manually Migrating User Data Manually Migrating User Plug-Ins Manually Tasks to be Performed After Manual MigrationMigrating User Plug-Ins Manually Migrating a Replicated Topology “Issues Related to Migrating Replicated Servers” on pageOverview of Migrating Replicated Servers “Overview of Migrating Replicated Servers” on pageIssues With the New Password Policy Issues Related to Migrating Replicated ServersMigration of Replication Agreements Migration of ReferralsManual Reset of Replication Credentials Problems Related to Tombstone PurgingNew Replication Recommendations Migration Scenarios Migrating a Replicated Topology to an Identical TopologyMigrating the Consumers FIGURE 4-2 Isolating the Consumer From the Topology FIGURE 4-1 Existing version 5 TopologyMigration Scenarios Chapter 4 Migrating a Replicated TopologyThe next step involves migrating the version 5 consumer Migrating the Hubs FIGURE 4-6 Isolating the Hub From the Topology FIGURE 4-5 Existing version 5 Topology With Migrated ConsumersMigration Scenarios 6.0 Consumer BFIGURE 4-7 Migrating the version 5 Hub The next step involves migrating the version 5 hubMigration Scenarios Chapter 4 Migrating a Replicated TopologyMigrating the Masters 9. If you have migrated the data, check that replication is in sync FIGURE 4-10 Isolating the Master From the Topology The next step involves migrating the version 5 masterFIGURE 4-11 Migrating the version 5 Master Migration ScenariosMigrating a Replicated Topology to a New Topology FIGURE 4-13 Existing version 5 Topology Migrating All the ServersFIGURE 4-14 Existing Topology With Migrated Servers Promoting the HubsFIGURE 4-15 Migrated Topology With Promoted Hub Replicas Promoting the ConsumersMigrating Over Multiple Data Centers Sun Confidential Registered “Changes in the Administration Framework” on page Changes in the Administration Framework“Changes to ACIs” on page “Command Line Changes” on page “Changes to the Console” on page “New Password Policy” on pageRemoval of the o=netscapeRoot Suffix Changes to ACIsChanges in the ACI Scope Changes in Suffix-Level ACIsCommand Line Changes Version 6.0 Command TABLE 5-1 Directory Server 5 and 6 commandsContinued Sun Confidential RegisteredTABLE 5-1 Directory Server 5 and 6 commands Deprecated CommandsTABLE 5-3 Version 5 Commands That Have Been Deprecated ContinuedChanges to the Console New Password PolicyPassword Policy Compatibility The pwd-compat-mode property can have one of the following values New Plug-Ins in Directory Server Changes to Plug-InsChanges to the Installed Product Layout Plug-Ins Deprecated in Directory ServerChanges to the Plug-In API Binaries Previously Under ServerRoot/bin Administration Utilities Previously Under ServerRootOnline Help Previously Under ServerRoot/manual Libraries and Plug-Ins Previously Under ServerRoot/libUtilities Previously Under ServerRoot/shared/bin Plug-Ins Previously Under ServerRoot/pluginsTABLE 5-5 Tools Previously Under ServerRoot/shared/bin Certificate and Key FilesContinued TABLE 5-6 Location of Certificate and Key FilesServer Instance Scripts Previously Under Silent Installation and Uninstallation TemplatesServer Instance Subdirectories ServerRoot/slapd-ServerID“Mapping the Global Configuration” on page Mapping the Global Configuration“Mapping the Connection Pool Configuration” on page “Mapping the Groups Configuration” on pageMapping the Global Configuration Mapping the Global Security Configuration Access Control on the Proxy Configuration Managing CertificatesTABLE 6-2 Mapping of Security Configuration TABLE 6-3 Mapping of Connection Pool Attributes Mapping the Connection Pool ConfigurationMapping the Group Object Mapping the Groups ConfigurationMapping the Network Group Object CONNECTION-HANDLER-NAME is-ssl-mandatorytrueCONNECTION-HANDLER-NAME is-ssl-mandatoryfalse Set this as a property for a specific listener port by using Mapping Bind ForwardingThis functionality exists but with less granularity than in Directory Proxy Server 5. Set this limit as a property for aMapping Operation Forwarding Connection Handler Property Settings$ dpconf help-properties grep request-filtering-policy Mapping Subtree Hiding Mapping Search Request Controls$ dpconf help-properties grep resource-limits-policy Mapping Attributes Modifying Search Requests Mapping Compare Request Controls$ dpconf help-properties grep search-data-hiding-rule Mapping Attributes Restricting Search ResponsesMapping the Referral Configuration Attributes Directory Proxy Server 5 AttributesDirectory Proxy Server 6.0 Properties Mapping the Server Load Configuration Mapping the Properties Configuration Attribute Renaming PropertyForbidden Entry Property $ dpconf help-properties grep ldap-data-source LDAP Server PropertyEnterprise Edition 6.0 Administration Guide Load Balancing PropertySource” in Sun Java System Directory Server Sun Confidential RegisteredMonitoring Backend Servers Enterprise Edition 6.0 Administration GuideLog Property Search Size Limit PropertyTABLE 6-17 Version 5 and Version 6 Log Functionality $ dpconf set-access-log-prop PROPERTYVALUEMapping the Events Configuration Mapping the Events ConfigurationProperties Mapping the Actions ConfigurationMigrating Identity Synchronization for Windows “What to Do if the 1.1 Uninstallation Fails” on page“Migration Overview” on page “Before You Migrate Identity Synchronization for Windows” on pageBefore You Migrate Identity Synchronization for Windows Migration OverviewPreparing for Identity Synchronization for Windows Migration Exporting Version 1.1 ConfigurationInserting Clear-Text Passwords Using the export11cnf UtilitycleartextPassword= Sample Export Configuration Fileindex=0 location=ou=people,dc=example,dc=com filter= ContinuedTopologyHost TopologyHost ContinuedContinued EXAMPLE 7-1 Sample Export Configuration FileAttributeMap AttributeDescription parent.attr=SunAttribute name=uniquemember syntax=1.3.6.1.4.1.1466.115.121.1.25Continued INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVEChecking for Undelivered Messages Using the checktopics Utility2 From a command prompt, type the subcommand as follows To Clear Messages2 Wait until the messages are applied to the destination connector 1 Open a Terminal window and cd to the migration directoryMigrating Your System Forcing Password Changes on Windows NTUse the following procedure to prepare for migration to version Preparing for MigrationPreparing to migrate from version 1.1, and 1.1 SP1, to version 2 Export your version 1.1 configuration settings to an XML file3 Add passwords to the exported XML file 5 Verify that your system is in a stable state b. Save the NT Change Detector Service counters7 On Windows NT only, perform the following steps i. Open the Registry Editor by executing regedt32.exeTo Uninstall Identity Synchronization for Windows Version Uninstalling Identity Synchronization for WindowsOn Solaris Type serverRoot \/slapd-hostname \/restart-slapd On Windows Type serverRoot\\\slapd- hostname\\\restart-slapd.batOn Windows Type \\runUninstaller.bat On Solaris or SPARC Type ./runUninstaller.shInstalling or Upgrading the Dependent Products Installing Identity Synchronization for WindowsTo install the Identity Synchronization for Windows 6.0 components idsync prepds arguments\ cd serverRoot\isw-hostname\bin9 Start the service and the synchronization Manually Uninstalling 1.1 Core and Instances from Solaris What to Do if the 1.1 Uninstallation Fails“Manually Uninstalling 1.1 Core and Instances from Solaris” on page “Manually Uninstalling a 1.1 Instance from Windows NT” on pageetc/init.d/imq stop To Manually Uninstall Core From a Solaris Machine4 Remove the Directory Server Plugin f. Stop Directory Server h. Restart Directory Server5 Back-up copy and rename the current productregistry file located in 8 Clean up the configuration directory as follows 10 Clean up all other Console-related files as follows Manually Uninstalling 1.1 Core and Instances from Windowsa. Remove all the Console jar files by typing b. Remove all the Console servlet jar files by typingserverRoot\isw-hostname\ To uninstall Core from a Windows 2000 machinenet stop slapd-myhostname Core and Instances from Windows 2000” on page4 In the Registry Editor, select Edit →Delete from the menu bar b. Select Registry →Export Registry File from the menu bar8 Clean up the configuration directory as follows Manually Uninstalling a 1.1 Instance from Windows NT serverRoot\\\isw-hostname\ a. Open the Services window, right-click on Change Detector Service and select Properties a. Select the registry key entry in the left pane Other Migration Scenarios 9 Remove the Password Filter DLL10 Restart your machine for all changes to take effect Multi-Master Replication Deployment “Multi-Master Replication Deployment” on page“Multi-Host Deployment with Windows NT” on page Three hosts are used in this deployment scenario A Windows NT system Multi-Host Deployment with Windows NTA host for all other components FIGURE 7-3 Migrating a Multi-Host Deployment with Windows NT Password Changes on Both Directory Server Masters are LostChecking the Logs Index instance-path Page XML configuration documents Continued