Manuals / Sun Microsystems / Computer Equipment / Server

Sun Microsystems 8190994 Before You Start a Manual Migration, Chapter covers the following topics

Models: 8190994

1 148

Download 148 pages 5.33 Kb

Page 37

C 3H A P T E R 3

Migrating Directory Server Manually

If your deployment does not satisfy the requirements for automatic migration described in “Deciding on Automatic or Manual Migration” on page 28, you must migrate the servers manually. This chapter describes the process for manual migration of each part of the server.

The chapter covers the following topics:

■“Before You Start a Manual Migration” on page 37

■“Migrating the Schema Manually” on page 38

■“Migrating Configuration Data Manually” on page 38

■“Migrating Security Settings Manually” on page 48

■“Migrating User Data Manually” on page 49

■“Migrating User Plug-Ins Manually” on page 50

■“Tasks to be Performed After Manual Migration” on page 50

Before You Start a Manual Migration

Migrating an instance manually involves migrating each part of the server in the same order as performed by the automatic migration tool (dsmig). In this section, old instance refers to the version 5 instance and new instance refers to the 6.0 instance.

Before you start a manual migration, ensure that the following tasks have been performed:

■Directory Server 6.0 software has been installed.

Directory Server 6.0 software can be installed on the same machine that holds the Directory Server 5 instance, or on a different machine.

■The new instance has been created.

The new instance can be created anywhere except for the exact location of the old instance. The new instance can be installed on the same LDAP/LDAPS port or on a different port. If you use different ports, any replication agreements to the new instance must be changed accordingly.

37

Sun Confidential: Registered

Image 37

Sun Microsystems 8190994 manual Before You Start a Manual Migration, Chapter covers the following topics

Contents

Sun Microsystems, Inc Network Circle Santa Clara, CA Enterprise Edition 6.0 Migration Guide070222@16599 Contents Architectural Changes in Directory Server Migrating a Replicated TopologyMigrating Directory Proxy Server Migrating Identity Synchronization for Windows 105Index 145 Sun Confidential Registered Figures Sun Confidential Registered Tables Mapping Between 5 and 6.0 Password Policy AttributesTables Examples Sun Confidential Registered Before You Read This Book Who Should Use This BookHow This Book Is Organized Table P-1Directory Server Enterprise Edition Documentation Directory Server Enterprise Edition Documentation SetTable P-1 Directory Server Enterprise Edition Documentation Related ReadingDefault Paths Default Paths and Command LocationsRedistributable Files Table P-2Default Paths Table P-3Command Locations Command LocationsTypographic Conventions Table P-3 Command LocationsTable P-4Typographic Conventions Symbol Conventions Shell Prompts in Command ExamplesSymbol Conventions Table P-5Shell PromptsThird-Party Web Site References Documentation, Support, and TrainingSearching Sun Product Documentation Search-termsitedocs.sun.comSun Welcomes Your Comments Before You Migrate Overview of the Migration Process for Directory ServerBefore You Migrate Outline of Migration Steps Deciding on the New Product Distribution1Migration Matrix Showing Support for Automated Migration Deciding on Automatic or Manual MigrationAbout the Automatic Migration Tool Automated Migration Using the dsmig CommandPrerequisites for Running dsmig Using dsmig to Migrate the SchemaUsing dsmig to Migrate Configuration Data Using dsmig to Migrate Security DataChained Suffix Configuration Data Plug-in Configuration DataReplication Configuration Data Configuration Data For Suffixes With Multiple BackendsConfiguration Data for o=netscapeRoot Configuration Attributes Not Migrated by dsmigNsmaxresponsedelay NsbindtimeoutNsmaxtestresponsedelay NsproxiedauthorizationTasks to be Performed After Automatic Migration Using dsmig to Migrate User DataSun Confidential Registered Chapter covers the following topics Before You Start a Manual MigrationMigrating Configuration Data Manually Migrating the Schema ManuallyMigration of Specific Configuration Attributes Values of the following attribute types must be migratedGlobal Configuration Attributes Feature Configuration Attributes Security Configuration AttributesMapping Tree Configuration Attributes NsKeyfile NsCertfileDs5ReferralDelayAfterInit NsDS5Flags NsDS5ReplicaBindDN Replication Configuration Attributes1Change Log Attribute Name Changes 2Fractional Replication Attribute Name ChangesReplication Agreement Configuration Password Policy Configuration Attributes3Mapping Between 5 and 6.0 Password Policy Attributes Database Configuration Attributes UniqueID Generator Configuration AttributesSnmp Attributes NsActivechainingComponents NsTransmittedControls Chained Suffix AttributesNsslapd-pluginarg* nsslapd-pluginenabled Plug-In Configuration AttributesNsslapd-pluginarg0 nsslapd-pluginenabled Nsslapd-pluginarg Nsslapd-pluginenabled Pass Through Authentication Plug-InUpdate the certificate database password Migrating Security Settings Manually$ dsadm set-flags instance-pathcert-pwd-prompt=on Start the new instance Migrating User Data Manually$ dsadm import instance-pathchangelog.ldif cn=changelog Tasks to be Performed After Manual Migration Migrating User Plug-Ins ManuallyOverview of Migrating Replicated Servers Migrating a Replicated TopologyIssues With the New Password Policy Issues Related to Migrating Replicated ServersMigration of Replication Agreements Migration of ReferralsProblems Related to Tombstone Purging Manual Reset of Replication CredentialsNew Replication Recommendations Migrating a Replicated Topology to an Identical Migration ScenariosMigrating the Consumers Master a Hub a Consumer a Master B Hub B Consumer B 3Migrating the version 5 Consumer Next step involves migrating the version 5 consumer4Placing the 6.0 Consumer Into the Topology Migrating the Hubs6Isolating the Hub From the Topology 7Migrating the version 5 Hub Next step involves migrating the version 5 hub8Placing the 6.0 Hub Into the Topology Migrating the MastersMaster a Master B Hub a 10Isolating the Master From the Topology Next step involves migrating the version 5 masterMigrating a Replicated Topology to a New Topology 13Existing version 5 Topology Migrating All the Servers14Existing Topology With Migrated Servers Promoting the Hubs15Migrated Topology With Promoted Hub Replicas Promoting the Consumers16New Fully-Meshed All-Master Topology Migrating Over Multiple Data CentersSun Confidential Registered Removal of the ServerRoot Directory Changes in the Administration FrameworkRemoval of the o=netscapeRoot Suffix Changes to ACIsChanges in the ACI Scope Changes in Suffix-Level ACIs1Directory Server 5 and 6 commands Command Line ChangesDirectory Server 5 and 6 commands 3Version 5 Commands That Have Been Deprecated Deprecated CommandsChanges to the Console New Password PolicyPassword Policy Compatibility Using fractional replication Generates the new equivalent password policy attributesPassword policy attributes in the database New-modeaction takes one of the following valuesNew Plug-Ins in Directory Server Changes to Plug-InsFollowing plug-ins have been added in Directory Server Plug-Ins Deprecated in Directory Server Changes to the Installed Product LayoutChanges to the Plug-In API Following plug-ins have been deprecated in Directory ServerOnline Help Previously Under ServerRoot/manual Binaries Previously Under ServerRoot/binUtilities Previously Under ServerRoot/shared/bin Plug-Ins Previously Under ServerRoot/plugins4Support for Plug-Ins 5Tools Previously Under ServerRoot/shared/bin6Location of Certificate and Key Files Certificate and Key FilesServer Instance Scripts Previously Under Silent Installation and Uninstallation TemplatesServer Instance Subdirectories 7Instance-Specific SubdirectoriesMigrating Directory Proxy Server Mapping the Global ConfigurationMapping the Global Configuration Administration Guide Mapping the Global Security Configuration2Mapping of Security Configuration Access Control on the Proxy ConfigurationManaging Certificates 3Mapping of Connection Pool Attributes Mapping the Connection Pool ConfigurationMapping the Group Object Mapping the Groups Configuration$ dpconf help-properties grep connection-handler Mapping the Network Group Object Mapping Bind Forwarding $ dpconf help-properties grep request-filtering-policy Mapping Operation ForwardingMapping Search Request Controls Mapping Subtree Hiding$ dpconf help-properties grep resource-limits-policy Mapping Attributes Modifying Search Requests Mapping Compare Request Controls$ dpconf help-properties grep search-data-hiding-rule Mapping Attributes Restricting Search ResponsesAttributesattribute-name Mapping the Referral Configuration AttributesMapping the Server Load Configuration Attribute Renaming Property Mapping the Properties ConfigurationForbidden Entry Property $ dpconf help-properties grep ldap-data-source Ldap Server PropertyLoad Balancing Property $ dpconf help-properties grep ldap-data-source-pool Monitoring Backend ServersLog Property Search Size Limit Property17Version 5 and Version 6 Log Functionality Mapping the Events Configuration Mapping the Actions Configuration Migrating Identity Synchronization for Windows Before You Migrate Identity Synchronization for Windows Migration OverviewPreparing for Identity Synchronization for Windows Migration Exporting Version 1.1 ConfigurationInserting Clear-Text Passwords Using the export11cnf UtilityFollowing sample exported configuration file Sample Export Configuration FileInsert Password Between the Double Quotes in the Above Field TopologyHost PortSSLOption=true SecurePort=3269 112 Field Checking for Undelivered Messages Using the checktopics UtilityRerun checktopics To Clear MessagesMigrating Your System Forcing Password Changes on Windows NT1Migrating a Single-Host Deployment Preparing for MigrationJAVAHOME%\\bin\\jar -xf filename Uncompress -c filename tar xfOn Windows, type the following command On Solaris, type the following commandTar cf /var/tmp/connector-state.tar persist etc To Uninstall Identity Synchronization for Windows Version Uninstalling Identity Synchronization for WindowsNet stop Sun ONE Identity Synchronization for Windows Installing Identity Synchronization for Windows Installing or Upgrading the Dependent ProductsOn Solaris type the following commands On Windows type the following commandsIdsync prepds arguments\ On Windows NT only, complete the following steps124 Manually Uninstalling 1.1 Core and Instances from Solaris What to Do if the 1.1 Uninstallation FailsUse the rm -rf command to remove the following directories To Manually Uninstall Core From a Solaris MachineServerRoot/isw-hostname/imquninstall Usr/ucb/ps -gauxwww grep javaPkginfo grep -i Identity Synchronization Etc/imq Var/imq Usr/bin/imqVar/sadm/install/productregistry Cn=pswsync,cn=plugins,cn=configClean up the configuration directory as follows Manually Uninstalling 1.1 Core and Instances from Windows To uninstall Core from a Windows 2000 machine Net stop slapd-myhostname ServerRoot\\\lib\\psw-plugin.soMigrating Identity Synchronization for Windows 133 For example, C\Program Files\Sun\mps\isw-example \\Program Files\\Sun\\mps\\java\\jars\\isw Manually Uninstalling a 1.1 Instance from Windows NTServerRoot\\\isw-hostname\ Migrating Identity Synchronization for Windows 137 138 For example, C\\Program Files\\Sun\\mps\\isw-example Other Migration ScenariosSample deployment scenarios include Multi-Master Replication Deployment2Migrating a Multi-Master Replication Deployment Multi-Host Deployment with Windows NT2Multi-Host Deployment 3Migrating a Multi-Host Deployment with Windows NT Checking the Logs Change Detector subcomponents IndexInstance-path,19 147 Synchronizing, changes with Directory Server XML configuration documents