Enterprise Edition 6.0 Migration Guide
Sun Microsystems, Inc Network Circle Santa Clara, CA
070222@16599
Contents
Migrating a Replicated Topology
Architectural Changes in Directory Server
Migrating Directory Proxy Server
105
Migrating Identity Synchronization for Windows
Index 145
Sun Confidential Registered
Figures
Sun Confidential Registered
Mapping Between 5 and 6.0 Password Policy Attributes
Tables
Tables
Examples
Sun Confidential Registered
Who Should Use This Book
Before You Read This Book
How This Book Is Organized
Directory Server Enterprise Edition Documentation Set
Table P-1Directory Server Enterprise Edition Documentation
Related Reading
Table P-1 Directory Server Enterprise Edition Documentation
Default Paths and Command Locations
Default Paths
Redistributable Files
Table P-2Default Paths
Command Locations
Table P-3Command Locations
Table P-3 Command Locations
Typographic Conventions
Table P-4Typographic Conventions
Symbol Conventions
Shell Prompts in Command Examples
Symbol Conventions
Table P-5Shell Prompts
Searching Sun Product Documentation
Documentation, Support, and Training
Third-Party Web Site References
Search-termsitedocs.sun.com
Sun Welcomes Your Comments
Overview of the Migration Process for Directory Server
Before You Migrate
Before You Migrate
Deciding on the New Product Distribution
Outline of Migration Steps
Deciding on Automatic or Manual Migration
1Migration Matrix Showing Support for Automated Migration
Automated Migration Using the dsmig Command
About the Automatic Migration Tool
Using dsmig to Migrate the Schema
Prerequisites for Running dsmig
Using dsmig to Migrate Security Data
Using dsmig to Migrate Configuration Data
Plug-in Configuration Data
Chained Suffix Configuration Data
Configuration Data for o=netscapeRoot
Configuration Data For Suffixes With Multiple Backends
Replication Configuration Data
Configuration Attributes Not Migrated by dsmig
Nsmaxtestresponsedelay
Nsbindtimeout
Nsmaxresponsedelay
Nsproxiedauthorization
Using dsmig to Migrate User Data
Tasks to be Performed After Automatic Migration
Sun Confidential Registered
Before You Start a Manual Migration
Chapter covers the following topics
Migration of Specific Configuration Attributes
Migrating the Schema Manually
Migrating Configuration Data Manually
Values of the following attribute types must be migrated
Global Configuration Attributes
Mapping Tree Configuration Attributes
Security Configuration Attributes
Feature Configuration Attributes
NsKeyfile NsCertfile
1Change Log Attribute Name Changes
Replication Configuration Attributes
Ds5ReferralDelayAfterInit NsDS5Flags NsDS5ReplicaBindDN
2Fractional Replication Attribute Name Changes
Password Policy Configuration Attributes
Replication Agreement Configuration
3Mapping Between 5 and 6.0 Password Policy Attributes
UniqueID Generator Configuration Attributes
Database Configuration Attributes
Snmp Attributes
Chained Suffix Attributes
NsActivechainingComponents NsTransmittedControls
Plug-In Configuration Attributes
Nsslapd-pluginarg* nsslapd-pluginenabled
Nsslapd-pluginarg0 nsslapd-pluginenabled
Pass Through Authentication Plug-In
Nsslapd-pluginarg Nsslapd-pluginenabled
Migrating Security Settings Manually
Update the certificate database password
$ dsadm set-flags instance-pathcert-pwd-prompt=on
Migrating User Data Manually
Start the new instance
$ dsadm import instance-pathchangelog.ldif cn=changelog
Migrating User Plug-Ins Manually
Tasks to be Performed After Manual Migration
Migrating a Replicated Topology
Overview of Migrating Replicated Servers
Migration of Replication Agreements
Issues Related to Migrating Replicated Servers
Issues With the New Password Policy
Migration of Referrals
Manual Reset of Replication Credentials
Problems Related to Tombstone Purging
New Replication Recommendations
Migration Scenarios
Migrating a Replicated Topology to an Identical
Migrating the Consumers
Master a Hub a Consumer a Master B Hub B Consumer B
Next step involves migrating the version 5 consumer
3Migrating the version 5 Consumer
Migrating the Hubs
4Placing the 6.0 Consumer Into the Topology
6Isolating the Hub From the Topology
Next step involves migrating the version 5 hub
7Migrating the version 5 Hub
Migrating the Masters
8Placing the 6.0 Hub Into the Topology
Master a Master B Hub a
Next step involves migrating the version 5 master
10Isolating the Master From the Topology
Migrating a Replicated Topology to a New Topology
Migrating All the Servers
13Existing version 5 Topology
Promoting the Hubs
14Existing Topology With Migrated Servers
Promoting the Consumers
15Migrated Topology With Promoted Hub Replicas
Migrating Over Multiple Data Centers
16New Fully-Meshed All-Master Topology
Sun Confidential Registered
Changes in the Administration Framework
Removal of the ServerRoot Directory
Changes in the ACI Scope
Changes to ACIs
Removal of the o=netscapeRoot Suffix
Changes in Suffix-Level ACIs
Command Line Changes
1Directory Server 5 and 6 commands
Directory Server 5 and 6 commands
Deprecated Commands
3Version 5 Commands That Have Been Deprecated
New Password Policy
Changes to the Console
Password Policy Compatibility
Password policy attributes in the database
Generates the new equivalent password policy attributes
Using fractional replication
New-modeaction takes one of the following values
Changes to Plug-Ins
New Plug-Ins in Directory Server
Following plug-ins have been added in Directory Server
Changes to the Plug-In API
Changes to the Installed Product Layout
Plug-Ins Deprecated in Directory Server
Following plug-ins have been deprecated in Directory Server
Binaries Previously Under ServerRoot/bin
Online Help Previously Under ServerRoot/manual
4Support for Plug-Ins
Plug-Ins Previously Under ServerRoot/plugins
Utilities Previously Under ServerRoot/shared/bin
5Tools Previously Under ServerRoot/shared/bin
Certificate and Key Files
6Location of Certificate and Key Files
Server Instance Subdirectories
Silent Installation and Uninstallation Templates
Server Instance Scripts Previously Under
7Instance-Specific Subdirectories
Mapping the Global Configuration
Migrating Directory Proxy Server
Mapping the Global Configuration
Mapping the Global Security Configuration
Administration Guide
Access Control on the Proxy Configuration
2Mapping of Security Configuration
Managing Certificates
Mapping the Connection Pool Configuration
3Mapping of Connection Pool Attributes
Mapping the Groups Configuration
Mapping the Group Object
$ dpconf help-properties grep connection-handler
Mapping the Network Group Object
Mapping Bind Forwarding
Mapping Operation Forwarding
$ dpconf help-properties grep request-filtering-policy
Mapping Subtree Hiding
Mapping Search Request Controls
$ dpconf help-properties grep resource-limits-policy
Mapping Compare Request Controls
Mapping Attributes Modifying Search Requests
Mapping Attributes Restricting Search Responses
$ dpconf help-properties grep search-data-hiding-rule
Mapping the Referral Configuration Attributes
Attributesattribute-name
Mapping the Server Load Configuration
Mapping the Properties Configuration
Attribute Renaming Property
Forbidden Entry Property
Ldap Server Property
$ dpconf help-properties grep ldap-data-source
Load Balancing Property
Monitoring Backend Servers
$ dpconf help-properties grep ldap-data-source-pool
Search Size Limit Property
Log Property
17Version 5 and Version 6 Log Functionality
Mapping the Events Configuration
Mapping the Actions Configuration
Migrating Identity Synchronization for Windows
Migration Overview
Before You Migrate Identity Synchronization for Windows
Exporting Version 1.1 Configuration
Preparing for Identity Synchronization for Windows Migration
Using the export11cnf Utility
Inserting Clear-Text Passwords
Sample Export Configuration File
Following sample exported configuration file
Insert Password Between the Double Quotes in the Above Field
TopologyHost PortSSLOption=true SecurePort=3269
112
Field
Using the checktopics Utility
Checking for Undelivered Messages
To Clear Messages
Rerun checktopics
Forcing Password Changes on Windows NT
Migrating Your System
Preparing for Migration
1Migrating a Single-Host Deployment
Uncompress -c filename tar xf
JAVAHOME%\\bin\\jar -xf filename
On Solaris, type the following command
On Windows, type the following command
Tar cf /var/tmp/connector-state.tar persist etc
Uninstalling Identity Synchronization for Windows
To Uninstall Identity Synchronization for Windows Version
Net stop Sun ONE Identity Synchronization for Windows
On Solaris type the following commands
Installing or Upgrading the Dependent Products
Installing Identity Synchronization for Windows
On Windows type the following commands
On Windows NT only, complete the following steps
Idsync prepds arguments\
124
What to Do if the 1.1 Uninstallation Fails
Manually Uninstalling 1.1 Core and Instances from Solaris
ServerRoot/isw-hostname/imquninstall
To Manually Uninstall Core From a Solaris Machine
Use the rm -rf command to remove the following directories
Usr/ucb/ps -gauxwww grep java
Etc/imq Var/imq Usr/bin/imq
Pkginfo grep -i Identity Synchronization
Cn=pswsync,cn=plugins,cn=config
Var/sadm/install/productregistry
Clean up the configuration directory as follows
Manually Uninstalling 1.1 Core and Instances from Windows
To uninstall Core from a Windows 2000 machine
ServerRoot\\\lib\\psw-plugin.so
Net stop slapd-myhostname
Migrating Identity Synchronization for Windows 133
For example, C\Program Files\Sun\mps\isw-example
Manually Uninstalling a 1.1 Instance from Windows NT
\\Program Files\\Sun\\mps\\java\\jars\\isw
ServerRoot\\\isw-hostname\
Migrating Identity Synchronization for Windows 137
138
Other Migration Scenarios
For example, C\\Program Files\\Sun\\mps\\isw-example
Multi-Master Replication Deployment
Sample deployment scenarios include
Multi-Host Deployment with Windows NT
2Migrating a Multi-Master Replication Deployment
2Multi-Host Deployment
3Migrating a Multi-Host Deployment with Windows NT
Checking the Logs
Index
Change Detector subcomponents
Instance-path,19
147
XML configuration documents
Synchronizing, changes with Directory Server