Manuals / Sun Microsystems / Computer Equipment / Server

Sun Microsystems 8190994 manual Automated Migration Using the dsmig Command

Models: 8190994

1 148

Download 148 pages 5.33 Kb

Page 29

Automated Migration Using the dsmig

C 2H A P T E R 2

Automated Migration Using the dsmig

Command

Directory Server 6.0 provides a command-line migration tool to help you migrate from a Directory Server 5.2 instance to a Directory Server 6.0 instance. You can only use the migration tool if your deployment satisfies the requirements for automatic migration described in “Deciding on Automatic or Manual Migration” on page 28.

The migration tool provides migration per instance. If several instances exist within the same server root, the migration tool must be run for each individual instance.

This chapter explains how to use the migration tool and covers the following topics:

■“About the Automatic Migration Tool” on page 29

■“Prerequisites for Running dsmig” on page 30

■“Using dsmig to Migrate the Schema” on page 30

■“Using dsmig to Migrate Security Data” on page 31

■“Using dsmig to Migrate Configuration Data” on page 31

■“Using dsmig to Migrate User Data” on page 35

■“Tasks to be Performed After Automatic Migration” on page 35

About the Automatic Migration Tool

The migration tool, dsmig, is delivered with the Directory Server 6.0 packages. When these packages have been installed, dsmig is located in install-path/ds6/bin.

dsmig must be run on the machine on which the new Directory Server instance will be located. When the command is run, a migration directory is created within the new instance directory (new-instance-path/migration). This directory is a repository for data produced by the migration, including log files and migration status files.

dsmig includes a set of sub-commands and options, that map to the individual migration steps described in “Outline of Migration Steps” on page 27. For information about the usage of dsmig, see dsmig(1M).

29

Sun Confidential: Registered

Image 29

Sun Microsystems 8190994 manual Automated Migration Using the dsmig Command, About the Automatic Migration Tool

Contents

Sun Java System Directory Server Enterprise Edition 6.0 Migration GuideSun Microsystems, Inc 4150 Network Circle Santa Clara, CA U.S.A Sun Confidential RegisteredThis distribution may include materials developed by third parties Sun Confidential Registered2 Automated Migration Using the dsmig Command Contents1 Overview of the Migration Process for Directory Server 3 Migrating Directory Server ManuallyMigrating the Schema Manually New Plug-Ins in Directory Server 7 Migrating Identity Synchronization for Windows Sun Confidential Registered IndexContents Sun Confidential Registered Migrating a Single-Host Deployment FiguresMigrating a Multi-Master Replication Deployment Migrating a Multi-Host Deployment with Windows NTSun Confidential Registered Mapping Between 5 and 6.0 Password Policy Attributes TablesTools Previously Under ServerRoot/shared/bin Location of Certificate and Key FilesTables Examples Sample Export Configuration FileSun Confidential Registered EXAMPLESun Confidential Registered Who Should Use This Book PrefaceBefore You Read This Book How This Book Is OrganizedTABLE P-1 Directory Server Enterprise Edition Documentation Directory Server Enterprise Edition Documentation SetTABLE P-1 Directory Server Enterprise Edition Documentation Related ReadingContinued http//docs.sun.com/coll/DirEdit05q1Redistributable Files Default Paths and Command LocationsDefault Paths Java Enterprise System installer, the default install-path is TABLE P-2 Default PathsSun Confidential Registered of Directory Server or Directory ProxyTABLE P-3 Command Locations Command LocationsTABLE P-3 Command Locations Typographic ConventionsContinued TABLE P-4 Typographic ConventionsSymbol Conventions Shell Prompts in Command ExamplesSymbol Conventions ContinuedSearching Sun Product Documentation Documentation, Support, and TrainingThird-Party Web Site References Sun Welcomes Your Comments Before You Migrate Overview of the Migration Process for Directory Server“Before You Migrate” on page “Deciding on the New Product Distribution” on pageBefore You Migrate Prerequisites to Migrating a Single Directory Server Instance FromPrerequisites to Migrating a Single Directory Server Instance From Outline of Migration Steps Deciding on the New Product DistributionTABLE 1-1 Migration Matrix Showing Support for Automated Migration Deciding on Automatic or Manual Migration“Using dsmig to Migrate the Schema” on page Automated Migration Using the dsmig Command“Using dsmig to Migrate Security Data” on page “Using dsmig to Migrate Configuration Data” on pagePrerequisites for Running dsmig Using dsmig to Migrate the SchemaUsing dsmig to Migrate Configuration Data Using dsmig to Migrate Security Data$ dsmig migrate-config old-instance-path new-instance-path $ dsmig migrate-security old-instance-path new-instance-pathChained Suffix Configuration Data Plug-in Configuration DataReplication Configuration Data Configuration Data For Suffixes With Multiple BackendsConfiguration Data for o=netscapeRoot Configuration Attributes Not Migrated by dsmignsabandonedsearchcheckinterval $ dsmig migrate-data old-instance-path new-instance-path Using dsmig to Migrate User DataTasks to be Performed After Automatic Migration Sun Confidential Registered “Migrating Configuration Data Manually” on page “Migrating the Schema Manually” on page“Migrating Security Settings Manually” on page Migrating Directory Server ManuallyMigration of Specific Configuration Attributes Migrating the Schema ManuallyMigrating Configuration Data Manually Chapter 3 Migrating Directory Server Manually Global Configuration AttributesMigrating Configuration Data Manually Mapping Tree Configuration Attributes Security Configuration AttributesFeature Configuration Attributes Fractional Replication Configuration Attributes Replication Configuration AttributesReplica Configuration Attributes Change Log AttributesReplication Agreement Configuration Password Policy Configuration AttributesTABLE 3-3 Mapping Between 5 and 6.0 Password Policy Attributes Database Configuration Attributes UniqueID Generator Configuration AttributesSNMP Attributes TABLE 3-3 Mapping Between 5 and 6.0 Password Policy AttributesChained Suffix Attributes Class of Service Plug-In Plug-In Configuration Attributes7-Bit Check Plug-In DSML Frontend Plug-InPassword Synchronization Plug-In Pass Through Authentication Plug-InReferential Integrity Plug-In Retro Change Log Plug-InMigrating Security Settings Manually Migrating User Data Manually Migrating User Plug-Ins Manually Migrating User Plug-Ins ManuallyTasks to be Performed After Manual Migration Migrating a Replicated Topology “Issues Related to Migrating Replicated Servers” on pageOverview of Migrating Replicated Servers “Overview of Migrating Replicated Servers” on pageIssues With the New Password Policy Issues Related to Migrating Replicated ServersMigration of Replication Agreements Migration of ReferralsNew Replication Recommendations Manual Reset of Replication CredentialsProblems Related to Tombstone Purging Migrating the Consumers Migration ScenariosMigrating a Replicated Topology to an Identical Topology FIGURE 4-2 Isolating the Consumer From the Topology FIGURE 4-1 Existing version 5 TopologyMigration Scenarios Chapter 4 Migrating a Replicated TopologyThe next step involves migrating the version 5 consumer Migrating the Hubs FIGURE 4-6 Isolating the Hub From the Topology FIGURE 4-5 Existing version 5 Topology With Migrated ConsumersMigration Scenarios 6.0 Consumer BFIGURE 4-7 Migrating the version 5 Hub The next step involves migrating the version 5 hubMigration Scenarios Chapter 4 Migrating a Replicated TopologyMigrating the Masters 9. If you have migrated the data, check that replication is in sync FIGURE 4-10 Isolating the Master From the Topology The next step involves migrating the version 5 masterFIGURE 4-11 Migrating the version 5 Master Migration ScenariosMigrating a Replicated Topology to a New Topology FIGURE 4-13 Existing version 5 Topology Migrating All the ServersFIGURE 4-14 Existing Topology With Migrated Servers Promoting the HubsFIGURE 4-15 Migrated Topology With Promoted Hub Replicas Promoting the ConsumersMigrating Over Multiple Data Centers Sun Confidential Registered “Changes in the Administration Framework” on page Changes in the Administration Framework“Changes to ACIs” on page “Command Line Changes” on page “Changes to the Console” on page “New Password Policy” on pageRemoval of the o=netscapeRoot Suffix Changes to ACIsChanges in the ACI Scope Changes in Suffix-Level ACIsCommand Line Changes Version 6.0 Command TABLE 5-1 Directory Server 5 and 6 commandsContinued Sun Confidential RegisteredTABLE 5-1 Directory Server 5 and 6 commands Deprecated CommandsTABLE 5-3 Version 5 Commands That Have Been Deprecated ContinuedChanges to the Console New Password PolicyPassword Policy Compatibility The pwd-compat-mode property can have one of the following values New Plug-Ins in Directory Server Changes to Plug-InsChanges to the Plug-In API Changes to the Installed Product LayoutPlug-Ins Deprecated in Directory Server Binaries Previously Under ServerRoot/bin Administration Utilities Previously Under ServerRootOnline Help Previously Under ServerRoot/manual Libraries and Plug-Ins Previously Under ServerRoot/libUtilities Previously Under ServerRoot/shared/bin Plug-Ins Previously Under ServerRoot/pluginsTABLE 5-5 Tools Previously Under ServerRoot/shared/bin Certificate and Key FilesContinued TABLE 5-6 Location of Certificate and Key FilesServer Instance Scripts Previously Under Silent Installation and Uninstallation TemplatesServer Instance Subdirectories ServerRoot/slapd-ServerID“Mapping the Global Configuration” on page Mapping the Global Configuration“Mapping the Connection Pool Configuration” on page “Mapping the Groups Configuration” on pageMapping the Global Configuration Mapping the Global Security Configuration TABLE 6-2 Mapping of Security Configuration Access Control on the Proxy ConfigurationManaging Certificates TABLE 6-3 Mapping of Connection Pool Attributes Mapping the Connection Pool ConfigurationMapping the Group Object Mapping the Groups ConfigurationCONNECTION-HANDLER-NAME is-ssl-mandatoryfalse Mapping the Network Group ObjectCONNECTION-HANDLER-NAME is-ssl-mandatorytrue Set this as a property for a specific listener port by using Mapping Bind ForwardingThis functionality exists but with less granularity than in Directory Proxy Server 5. Set this limit as a property for a$ dpconf help-properties grep request-filtering-policy Mapping Operation ForwardingConnection Handler Property Settings $ dpconf help-properties grep resource-limits-policy Mapping Subtree HidingMapping Search Request Controls Mapping Attributes Modifying Search Requests Mapping Compare Request Controls$ dpconf help-properties grep search-data-hiding-rule Mapping Attributes Restricting Search ResponsesDirectory Proxy Server 6.0 Properties Mapping the Referral Configuration AttributesDirectory Proxy Server 5 Attributes Mapping the Server Load Configuration Forbidden Entry Property Mapping the Properties ConfigurationAttribute Renaming Property $ dpconf help-properties grep ldap-data-source LDAP Server PropertyEnterprise Edition 6.0 Administration Guide Load Balancing PropertySource” in Sun Java System Directory Server Sun Confidential RegisteredMonitoring Backend Servers Enterprise Edition 6.0 Administration GuideLog Property Search Size Limit PropertyTABLE 6-17 Version 5 and Version 6 Log Functionality $ dpconf set-access-log-prop PROPERTYVALUEMapping the Events Configuration Mapping the Events ConfigurationProperties Mapping the Actions ConfigurationMigrating Identity Synchronization for Windows “What to Do if the 1.1 Uninstallation Fails” on page“Migration Overview” on page “Before You Migrate Identity Synchronization for Windows” on pageBefore You Migrate Identity Synchronization for Windows Migration OverviewPreparing for Identity Synchronization for Windows Migration Exporting Version 1.1 ConfigurationInserting Clear-Text Passwords Using the export11cnf UtilitycleartextPassword= Sample Export Configuration Fileindex=0 location=ou=people,dc=example,dc=com filter= ContinuedTopologyHost TopologyHost ContinuedContinued EXAMPLE 7-1 Sample Export Configuration FileAttributeMap AttributeDescription parent.attr=SunAttribute name=uniquemember syntax=1.3.6.1.4.1.1466.115.121.1.25Continued INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVEChecking for Undelivered Messages Using the checktopics Utility2 From a command prompt, type the subcommand as follows To Clear Messages2 Wait until the messages are applied to the destination connector 1 Open a Terminal window and cd to the migration directoryMigrating Your System Forcing Password Changes on Windows NTUse the following procedure to prepare for migration to version Preparing for Migration3 Add passwords to the exported XML file Preparing to migrate from version 1.1, and 1.1 SP1, to version2 Export your version 1.1 configuration settings to an XML file 5 Verify that your system is in a stable state b. Save the NT Change Detector Service counters7 On Windows NT only, perform the following steps i. Open the Registry Editor by executing regedt32.exeTo Uninstall Identity Synchronization for Windows Version Uninstalling Identity Synchronization for WindowsOn Solaris Type serverRoot \/slapd-hostname \/restart-slapd On Windows Type serverRoot\\\slapd- hostname\\\restart-slapd.batOn Windows Type \\runUninstaller.bat On Solaris or SPARC Type ./runUninstaller.shTo install the Identity Synchronization for Windows 6.0 components Installing or Upgrading the Dependent ProductsInstalling Identity Synchronization for Windows idsync prepds arguments\ cd serverRoot\isw-hostname\bin9 Start the service and the synchronization Manually Uninstalling 1.1 Core and Instances from Solaris What to Do if the 1.1 Uninstallation Fails“Manually Uninstalling 1.1 Core and Instances from Solaris” on page “Manually Uninstalling a 1.1 Instance from Windows NT” on pageetc/init.d/imq stop To Manually Uninstall Core From a Solaris Machine4 Remove the Directory Server Plugin 5 Back-up copy and rename the current productregistry file located in f. Stop Directory Serverh. Restart Directory Server 8 Clean up the configuration directory as follows 10 Clean up all other Console-related files as follows Manually Uninstalling 1.1 Core and Instances from Windowsa. Remove all the Console jar files by typing b. Remove all the Console servlet jar files by typingserverRoot\isw-hostname\ To uninstall Core from a Windows 2000 machinenet stop slapd-myhostname Core and Instances from Windows 2000” on page4 In the Registry Editor, select Edit →Delete from the menu bar b. Select Registry →Export Registry File from the menu bar8 Clean up the configuration directory as follows Manually Uninstalling a 1.1 Instance from Windows NT serverRoot\\\isw-hostname\ a. Open the Services window, right-click on Change Detector Service and select Properties a. Select the registry key entry in the left pane 10 Restart your machine for all changes to take effect Other Migration Scenarios9 Remove the Password Filter DLL “Multi-Host Deployment with Windows NT” on page Multi-Master Replication Deployment“Multi-Master Replication Deployment” on page Three hosts are used in this deployment scenario A Windows NT system Multi-Host Deployment with Windows NTA host for all other components FIGURE 7-3 Migrating a Multi-Host Deployment with Windows NT Password Changes on Both Directory Server Masters are LostChecking the Logs Index instance-path Page XML configuration documents Continued