Manuals / Sun Microsystems / Computer Equipment / Server

Sun Microsystems 8190994 manual Command Line Changes

Models: 8190994

1 148

Download 148 pages 5.33 Kb

Page 71

Command Line Changes

Command Line Changes

aci: (targetattr = "userPassword") ( version 3.0; acl "allow

userpassword self modification"; allow (write) userdn = "ldap:///self";)

In Directory Server 6.0, the default userPassword ACI at root DSE level provides equivalent access control to the default 5.2 ACI at suffix level. However, if you want to reproduce exactly the same access control as in 5.2, add the following ACI to your suffix. This ACI is the 5.2 ACI, with the new password policy operational attributes for Directory Server 6.0.

aci: (targetattr != "nsroledn aci nsLookThroughLimit nsSizeLimit nsTimeLimit nsIdleTimeout passwordPolicySubentry passwordExpirationTime passwordExpWarned passwordRetryCount retryCountResetTime accountUnlockTime passwordHistory passwordAllowChangeTime pwdAccountLockedTime pwdChangedTime pwdFailureTime pwdGraceUseTime pwdHistory

pwdLastAuthTime pwdPolicySubentry pwdReset")(version 3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry

and password policy state attributes"; allow (write)userdn ="ldap:///self";)

Tip – Do not allow users write access to everything and then deny write access to specific attributes. Instead, explicitly list the attributes to which you allow write access.

Command Line Changes

In Directory Server 6.0 the functionality of most command-line tools is replaced by only two commands: dsadm and dsconf.

The following table shows commands used in Directory Server 5, and the corresponding commands for Directory Server 6.0. The default path of these commands when installed from native packages is /opt/SUNWdsee/ds6/bin. When installed from the zip installation, the default path is install-path/ds6/bin.

TABLE 5–1Directory Server 5 and 6 commands

Version 5 Command	Version 6.0 Command	Description

bak2db	dsadm restore	Restore a database from backup (locally,
		offline)
bak2db-task	dsconf restore	Restore a database from backup (remotely,
		online)
db2bak	dsadm backup	Create a database backup archive (locally,
		offline)

Chapter 5 • Architectural Changes in Directory Server 6.0		71
	Sun Confidential: Registered

Image 71

Sun Microsystems 8190994 manual Command Line Changes

Contents

Sun Confidential Registered Enterprise Edition 6.0 Migration GuideSun Java System Directory Server Sun Microsystems, Inc 4150 Network Circle Santa Clara, CA U.S.AThis distribution may include materials developed by third parties Sun Confidential Registered3 Migrating Directory Server Manually Contents2 Automated Migration Using the dsmig Command 1 Overview of the Migration Process for Directory ServerMigrating the Schema Manually New Plug-Ins in Directory Server 7 Migrating Identity Synchronization for Windows Sun Confidential Registered IndexContents Sun Confidential Registered Migrating a Multi-Host Deployment with Windows NT FiguresMigrating a Single-Host Deployment Migrating a Multi-Master Replication DeploymentSun Confidential Registered Location of Certificate and Key Files TablesMapping Between 5 and 6.0 Password Policy Attributes Tools Previously Under ServerRoot/shared/binTables EXAMPLE Sample Export Configuration FileExamples Sun Confidential RegisteredSun Confidential Registered How This Book Is Organized PrefaceWho Should Use This Book Before You Read This BookTABLE P-1 Directory Server Enterprise Edition Documentation Directory Server Enterprise Edition Documentation Sethttp//docs.sun.com/coll/DirEdit05q1 Related ReadingTABLE P-1 Directory Server Enterprise Edition Documentation ContinuedRedistributable Files Default Paths and Command LocationsDefault Paths of Directory Server or Directory Proxy TABLE P-2 Default PathsJava Enterprise System installer, the default install-path is Sun Confidential RegisteredTABLE P-3 Command Locations Command LocationsTABLE P-4 Typographic Conventions Typographic ConventionsTABLE P-3 Command Locations ContinuedContinued Shell Prompts in Command ExamplesSymbol Conventions Symbol ConventionsSearching Sun Product Documentation Documentation, Support, and TrainingThird-Party Web Site References Sun Welcomes Your Comments “Deciding on the New Product Distribution” on page Overview of the Migration Process for Directory ServerBefore You Migrate “Before You Migrate” on pageBefore You Migrate Prerequisites to Migrating a Single Directory Server Instance FromPrerequisites to Migrating a Single Directory Server Instance From Outline of Migration Steps Deciding on the New Product DistributionTABLE 1-1 Migration Matrix Showing Support for Automated Migration Deciding on Automatic or Manual Migration“Using dsmig to Migrate Configuration Data” on page Automated Migration Using the dsmig Command“Using dsmig to Migrate the Schema” on page “Using dsmig to Migrate Security Data” on pagePrerequisites for Running dsmig Using dsmig to Migrate the Schema$ dsmig migrate-security old-instance-path new-instance-path Using dsmig to Migrate Security DataUsing dsmig to Migrate Configuration Data $ dsmig migrate-config old-instance-path new-instance-pathChained Suffix Configuration Data Plug-in Configuration DataConfiguration Attributes Not Migrated by dsmig Configuration Data For Suffixes With Multiple BackendsReplication Configuration Data Configuration Data for o=netscapeRootnsabandonedsearchcheckinterval $ dsmig migrate-data old-instance-path new-instance-path Using dsmig to Migrate User DataTasks to be Performed After Automatic Migration Sun Confidential Registered Migrating Directory Server Manually “Migrating the Schema Manually” on page“Migrating Configuration Data Manually” on page “Migrating Security Settings Manually” on pageMigration of Specific Configuration Attributes Migrating the Schema ManuallyMigrating Configuration Data Manually Chapter 3 Migrating Directory Server Manually Global Configuration AttributesMigrating Configuration Data Manually Mapping Tree Configuration Attributes Security Configuration AttributesFeature Configuration Attributes Change Log Attributes Replication Configuration AttributesFractional Replication Configuration Attributes Replica Configuration AttributesReplication Agreement Configuration Password Policy Configuration AttributesTABLE 3-3 Mapping Between 5 and 6.0 Password Policy Attributes TABLE 3-3 Mapping Between 5 and 6.0 Password Policy Attributes UniqueID Generator Configuration AttributesDatabase Configuration Attributes SNMP AttributesChained Suffix Attributes DSML Frontend Plug-In Plug-In Configuration AttributesClass of Service Plug-In 7-Bit Check Plug-InRetro Change Log Plug-In Pass Through Authentication Plug-InPassword Synchronization Plug-In Referential Integrity Plug-InMigrating Security Settings Manually Migrating User Data Manually Migrating User Plug-Ins Manually Migrating User Plug-Ins ManuallyTasks to be Performed After Manual Migration “Overview of Migrating Replicated Servers” on page “Issues Related to Migrating Replicated Servers” on pageMigrating a Replicated Topology Overview of Migrating Replicated ServersMigration of Referrals Issues Related to Migrating Replicated ServersIssues With the New Password Policy Migration of Replication AgreementsNew Replication Recommendations Manual Reset of Replication CredentialsProblems Related to Tombstone Purging Migrating the Consumers Migration ScenariosMigrating a Replicated Topology to an Identical Topology Chapter 4 Migrating a Replicated Topology FIGURE 4-1 Existing version 5 TopologyFIGURE 4-2 Isolating the Consumer From the Topology Migration ScenariosThe next step involves migrating the version 5 consumer Migrating the Hubs 6.0 Consumer B FIGURE 4-5 Existing version 5 Topology With Migrated ConsumersFIGURE 4-6 Isolating the Hub From the Topology Migration ScenariosChapter 4 Migrating a Replicated Topology The next step involves migrating the version 5 hubFIGURE 4-7 Migrating the version 5 Hub Migration ScenariosMigrating the Masters 9. If you have migrated the data, check that replication is in sync Migration Scenarios The next step involves migrating the version 5 masterFIGURE 4-10 Isolating the Master From the Topology FIGURE 4-11 Migrating the version 5 MasterMigrating a Replicated Topology to a New Topology FIGURE 4-13 Existing version 5 Topology Migrating All the ServersFIGURE 4-14 Existing Topology With Migrated Servers Promoting the HubsFIGURE 4-15 Migrated Topology With Promoted Hub Replicas Promoting the ConsumersMigrating Over Multiple Data Centers Sun Confidential Registered “Changes to the Console” on page “New Password Policy” on page Changes in the Administration Framework“Changes in the Administration Framework” on page “Changes to ACIs” on page “Command Line Changes” on pageChanges in Suffix-Level ACIs Changes to ACIsRemoval of the o=netscapeRoot Suffix Changes in the ACI ScopeCommand Line Changes Sun Confidential Registered TABLE 5-1 Directory Server 5 and 6 commandsVersion 6.0 Command ContinuedContinued Deprecated CommandsTABLE 5-1 Directory Server 5 and 6 commands TABLE 5-3 Version 5 Commands That Have Been DeprecatedChanges to the Console New Password PolicyPassword Policy Compatibility The pwd-compat-mode property can have one of the following values New Plug-Ins in Directory Server Changes to Plug-InsChanges to the Plug-In API Changes to the Installed Product LayoutPlug-Ins Deprecated in Directory Server Libraries and Plug-Ins Previously Under ServerRoot/lib Administration Utilities Previously Under ServerRootBinaries Previously Under ServerRoot/bin Online Help Previously Under ServerRoot/manualUtilities Previously Under ServerRoot/shared/bin Plug-Ins Previously Under ServerRoot/pluginsTABLE 5-6 Location of Certificate and Key Files Certificate and Key FilesTABLE 5-5 Tools Previously Under ServerRoot/shared/bin ContinuedServerRoot/slapd-ServerID Silent Installation and Uninstallation TemplatesServer Instance Scripts Previously Under Server Instance Subdirectories“Mapping the Groups Configuration” on page Mapping the Global Configuration“Mapping the Global Configuration” on page “Mapping the Connection Pool Configuration” on pageMapping the Global Configuration Mapping the Global Security Configuration TABLE 6-2 Mapping of Security Configuration Access Control on the Proxy ConfigurationManaging Certificates TABLE 6-3 Mapping of Connection Pool Attributes Mapping the Connection Pool ConfigurationMapping the Group Object Mapping the Groups ConfigurationCONNECTION-HANDLER-NAME is-ssl-mandatoryfalse Mapping the Network Group ObjectCONNECTION-HANDLER-NAME is-ssl-mandatorytrue Directory Proxy Server 5. Set this limit as a property for a Mapping Bind ForwardingSet this as a property for a specific listener port by using This functionality exists but with less granularity than in$ dpconf help-properties grep request-filtering-policy Mapping Operation ForwardingConnection Handler Property Settings $ dpconf help-properties grep resource-limits-policy Mapping Subtree HidingMapping Search Request Controls Mapping Attributes Modifying Search Requests Mapping Compare Request Controls$ dpconf help-properties grep search-data-hiding-rule Mapping Attributes Restricting Search ResponsesDirectory Proxy Server 6.0 Properties Mapping the Referral Configuration AttributesDirectory Proxy Server 5 Attributes Mapping the Server Load Configuration Forbidden Entry Property Mapping the Properties ConfigurationAttribute Renaming Property $ dpconf help-properties grep ldap-data-source LDAP Server PropertySun Confidential Registered Load Balancing PropertyEnterprise Edition 6.0 Administration Guide Source” in Sun Java System Directory ServerMonitoring Backend Servers Enterprise Edition 6.0 Administration GuideLog Property Search Size Limit PropertyTABLE 6-17 Version 5 and Version 6 Log Functionality $ dpconf set-access-log-prop PROPERTYVALUEMapping the Events Configuration Mapping the Events ConfigurationProperties Mapping the Actions Configuration“Before You Migrate Identity Synchronization for Windows” on page “What to Do if the 1.1 Uninstallation Fails” on pageMigrating Identity Synchronization for Windows “Migration Overview” on pageBefore You Migrate Identity Synchronization for Windows Migration OverviewPreparing for Identity Synchronization for Windows Migration Exporting Version 1.1 ConfigurationInserting Clear-Text Passwords Using the export11cnf UtilitycleartextPassword= Sample Export Configuration Fileindex=0 location=ou=people,dc=example,dc=com filter= ContinuedTopologyHost TopologyHost Continuedname=uniquemember syntax=1.3.6.1.4.1.1466.115.121.1.25 EXAMPLE 7-1 Sample Export Configuration FileContinued AttributeMap AttributeDescription parent.attr=SunAttributeContinued INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVEChecking for Undelivered Messages Using the checktopics Utility1 Open a Terminal window and cd to the migration directory To Clear Messages2 From a command prompt, type the subcommand as follows 2 Wait until the messages are applied to the destination connectorMigrating Your System Forcing Password Changes on Windows NTUse the following procedure to prepare for migration to version Preparing for Migration3 Add passwords to the exported XML file Preparing to migrate from version 1.1, and 1.1 SP1, to version2 Export your version 1.1 configuration settings to an XML file i. Open the Registry Editor by executing regedt32.exe b. Save the NT Change Detector Service counters5 Verify that your system is in a stable state 7 On Windows NT only, perform the following stepsOn Windows Type serverRoot\\\slapd- hostname\\\restart-slapd.bat Uninstalling Identity Synchronization for WindowsTo Uninstall Identity Synchronization for Windows Version On Solaris Type serverRoot \/slapd-hostname \/restart-slapdOn Windows Type \\runUninstaller.bat On Solaris or SPARC Type ./runUninstaller.shTo install the Identity Synchronization for Windows 6.0 components Installing or Upgrading the Dependent ProductsInstalling Identity Synchronization for Windows idsync prepds arguments\ cd serverRoot\isw-hostname\bin9 Start the service and the synchronization “Manually Uninstalling a 1.1 Instance from Windows NT” on page What to Do if the 1.1 Uninstallation FailsManually Uninstalling 1.1 Core and Instances from Solaris “Manually Uninstalling 1.1 Core and Instances from Solaris” on pageetc/init.d/imq stop To Manually Uninstall Core From a Solaris Machine4 Remove the Directory Server Plugin 5 Back-up copy and rename the current productregistry file located in f. Stop Directory Serverh. Restart Directory Server 8 Clean up the configuration directory as follows b. Remove all the Console servlet jar files by typing Manually Uninstalling 1.1 Core and Instances from Windows10 Clean up all other Console-related files as follows a. Remove all the Console jar files by typingserverRoot\isw-hostname\ To uninstall Core from a Windows 2000 machinenet stop slapd-myhostname Core and Instances from Windows 2000” on page4 In the Registry Editor, select Edit →Delete from the menu bar b. Select Registry →Export Registry File from the menu bar8 Clean up the configuration directory as follows Manually Uninstalling a 1.1 Instance from Windows NT serverRoot\\\isw-hostname\ a. Open the Services window, right-click on Change Detector Service and select Properties a. Select the registry key entry in the left pane 10 Restart your machine for all changes to take effect Other Migration Scenarios9 Remove the Password Filter DLL “Multi-Host Deployment with Windows NT” on page Multi-Master Replication Deployment“Multi-Master Replication Deployment” on page Three hosts are used in this deployment scenario A Windows NT system Multi-Host Deployment with Windows NTA host for all other components FIGURE 7-3 Migrating a Multi-Host Deployment with Windows NT Password Changes on Both Directory Server Masters are LostChecking the Logs Index instance-path Page XML configuration documents Continued