Enterprise Edition 6.0 Migration Guide
Sun Microsystems, Inc Network Circle Santa Clara, CA
070222@16599
Contents
Migrating a Replicated Topology
Architectural Changes in Directory Server
Migrating Directory Proxy Server
105
Migrating Identity Synchronization for Windows
Index 145
Sun Confidential Registered
Figures
Sun Confidential Registered
Mapping Between 5 and 6.0 Password Policy Attributes
Tables
Tables
Examples
Sun Confidential Registered
Before You Read This Book
Who Should Use This Book
How This Book Is Organized
Directory Server Enterprise Edition Documentation Set
Table P-1Directory Server Enterprise Edition Documentation
Related Reading
Table P-1 Directory Server Enterprise Edition Documentation
Default Paths
Default Paths and Command Locations
Redistributable Files
Table P-2Default Paths
Command Locations
Table P-3Command Locations
Typographic Conventions
Table P-3 Command Locations
Table P-4Typographic Conventions
Shell Prompts in Command Examples
Symbol Conventions
Symbol Conventions
Table P-5Shell Prompts
Documentation, Support, and Training
Third-Party Web Site References
Searching Sun Product Documentation
Search-termsitedocs.sun.com
Sun Welcomes Your Comments
Overview of the Migration Process for Directory Server
Before You Migrate
Before You Migrate
Deciding on the New Product Distribution
Outline of Migration Steps
Deciding on Automatic or Manual Migration
1Migration Matrix Showing Support for Automated Migration
Automated Migration Using the dsmig Command
About the Automatic Migration Tool
Using dsmig to Migrate the Schema
Prerequisites for Running dsmig
Using dsmig to Migrate Security Data
Using dsmig to Migrate Configuration Data
Plug-in Configuration Data
Chained Suffix Configuration Data
Configuration Data For Suffixes With Multiple Backends
Replication Configuration Data
Configuration Data for o=netscapeRoot
Configuration Attributes Not Migrated by dsmig
Nsbindtimeout
Nsmaxresponsedelay
Nsmaxtestresponsedelay
Nsproxiedauthorization
Using dsmig to Migrate User Data
Tasks to be Performed After Automatic Migration
Sun Confidential Registered
Before You Start a Manual Migration
Chapter covers the following topics
Migrating the Schema Manually
Migrating Configuration Data Manually
Migration of Specific Configuration Attributes
Values of the following attribute types must be migrated
Global Configuration Attributes
Security Configuration Attributes
Feature Configuration Attributes
Mapping Tree Configuration Attributes
NsKeyfile NsCertfile
Replication Configuration Attributes
Ds5ReferralDelayAfterInit NsDS5Flags NsDS5ReplicaBindDN
1Change Log Attribute Name Changes
2Fractional Replication Attribute Name Changes
Password Policy Configuration Attributes
Replication Agreement Configuration
3Mapping Between 5 and 6.0 Password Policy Attributes
Database Configuration Attributes
UniqueID Generator Configuration Attributes
Snmp Attributes
Chained Suffix Attributes
NsActivechainingComponents NsTransmittedControls
Nsslapd-pluginarg* nsslapd-pluginenabled
Plug-In Configuration Attributes
Nsslapd-pluginarg0 nsslapd-pluginenabled
Pass Through Authentication Plug-In
Nsslapd-pluginarg Nsslapd-pluginenabled
Update the certificate database password
Migrating Security Settings Manually
$ dsadm set-flags instance-pathcert-pwd-prompt=on
Start the new instance
Migrating User Data Manually
$ dsadm import instance-pathchangelog.ldif cn=changelog
Migrating User Plug-Ins Manually
Tasks to be Performed After Manual Migration
Migrating a Replicated Topology
Overview of Migrating Replicated Servers
Issues Related to Migrating Replicated Servers
Issues With the New Password Policy
Migration of Replication Agreements
Migration of Referrals
Problems Related to Tombstone Purging
Manual Reset of Replication Credentials
New Replication Recommendations
Migrating a Replicated Topology to an Identical
Migration Scenarios
Migrating the Consumers
Master a Hub a Consumer a Master B Hub B Consumer B
Next step involves migrating the version 5 consumer
3Migrating the version 5 Consumer
Migrating the Hubs
4Placing the 6.0 Consumer Into the Topology
6Isolating the Hub From the Topology
Next step involves migrating the version 5 hub
7Migrating the version 5 Hub
Migrating the Masters
8Placing the 6.0 Hub Into the Topology
Master a Master B Hub a
Next step involves migrating the version 5 master
10Isolating the Master From the Topology
Migrating a Replicated Topology to a New Topology
Migrating All the Servers
13Existing version 5 Topology
Promoting the Hubs
14Existing Topology With Migrated Servers
Promoting the Consumers
15Migrated Topology With Promoted Hub Replicas
Migrating Over Multiple Data Centers
16New Fully-Meshed All-Master Topology
Sun Confidential Registered
Changes in the Administration Framework
Removal of the ServerRoot Directory
Changes to ACIs
Removal of the o=netscapeRoot Suffix
Changes in the ACI Scope
Changes in Suffix-Level ACIs
Command Line Changes
1Directory Server 5 and 6 commands
Directory Server 5 and 6 commands
Deprecated Commands
3Version 5 Commands That Have Been Deprecated
New Password Policy
Changes to the Console
Password Policy Compatibility
Generates the new equivalent password policy attributes
Using fractional replication
Password policy attributes in the database
New-modeaction takes one of the following values
New Plug-Ins in Directory Server
Changes to Plug-Ins
Following plug-ins have been added in Directory Server
Changes to the Installed Product Layout
Plug-Ins Deprecated in Directory Server
Changes to the Plug-In API
Following plug-ins have been deprecated in Directory Server
Binaries Previously Under ServerRoot/bin
Online Help Previously Under ServerRoot/manual
Plug-Ins Previously Under ServerRoot/plugins
Utilities Previously Under ServerRoot/shared/bin
4Support for Plug-Ins
5Tools Previously Under ServerRoot/shared/bin
Certificate and Key Files
6Location of Certificate and Key Files
Silent Installation and Uninstallation Templates
Server Instance Scripts Previously Under
Server Instance Subdirectories
7Instance-Specific Subdirectories
Mapping the Global Configuration
Migrating Directory Proxy Server
Mapping the Global Configuration
Mapping the Global Security Configuration
Administration Guide
2Mapping of Security Configuration
Access Control on the Proxy Configuration
Managing Certificates
Mapping the Connection Pool Configuration
3Mapping of Connection Pool Attributes
Mapping the Group Object
Mapping the Groups Configuration
$ dpconf help-properties grep connection-handler
Mapping the Network Group Object
Mapping Bind Forwarding
Mapping Operation Forwarding
$ dpconf help-properties grep request-filtering-policy
Mapping Search Request Controls
Mapping Subtree Hiding
$ dpconf help-properties grep resource-limits-policy
Mapping Compare Request Controls
Mapping Attributes Modifying Search Requests
Mapping Attributes Restricting Search Responses
$ dpconf help-properties grep search-data-hiding-rule
Mapping the Referral Configuration Attributes
Attributesattribute-name
Mapping the Server Load Configuration
Attribute Renaming Property
Mapping the Properties Configuration
Forbidden Entry Property
Ldap Server Property
$ dpconf help-properties grep ldap-data-source
Load Balancing Property
Monitoring Backend Servers
$ dpconf help-properties grep ldap-data-source-pool
Search Size Limit Property
Log Property
17Version 5 and Version 6 Log Functionality
Mapping the Events Configuration
Mapping the Actions Configuration
Migrating Identity Synchronization for Windows
Migration Overview
Before You Migrate Identity Synchronization for Windows
Exporting Version 1.1 Configuration
Preparing for Identity Synchronization for Windows Migration
Using the export11cnf Utility
Inserting Clear-Text Passwords
Sample Export Configuration File
Following sample exported configuration file
Insert Password Between the Double Quotes in the Above Field
TopologyHost PortSSLOption=true SecurePort=3269
112
Field
Using the checktopics Utility
Checking for Undelivered Messages
To Clear Messages
Rerun checktopics
Forcing Password Changes on Windows NT
Migrating Your System
Preparing for Migration
1Migrating a Single-Host Deployment
Uncompress -c filename tar xf
JAVAHOME%\\bin\\jar -xf filename
On Windows, type the following command
On Solaris, type the following command
Tar cf /var/tmp/connector-state.tar persist etc
Uninstalling Identity Synchronization for Windows
To Uninstall Identity Synchronization for Windows Version
Net stop Sun ONE Identity Synchronization for Windows
Installing or Upgrading the Dependent Products
Installing Identity Synchronization for Windows
On Solaris type the following commands
On Windows type the following commands
On Windows NT only, complete the following steps
Idsync prepds arguments\
124
What to Do if the 1.1 Uninstallation Fails
Manually Uninstalling 1.1 Core and Instances from Solaris
To Manually Uninstall Core From a Solaris Machine
Use the rm -rf command to remove the following directories
ServerRoot/isw-hostname/imquninstall
Usr/ucb/ps -gauxwww grep java
Etc/imq Var/imq Usr/bin/imq
Pkginfo grep -i Identity Synchronization
Cn=pswsync,cn=plugins,cn=config
Var/sadm/install/productregistry
Clean up the configuration directory as follows
Manually Uninstalling 1.1 Core and Instances from Windows
To uninstall Core from a Windows 2000 machine
ServerRoot\\\lib\\psw-plugin.so
Net stop slapd-myhostname
Migrating Identity Synchronization for Windows 133
For example, C\Program Files\Sun\mps\isw-example
Manually Uninstalling a 1.1 Instance from Windows NT
\\Program Files\\Sun\\mps\\java\\jars\\isw
ServerRoot\\\isw-hostname\
Migrating Identity Synchronization for Windows 137
138
Other Migration Scenarios
For example, C\\Program Files\\Sun\\mps\\isw-example
Multi-Master Replication Deployment
Sample deployment scenarios include
Multi-Host Deployment with Windows NT
2Migrating a Multi-Master Replication Deployment
2Multi-Host Deployment
3Migrating a Multi-Host Deployment with Windows NT
Checking the Logs
Index
Change Detector subcomponents
Instance-path,19
147
XML configuration documents
Synchronizing, changes with Directory Server