Manuals / Sun Microsystems / Computer Equipment / Server

Sun Microsystems 8190994 manual Migrating All the Servers, 13 Existing version 5 Topology

Models: 8190994

1 148

Download 148 pages 5.33 Kb

Page 64

Image 64

Migration Scenarios

5.x Master A

5.x Hub A

5.x Consumer A

5.x Master B

5.x Hub B

5.x Consumer B

FIGURE 4–13Existing version 5 Topology

Migrating All the Servers

The first step is to migrate all the servers individually, as described in“Migrating a Replicated Topology to an Identical Topology” on page 54. The resulting topology is illustrated in the following figure.

64	Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 2007

Sun Confidential: Registered

Page 64

Image 64

Sun Microsystems 8190994 manual Migrating All the Servers, 13 Existing version 5 Topology

Contents

Enterprise Edition 6.0 Migration Guide Sun Java System Directory ServerSun Microsystems, Inc 4150 Network Circle Santa Clara, CA U.S.A Sun Confidential RegisteredSun Confidential Registered This distribution may include materials developed by third partiesContents 2 Automated Migration Using the dsmig Command1 Overview of the Migration Process for Directory Server 3 Migrating Directory Server ManuallyMigrating the Schema Manually New Plug-Ins in Directory Server 7 Migrating Identity Synchronization for Windows Contents IndexSun Confidential Registered Sun Confidential Registered Figures Migrating a Single-Host DeploymentMigrating a Multi-Master Replication Deployment Migrating a Multi-Host Deployment with Windows NTSun Confidential Registered Tables Mapping Between 5 and 6.0 Password Policy AttributesTools Previously Under ServerRoot/shared/bin Location of Certificate and Key FilesTables Sample Export Configuration File ExamplesSun Confidential Registered EXAMPLESun Confidential Registered Preface Who Should Use This BookBefore You Read This Book How This Book Is OrganizedDirectory Server Enterprise Edition Documentation Set TABLE P-1 Directory Server Enterprise Edition DocumentationRelated Reading TABLE P-1 Directory Server Enterprise Edition DocumentationContinued http//docs.sun.com/coll/DirEdit05q1Default Paths Default Paths and Command LocationsRedistributable Files TABLE P-2 Default Paths Java Enterprise System installer, the default install-path isSun Confidential Registered of Directory Server or Directory ProxyCommand Locations TABLE P-3 Command LocationsTypographic Conventions TABLE P-3 Command LocationsContinued TABLE P-4 Typographic ConventionsShell Prompts in Command Examples Symbol ConventionsSymbol Conventions ContinuedThird-Party Web Site References Documentation, Support, and TrainingSearching Sun Product Documentation Sun Welcomes Your Comments Overview of the Migration Process for Directory Server Before You Migrate“Before You Migrate” on page “Deciding on the New Product Distribution” on pagePrerequisites to Migrating a Single Directory Server Instance From Prerequisites to Migrating a Single Directory Server Instance FromBefore You Migrate Deciding on the New Product Distribution Outline of Migration StepsDeciding on Automatic or Manual Migration TABLE 1-1 Migration Matrix Showing Support for Automated MigrationAutomated Migration Using the dsmig Command “Using dsmig to Migrate the Schema” on page“Using dsmig to Migrate Security Data” on page “Using dsmig to Migrate Configuration Data” on pageUsing dsmig to Migrate the Schema Prerequisites for Running dsmigUsing dsmig to Migrate Security Data Using dsmig to Migrate Configuration Data$ dsmig migrate-config old-instance-path new-instance-path $ dsmig migrate-security old-instance-path new-instance-pathPlug-in Configuration Data Chained Suffix Configuration DataConfiguration Data For Suffixes With Multiple Backends Replication Configuration DataConfiguration Data for o=netscapeRoot Configuration Attributes Not Migrated by dsmignsabandonedsearchcheckinterval Tasks to be Performed After Automatic Migration Using dsmig to Migrate User Data$ dsmig migrate-data old-instance-path new-instance-path Sun Confidential Registered “Migrating the Schema Manually” on page “Migrating Configuration Data Manually” on page“Migrating Security Settings Manually” on page Migrating Directory Server ManuallyMigrating Configuration Data Manually Migrating the Schema ManuallyMigration of Specific Configuration Attributes Migrating Configuration Data Manually Global Configuration AttributesChapter 3 Migrating Directory Server Manually Feature Configuration Attributes Security Configuration AttributesMapping Tree Configuration Attributes Replication Configuration Attributes Fractional Replication Configuration AttributesReplica Configuration Attributes Change Log AttributesPassword Policy Configuration Attributes Replication Agreement ConfigurationTABLE 3-3 Mapping Between 5 and 6.0 Password Policy Attributes UniqueID Generator Configuration Attributes Database Configuration AttributesSNMP Attributes TABLE 3-3 Mapping Between 5 and 6.0 Password Policy AttributesChained Suffix Attributes Plug-In Configuration Attributes Class of Service Plug-In7-Bit Check Plug-In DSML Frontend Plug-InPass Through Authentication Plug-In Password Synchronization Plug-InReferential Integrity Plug-In Retro Change Log Plug-InMigrating Security Settings Manually Migrating User Data Manually Tasks to be Performed After Manual Migration Migrating User Plug-Ins ManuallyMigrating User Plug-Ins Manually “Issues Related to Migrating Replicated Servers” on page Migrating a Replicated TopologyOverview of Migrating Replicated Servers “Overview of Migrating Replicated Servers” on pageIssues Related to Migrating Replicated Servers Issues With the New Password PolicyMigration of Replication Agreements Migration of ReferralsProblems Related to Tombstone Purging Manual Reset of Replication CredentialsNew Replication Recommendations Migrating a Replicated Topology to an Identical Topology Migration ScenariosMigrating the Consumers FIGURE 4-1 Existing version 5 Topology FIGURE 4-2 Isolating the Consumer From the TopologyMigration Scenarios Chapter 4 Migrating a Replicated TopologyThe next step involves migrating the version 5 consumer Migrating the Hubs FIGURE 4-5 Existing version 5 Topology With Migrated Consumers FIGURE 4-6 Isolating the Hub From the TopologyMigration Scenarios 6.0 Consumer BThe next step involves migrating the version 5 hub FIGURE 4-7 Migrating the version 5 HubMigration Scenarios Chapter 4 Migrating a Replicated TopologyMigrating the Masters 9. If you have migrated the data, check that replication is in sync The next step involves migrating the version 5 master FIGURE 4-10 Isolating the Master From the TopologyFIGURE 4-11 Migrating the version 5 Master Migration ScenariosMigrating a Replicated Topology to a New Topology Migrating All the Servers FIGURE 4-13 Existing version 5 TopologyPromoting the Hubs FIGURE 4-14 Existing Topology With Migrated ServersPromoting the Consumers FIGURE 4-15 Migrated Topology With Promoted Hub ReplicasMigrating Over Multiple Data Centers Sun Confidential Registered Changes in the Administration Framework “Changes in the Administration Framework” on page“Changes to ACIs” on page “Command Line Changes” on page “Changes to the Console” on page “New Password Policy” on pageChanges to ACIs Removal of the o=netscapeRoot SuffixChanges in the ACI Scope Changes in Suffix-Level ACIsCommand Line Changes TABLE 5-1 Directory Server 5 and 6 commands Version 6.0 CommandContinued Sun Confidential RegisteredDeprecated Commands TABLE 5-1 Directory Server 5 and 6 commandsTABLE 5-3 Version 5 Commands That Have Been Deprecated ContinuedNew Password Policy Changes to the ConsolePassword Policy Compatibility The pwd-compat-mode property can have one of the following values Changes to Plug-Ins New Plug-Ins in Directory ServerPlug-Ins Deprecated in Directory Server Changes to the Installed Product LayoutChanges to the Plug-In API Administration Utilities Previously Under ServerRoot Binaries Previously Under ServerRoot/binOnline Help Previously Under ServerRoot/manual Libraries and Plug-Ins Previously Under ServerRoot/libPlug-Ins Previously Under ServerRoot/plugins Utilities Previously Under ServerRoot/shared/binCertificate and Key Files TABLE 5-5 Tools Previously Under ServerRoot/shared/binContinued TABLE 5-6 Location of Certificate and Key FilesSilent Installation and Uninstallation Templates Server Instance Scripts Previously UnderServer Instance Subdirectories ServerRoot/slapd-ServerIDMapping the Global Configuration “Mapping the Global Configuration” on page“Mapping the Connection Pool Configuration” on page “Mapping the Groups Configuration” on pageMapping the Global Configuration Mapping the Global Security Configuration Managing Certificates Access Control on the Proxy ConfigurationTABLE 6-2 Mapping of Security Configuration Mapping the Connection Pool Configuration TABLE 6-3 Mapping of Connection Pool AttributesMapping the Groups Configuration Mapping the Group ObjectCONNECTION-HANDLER-NAME is-ssl-mandatorytrue Mapping the Network Group ObjectCONNECTION-HANDLER-NAME is-ssl-mandatoryfalse Mapping Bind Forwarding Set this as a property for a specific listener port by usingThis functionality exists but with less granularity than in Directory Proxy Server 5. Set this limit as a property for aConnection Handler Property Settings Mapping Operation Forwarding$ dpconf help-properties grep request-filtering-policy Mapping Search Request Controls Mapping Subtree Hiding$ dpconf help-properties grep resource-limits-policy Mapping Compare Request Controls Mapping Attributes Modifying Search RequestsMapping Attributes Restricting Search Responses $ dpconf help-properties grep search-data-hiding-ruleDirectory Proxy Server 5 Attributes Mapping the Referral Configuration AttributesDirectory Proxy Server 6.0 Properties Mapping the Server Load Configuration Attribute Renaming Property Mapping the Properties ConfigurationForbidden Entry Property LDAP Server Property $ dpconf help-properties grep ldap-data-sourceLoad Balancing Property Enterprise Edition 6.0 Administration GuideSource” in Sun Java System Directory Server Sun Confidential RegisteredEnterprise Edition 6.0 Administration Guide Monitoring Backend ServersSearch Size Limit Property Log Property$ dpconf set-access-log-prop PROPERTYVALUE TABLE 6-17 Version 5 and Version 6 Log FunctionalityMapping the Events Configuration Mapping the Events ConfigurationMapping the Actions Configuration Properties“What to Do if the 1.1 Uninstallation Fails” on page Migrating Identity Synchronization for Windows“Migration Overview” on page “Before You Migrate Identity Synchronization for Windows” on pageMigration Overview Before You Migrate Identity Synchronization for WindowsExporting Version 1.1 Configuration Preparing for Identity Synchronization for Windows MigrationUsing the export11cnf Utility Inserting Clear-Text PasswordsSample Export Configuration File cleartextPassword=Continued index=0 location=ou=people,dc=example,dc=com filter=Continued TopologyHost TopologyHostEXAMPLE 7-1 Sample Export Configuration File ContinuedAttributeMap AttributeDescription parent.attr=SunAttribute name=uniquemember syntax=1.3.6.1.4.1.1466.115.121.1.25INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVE ContinuedUsing the checktopics Utility Checking for Undelivered MessagesTo Clear Messages 2 From a command prompt, type the subcommand as follows2 Wait until the messages are applied to the destination connector 1 Open a Terminal window and cd to the migration directoryForcing Password Changes on Windows NT Migrating Your SystemPreparing for Migration Use the following procedure to prepare for migration to version2 Export your version 1.1 configuration settings to an XML file Preparing to migrate from version 1.1, and 1.1 SP1, to version3 Add passwords to the exported XML file b. Save the NT Change Detector Service counters 5 Verify that your system is in a stable state7 On Windows NT only, perform the following steps i. Open the Registry Editor by executing regedt32.exeUninstalling Identity Synchronization for Windows To Uninstall Identity Synchronization for Windows VersionOn Solaris Type serverRoot \/slapd-hostname \/restart-slapd On Windows Type serverRoot\\\slapd- hostname\\\restart-slapd.batOn Solaris or SPARC Type ./runUninstaller.sh On Windows Type \\runUninstaller.batInstalling Identity Synchronization for Windows Installing or Upgrading the Dependent ProductsTo install the Identity Synchronization for Windows 6.0 components cd serverRoot\isw-hostname\bin idsync prepds arguments\9 Start the service and the synchronization What to Do if the 1.1 Uninstallation Fails Manually Uninstalling 1.1 Core and Instances from Solaris“Manually Uninstalling 1.1 Core and Instances from Solaris” on page “Manually Uninstalling a 1.1 Instance from Windows NT” on pageTo Manually Uninstall Core From a Solaris Machine etc/init.d/imq stop4 Remove the Directory Server Plugin h. Restart Directory Server f. Stop Directory Server5 Back-up copy and rename the current productregistry file located in 8 Clean up the configuration directory as follows Manually Uninstalling 1.1 Core and Instances from Windows 10 Clean up all other Console-related files as followsa. Remove all the Console jar files by typing b. Remove all the Console servlet jar files by typingTo uninstall Core from a Windows 2000 machine serverRoot\isw-hostname\Core and Instances from Windows 2000” on page net stop slapd-myhostnameb. Select Registry →Export Registry File from the menu bar 4 In the Registry Editor, select Edit →Delete from the menu bar8 Clean up the configuration directory as follows Manually Uninstalling a 1.1 Instance from Windows NT serverRoot\\\isw-hostname\ a. Open the Services window, right-click on Change Detector Service and select Properties a. Select the registry key entry in the left pane 9 Remove the Password Filter DLL Other Migration Scenarios10 Restart your machine for all changes to take effect “Multi-Master Replication Deployment” on page Multi-Master Replication Deployment“Multi-Host Deployment with Windows NT” on page Multi-Host Deployment with Windows NT Three hosts are used in this deployment scenario A Windows NT systemA host for all other components Password Changes on Both Directory Server Masters are Lost FIGURE 7-3 Migrating a Multi-Host Deployment with Windows NTChecking the Logs Index instance-path Page XML configuration documents Continued