Sun Microsystems 8190994 User Manual

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide

Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A.

Part No: 819–0994 March 2007

Sun Condential:Registered

Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries.

U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.

This distribution may include materials developed by third parties.

Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.

Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coee Cup logo, docs.sun.com, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.

The OPEN LOOK and Sun of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun's licensees who implement OPEN LOOK GUIs and otherwise comply with Sun's written license agreements.

Products covered by and information contained in this publication are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical or biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identied on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly prohibited.

DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDINGANY IMPLIED WARRANTY OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THATSUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering eorts

Sun Microsystems, Inc. détient les droits de propriété intellectuelle relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plusieurs brevets américains ou des applications de brevet en attente aux Etats-Unis et dans d'autres pays.

Cette distribution peut comprendre des composants développés par des tierces personnes.

Certaines composants de ce produit peuvent être dérivées du logiciel Berkeley BSD, licenciés par l'Université de Californie. UNIX est une marque déposée aux Etats-Unis et dans d'autres pays; elle est licenciée exclusivement par X/Open Company, Ltd.

Sun, Sun Microsystems, le logo Sun, le logo Solaris, le logo Java Coee Cup, docs.sun.com, Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.

L'interface d'utilisation graphique OPEN LOOK et Sun a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les eorts de pionniers de Xerox pour la recherche et le développement du concept des interfaces d'utilisation visuelle ou graphique pour l'industrie de l'informatique. Sun détient une licence non exclusive de Xerox sur l'interface d'utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l'interface d'utilisation graphique OPEN LOOK et qui, en outre, se conforment aux licences écrites de Sun.

Les produits qui font l'objet de cette publication et les informations qu'il contient sont régis par la legislation américaine en matière de contrôle des exportations et peuvent être soumis au droit d'autres pays dans le domaine des exportations et importations. Les utilisations nales, ou utilisateurs naux, pour des armes nucléaires, des missiles, des armes chimiques ou biologiques ou pour le nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ou réexportations vers des pays sous embargo des Etats-Unis, ou vers des entités gurant sur les listes d'exclusion d'exportation américaines, y compris, mais de manière non exclusive, la liste de personnes qui font objet d'un ordre de ne pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la legislation américaine en matière de contrôle des exportations et la liste de ressortissants spéciquement designés, sont rigoureusement interdites.

LA DOCUMENTATIONEST FOURNIE "EN L'ETAT" ET TOUTES AUTRESCONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L'APTITUDE A UNE UTILISATIONPARTICULIEREOU A L'ABSENCE DE CONTREFACON.

070222@16599

Sun Condential: Registered

Contents

Preface ...................................................................................................................................................15

1 Overview of the Migration Process for Directory Server .............................................................. 25

Before You Migrate ............................................................................................................................. 25

Prerequisites to Migrating a Single Directory Server Instance From 5.1 .............................. 26

Prerequisites to Migrating a Single Directory Server Instance From 5.2 .............................. 26

Deciding on the New Product Distribution ..................................................................................... 27

Outline of Migration Steps ................................................................................................................. 27

Deciding on Automatic or Manual Migration ................................................................................. 28

2 Automated Migration Using the dsmig Command ........................................................................ 29

About the Automatic Migration Tool ............................................................................................... 29

Prerequisites for Running dsmig ....................................................................................................... 30

Using dsmig to Migrate the Schema .................................................................................................. 30

Using dsmig to Migrate Security Data .............................................................................................. 31

Using dsmig to Migrate Conguration Data .................................................................................... 31

Plug-in Conguration Data ........................................................................................................ 32

Chained Sux Conguration Data ........................................................................................... 32

Conguration Data For Suxes With Multiple Backends ..................................................... 33

Replication Conguration Data ................................................................................................. 33

Conguration Data for o=netscapeRoot ................................................................................. 33

Conguration Attributes Not Migrated by dsmig .................................................................... 33

Using dsmig to Migrate User Data .................................................................................................... 35

Tasks to be Performed After Automatic Migration ......................................................................... 35

3 Migrating Directory Server Manually ..............................................................................................37

Before You Start a Manual Migration ............................................................................................... 37

Sun Condential: Registered

Contents

Migrating the Schema Manually ........................................................................................................ 38

Migrating Conguration Data Manually ......................................................................................... 38

Migration of Specic Conguration Attributes ....................................................................... 38

Migrating Security Settings Manually ...............................................................................................48

Migrating User Data Manually .......................................................................................................... 49

Migrating User Plug-Ins Manually .................................................................................................... 50

Tasks to be Performed After Manual Migration .............................................................................. 50

4 Migrating a Replicated Topology...................................................................................................... 51

Overview of Migrating Replicated Servers ....................................................................................... 51

Issues Related to Migrating Replicated Servers ................................................................................ 52

Issues With the New Password Policy ....................................................................................... 52

Migration of Replication Agreements ....................................................................................... 52

Migration of Referrals ................................................................................................................. 52

Manual Reset of Replication Credentials .................................................................................. 53

Problems Related to Tombstone Purging ................................................................................. 53

New Replication Recommendations ................................................................................................. 53

Migration Scenarios ............................................................................................................................ 54

Migrating a Replicated Topology to an Identical Topology ................................................... 54

Migrating a Replicated Topology to a New Topology ............................................................. 63

Migrating Over Multiple Data Centers ..................................................................................... 67

5 Architectural Changes in Directory Server 6.0 ............................................................................... 69

Changes in the Administration Framework .................................................................................... 69

Removal of the ServerRoot Directory ........................................................................................ 69

Removal of the o=netscapeRoot Sux ..................................................................................... 70

Changes to ACIs .................................................................................................................................. 70

Changes in the ACI Scope ........................................................................................................... 70

Changes in Sux-Level ACIs ..................................................................................................... 70

Command Line Changes .................................................................................................................... 71

Deprecated Commands ..............................................................................................................73

Changes to the Console ...................................................................................................................... 74

New Password Policy .......................................................................................................................... 74

Password Policy Compatibility .................................................................................................. 75

Changes to Plug-Ins ............................................................................................................................ 77

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 20074

Sun Condential: Registered

Contents

New Plug-Ins in Directory Server 6.0 ........................................................................................ 77

Plug-Ins Deprecated in Directory Server 6.0 ............................................................................ 78

Changes to the Plug-In API ........................................................................................................ 78

Changes to the Installed Product Layout .......................................................................................... 78

Administration Utilities Previously Under ServerRoot ........................................................... 79

Binaries Previously Under ServerRoot/bin ............................................................................... 79

Libraries and Plug-Ins Previously Under ServerRoot/lib ........................................................ 79

Online Help Previously Under ServerRoot/manual ................................................................. 79

Plug-Ins Previously Under ServerRoot/plugins ........................................................................ 80

Utilities Previously Under ServerRoot/shared/bin ................................................................ 80

Certicate and Key Files .............................................................................................................. 81

Silent Installation and Uninstallation Templates ..................................................................... 82

Server Instance Scripts Previously Under ServerRoot/slapd-ServerID ............................... 82

Server Instance Subdirectories ................................................................................................... 82

6 Migrating Directory Proxy Server .....................................................................................................83

Mapping the Global Conguration ................................................................................................... 83

Mapping the Global Security Conguration ............................................................................ 85

Mapping the Connection Pool Conguration ................................................................................. 87

Mapping the Groups Conguration ................................................................................................. 88

Mapping the Group Object ......................................................................................................... 88

Mapping the Network Group Object ......................................................................................... 89

Mapping Bind Forwarding ......................................................................................................... 90

Mapping Operation Forwarding ................................................................................................ 91

Mapping Subtree Hiding ............................................................................................................. 92

Mapping Search Request Controls ............................................................................................ 92

Mapping Compare Request Controls ........................................................................................ 93

Mapping Attributes Modifying Search Requests ..................................................................... 93

Mapping Attributes Restricting Search Responses .................................................................. 94

Mapping the Referral Conguration Attributes ...................................................................... 95

Mapping the Server Load Conguration .................................................................................. 96

Mapping the Properties Conguration ............................................................................................ 97

Attribute Renaming Property ..................................................................................................... 97

Forbidden Entry Property ........................................................................................................... 97

LDAP Server Property ................................................................................................................. 98

Sun Condential: Registered

Contents

Load Balancing Property ............................................................................................................. 99

Search Size Limit Property ........................................................................................................ 101

Log Property ............................................................................................................................... 101

Mapping the Events Conguration ................................................................................................. 103

Mapping the Actions Conguration ............................................................................................... 104

Conguring Directory Proxy Server 6.0 as a Simple Connection-Based Router ....................... 104

7 Migrating Identity Synchronization for Windows .......................................................................105

Migration Overview .......................................................................................................................... 106

Before You Migrate Identity Synchronization for Windows ....................................................... 106

Preparing for Identity Synchronization for Windows Migration ............................................... 107

Exporting Version 1.1 Conguration ...................................................................................... 107

Checking for Undelivered Messages ........................................................................................ 114

▼ Using the checktopics Utility ............................................................................................ 114

▼ To Clear Messages .............................................................................................................. 115

Forcing Password Changes on Windows NT ......................................................................... 116

Migrating Your System ..................................................................................................................... 116

Preparing for Migration ............................................................................................................ 117

▼ Preparing to migrate from version 1.1, and 1.1 SP1, to version 6.0 .............................. 118

Uninstalling Identity Synchronization for Windows ............................................................ 120

▼ To Uninstall Identity Synchronization for Windows Version 1.1 ............................... 120

Installing or Upgrading the Dependent Products .................................................................. 122

Installing Identity Synchronization for Windows 6.0 ........................................................... 122

▼ To install the Identity Synchronization for Windows 6.0 components: ...................... 122

What to Do if the 1.1 Uninstallation Fails ...................................................................................... 125

Manually Uninstalling 1.1 Core and Instances from Solaris ................................................ 125

▼ To Manually Uninstall Core From a Solaris Machine: ................................................... 126

Manually Uninstalling 1.1 Core and Instances from Windows 2000 .................................. 130

▼ To uninstall Core from a Windows 2000 machine: ........................................................ 131

▼ Manually Uninstalling a 1.1 Instance from Windows NT .................................................... 135

Other Migration Scenarios ............................................................................................................... 139

Multi-Master Replication Deployment ................................................................................... 140

Multi-Host Deployment with Windows NT .......................................................................... 141

Checking the Logs ............................................................................................................................. 144

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 20076

Sun Condential: Registered

Contents

Index ................................................................................................................................................... 145

Sun Condential: Registered

Figures

FIGURE 4–1 Existing version 5 Topology ..................................................................................... 55

FIGURE 4–2 Isolating the Consumer From the Topology ..........................................................55

FIGURE 4–3 Migrating the version 5 Consumer ......................................................................... 56

FIGURE 4–4 Placing the 6.0 Consumer Into the Topology ........................................................57

FIGURE 4–5 Existing version 5 Topology With Migrated Consumers ..................................... 58

FIGURE 4–6 Isolating the HubFrom the Topology ..................................................................... 58

FIGURE 4–7 Migrating the version 5 Hub .................................................................................... 59

FIGURE 4–8 Placing the 6.0 Hub Into the Topology ...................................................................60

FIGURE 4–9 Existing version 5 Topology With Consumers and Hubs Migrated ................... 61

FIGURE 4–10 Isolating the Master From the Topology ................................................................ 62

FIGURE 4–11 Migrating the version 5 Master ................................................................................ 62

FIGURE 4–12 Placing the 6.0 Master Into the Topology ............................................................... 63

FIGURE 4–13 Existing version 5 Topology ..................................................................................... 64

FIGURE 4–14 Existing Topology With Migrated Servers ............................................................. 65

FIGURE 4–15 Migrated Topology With Promoted HubReplicas ............................................... 66

FIGURE 4–16 New Fully-Meshed All-Master Topology ............................................................... 67

FIGURE 7–1 Migrating a Single-HostDeployment ................................................................... 117

FIGURE 7–2 Migrating a Multi-Master Replication Deployment ...........................................141

FIGURE 7–3 Migrating a Multi-HostDeployment with Windows NT ...................................143

Sun Condential: Registered

Tables

TABLE 1–1 Migration Matrix Showing Support for AutomatedMigration ........................... 28

TABLE 3–1 Change Log AttributeName Changes .................................................................... 41

TABLE 3–2 Fractional Replication Attribute Name Changes ................................................... 41

TABLE 3–3 Mapping Between 5 and 6.0 Password Policy Attributes ...................................... 43

TABLE 5–1 Directory Server 5 and 6 commands ....................................................................... 71

TABLE 5–2 Directory Server 5 and 6 Commands (Subcommands of the directoryserver

Command) ................................................................................................................. 73

TABLE 5–3 Version 5 Commands That Have Been Deprecated .............................................. 73

TABLE 5–4 Support for Plug-Ins .................................................................................................. 80

TABLE 5–5 Tools Previously Under ServerRoot/shared/bin .................................................... 80

TABLE 5–6 Location of Certicate and Key Files ....................................................................... 81

TABLE 5–7 Instance-SpecicSubdirectories ............................................................................. 82

TABLE 6–1 Mapping of Version 5 Global Conguration Attributes to 6.0 Properties ......... 84

TABLE 6–2 Mapping of Security Conguration ........................................................................ 86

TABLE 6–3 Mapping of Connection Pool Attributes ................................................................ 87

TABLE 6–4 Mapping Between Version 5 Group Attributes and Version 6 Connection

Handler Properties .................................................................................................... 88

TABLE 6–5 Mapping Between Version 5 Network Group Attributes and 6.0 Properties ..... 89

TABLE 6–6 Mapping of Directory Proxy Server 5 Bind Forwarding Attributes to Directory

Proxy Server 6 Connection Handler Property Settings ........................................ 90

TABLE 6–7 Mapping of Directory Proxy Server 5 Operation Forwarding Attributes to

Directory Proxy Server 6 Request Filtering Properties ......................................... 91

TABLE 6–8 Mapping Directory Proxy Server 5 Search Request Control Attributes to

Directory Proxy Server 6.0 Properties .................................................................... 93

TABLE 6–9 Mapping of Directory Proxy Server 5 Compare Request Control Attributes to

Directory Proxy Server 6 Properties ....................................................................... 93

TABLE 6–10 Mapping of Directory Proxy Server 5 Search Request Modifying Attributes to

Directory Proxy Server 6 Properties ....................................................................... 94

TABLE 6–11 Mapping of Directory Proxy Server 5 Search Response Restriction Attributesto

Directory Proxy Server 6.0 Properties .................................................................... 95

Sun Condential: Registered

Tables

TABLE 6–12 Mapping of Directory Proxy Server 5 Referral Conguration Attributes to

Directory Proxy Server 6 resource limits Properties ............................................. 96

TABLE 6–13 Mapping of Directory Proxy Server 5 Server Load Conguration Attributes to

Directory Proxy Server 6.0 Resource Limits Properties ....................................... 96

TABLE 6–14 Mapping of Directory Proxy Server 5 Server Load Conguration Attributes to

Directory Proxy Server 6 Resource Limits Properties .......................................... 98

TABLE 6–15 Mapping of ids-proxy-sch-LDAPServer Attributes to Data Source Properties

...................................................................................................................................... 99

TABLE 6–16 Mapping of Version 5 Search Size Limit Attributes to 6.0 Properties ...............101

TABLE 6–17 Version 5 and Version 6 Log Functionality .......................................................... 102

TABLE 6–18 Mapping Between Version 5 Event Attributes and Version 6 Connection

Handler Properties .................................................................................................. 103

TABLE 7–1 Component Distribution in a Multi-Master Replication Deployment ............ 140

TABLE 7–2 Multi-Host Deployment .........................................................................................142

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200712

Sun Condential: Registered

Examples

EXAMPLE 7–1 Sample Export Conguration File .........................................................................109

Sun Condential: Registered

Preface

This Migration Guide describes how to migrate the components of Directory Server Enterprise Edition to version 6.0. The guide provides migration instructions for Directory Server, Directory Proxy Server, and Identity Synchronization for Windows.

Who Should Use This Book

This guide is intended for directory service administrators who are migrating to Directory Server Enterprise Edition 6.0. The guide might also be useful to business planners who are considering migrating to the new version.

BeforeYou Read This Book

If you are not yet familiar with this version of Directory Server Enterprise Edition, you might want to start by evaluating the new features and capabilities of the product. For more information, see the Sun Java System Directory Server Enterprise Edition 6.0 Evaluation Guide and the Sun Java System Directory Server Enterprise Edition 6.0 Release Notes.

HowThis Book Is Organized

Chapter 1 describes the steps involved in migrating to Directory Server 6.0.

Chapter 2 explains how to use the migration tool provided with Directory Server 6.0.

Chapter 3 describes the process for manual migration of each part of Directory Server.

Chapter 4 describes the issues involved in migrating replicated servers.

Chapter 5 describes the architectural changes in Directory Server 6.0 that aect migration from

a previous version.

Chapter 6 describes how the conguration properties in Directory Proxy Server 6.0 can be used

to simulate a version 5 conguration.

Chapter 7 describes the steps involved in migrating to Identity Synchronization for Windows

6.0.

Sun Condential: Registered

Preface

Directory Server Enterprise Edition Documentation Set

This Directory Server Enterprise Edition documentation set explains how to use Sun Java System Directory Server Enterprise Edition to evaluate, design, deploy, and administer directory services. In addition, it shows how to develop client applications for Directory Server Enterprise Edition. The Directory Server Enterprise Edition documentation set is available at

http://docs.sun.com/coll/1224.1.

For an introduction to Directory Server Enterprise Edition, review the following documents in the order in which they are listed.

TABLE P–1 Directory Server Enterprise Edition Documentation

Document Title Contents

Sun Java System Directory Server Enterprise Edition 6.0 Release Notes

Sun Java System Directory Server Enterprise Edition 6.0 Documentation Center

Sun Java System Directory Server Enterprise Edition 6.0 Evaluation Guide

Sun Java System Directory Server Enterprise Edition 6.0 Deployment Planning Guide

Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide

Contains the latest information about Directory Server Enterprise Edition, including known problems.

Contains links to key areas of the documentation set.

Introduces the key features of this release. Demonstrates how these features work and what they oer in the context of a ctional deployment that you can implement on a single system.

Explains how to plan and design highly available, highly scalable directory services based on Directory Server Enterprise Edition. Presents the basic concepts and principles of deployment planning and design. Discusses the solution life cycle, and provides high-level examples and strategies to use when planning solutions based on Directory Server Enterprise Edition.

Explains how to install the Directory Server Enterprise Edition software. Shows how to select which components to install, congure those components after installation, and verify that the congured components function properly.

For instructions on installing Directory Editor, go to

http://docs.sun.com/coll/DirEdit_05q1.

Make sure you read the information in Sun Java System Directory Server Enterprise Edition 6.0 Release Notes concerning Directory Editor before you

install Directory Editor.

Provides instructions for upgrading components from earlier versions of Directory Server, Directory Proxy Server, and Identity Synchronization for Windows.

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200716

Sun Condential: Registered

TABLE P–1 Directory Server Enterprise Edition Documentation (Continued)

Document Title Contents

Preface

Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide

Sun Java System Directory Server Enterprise Edition 6.0 Developer’s Guide

Sun Java System Directory Server Enterprise Edition 6.0 Reference

Sun Java System Directory Server Enterprise Edition 6.0 Man Page Reference

Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Redistributable Files

Directory Server Enterprise Edition does not provide any les that you can redistribute.

Default Paths and Command Locations

This section explains the default paths used in the documentation, and gives the locations of commands on dierent operating systems and deployment types.

Default Paths

The table in this section describes the default paths that are used in this document. For full descriptions of the les installed, see also Chapter 15, “Directory Server File Reference,” in Sun Java System Directory Server Enterprise Edition 6.0 Reference, Chapter 26, “Directory Proxy Server File Reference,” in Sun Java System Directory Server Enterprise Edition 6.0 Reference,or Appendix A, “Directory Server Resource Kit File Reference,” in Sun Java System Directory Server Enterprise Edition 6.0 Reference.

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200718

Sun Condential: Registered

TABLE P–2 DefaultPaths

Placeholder Description Default Value

Preface

install-path Represents the base installation

directory for Directory Server Enterprise Edition software.

The software is installed in directories below this base install-path.For example, Directory Server software is installed in install-path/ds6/.

instance-path Represents the full path to an instance

of Directory Server or Directory Proxy Server.

The documentation uses /local/ds/ for Directory Server and /local/dps/ for Directory Proxy Server.

serverroot Represents the parent directory of the

Identity Synchronization for Windows installation location

isw-hostname Represents the Identity

Synchronization for Windows instance directory

When you install from a zip distribution using dsee_deploy(1M), the default install-path is the current directory. You can set the install-path using the -i option of the dsee_deploy command. When you install from a native package distribution, such as you would using the Java Enterprise System installer, the default install-path is one of the following locations:

■

Solaris systems - /opt/SUNWdsee/.

■

HP-UX systems - /opt/sun/.

■

Red Hat systems - /opt/sun/.

■

Windows systems - C:\Program Files\Sun\JavaES5\DSEE.

No default path exists. Instance paths must nevertheless always be found on a local le system.

The following directories are recommended:

/var on Solaris systems

/global if you are using Sun Cluster

Depends on your installation. Note the concept of a serverroot no longer exists for Directory Server.

Depends on your installation

/path/to/cert8.db Represents the default path and le

name of the client’s certicate database for Identity Synchronization for Windows

serverroot/isw-hostname/

logs/

Represents the default path to the Identity Synchronization for Windows local logs for the System Manager, each connector, and the Central Logger

serverroot/isw-hostname/

logs/central/

Represents the default path to the Identity Synchronization for Windows central logs

Sun Condential: Registered

current-working-dir/cert8.db

Depends on your installation

Preface

Command Locations

The table in this section provides locations for commands that are used in Directory Server Enterprise Edition documentation. To learn more about each of the commands, see the relevant man pages.

TABLE P–3 CommandLocations

Command Java ES, Native Package Distribution Zip Distribution

cacaoadm Solaris -

/usr/sbin/cacaoadm

Red Hat, HP-UX -

/opt/sun/cacao/bin/cacaoadm

Windows -

install-path\share\

cacao_2.0\bin\cacaoadm.bat

certutil Solaris -

/usr/sfw/bin/certutil

Red Hat, HP-UX -

/opt/sun/private/bin/certutil

dpadm(1M) install-path/dps6/bin/dpadm install-path/dps6/bin/dpadm

dpconf(1M) install-path/dps6/bin/dpconf install-path/dps6/bin/dpconf

dsadm(1M) install-path/ds6/bin/dsadm install-path/ds6/bin/dsadm

dsccmon(1M) install-path/dscc6/bin/dsccmon install-path/dscc6/bin/dsccmon

dsccreg(1M) install-path/dscc6/bin/dsccreg install-path/dscc6/bin/dsccreg

Solaris -

install-path/dsee6/

cacao_2.0/usr/lib/cacao/bin/cacaoadm

Red Hat, HP-UX -

install-path/dsee6/

cacao_2.0/cacao/bin/cacaoadm

Windows -

install-path\

dsee6\cacao_2.0\bin\cacaoadm.bat

install-path/dsee6/bin/certutil

dsccsetup(1M) install-path/dscc6/bin/dsccsetup install-path/dscc6/bin/dsccsetup

dsconf(1M) install-path/ds6/bin/dsconf install-path/ds6/bin/dsconf

dsee_deploy(1M) Not provided install-path/dsee6/bin/dsee_deploy

dsmig(1M) install-path/ds6/bin/dsmig install-path/ds6/bin/dsmig

entrycmp(1) install-path/ds6/bin/entrycmp install-path/ds6/bin/entrycmp

fildif(1) install-path/ds6/bin/fildif install-path/ds6/bin/fildif

idsktune(1M) install-path/dsrk6/bin/idsktune install-path/dsrk6/bin/idsktune

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200720

Sun Condential: Registered

TABLE P–3 Command Locations (Continued)

Command Java ES, Native Package Distribution Zip Distribution

insync(1) install-path/ds6/bin/insync install-path/ds6/bin/insync

ns-accountstatus(1M) install-path/ds6/bin/ns-accountstatus install-path/ds6/bin/ns-accountstatus

ns-activate(1M) install-path/ds6/bin/ns-activate install-path/ds6/bin/ns-activate

ns-inactivate(1M) install-path/ds6/bin/ns-inactivate install-path/ds6/bin/ns-inactivate

repldisc(1) install-path/ds6/bin/repldisc install-path/ds6/bin/repldisc

schema_push(1M) install-path/ds6/bin/schema_push install-path/ds6/bin/schema_push

Preface

smcwebserver Solaris, Linux, HP-UX-

/usr/sbin/smcwebserver

Windows -

install-path\share\

webconsole\bin\smcwebserver

wcadmin Solaris, Linux, HP-UX -

/usr/sbin/wcadmin

Windows -

install-path\share\

webconsole\bin\wcadmin

Typographic Conventions

The following table describes the typographic changes that are used in this book.

TABLE P–4 TypographicConventions

Typeface Meaning Example

AaBbCc123 The names of commands, les, and

directories, and onscreen computer output

This command pertains only to Directory Service Control Center, which is not available in the zip distribution.

Edit your .login le.

Use ls -a to list all les.

machine_name% you have mail.

AaBbCc123 What you type, contrasted with onscreen

computer output

AaBbCc123 A placeholder to be replaced with a real

name or value

Sun Condential: Registered

machine_name% su

Password:

The command to remove a le is rm lename.

Preface

TABLE P–4 Typographic Conventions (Continued)

Typeface Meaning Example

AaBbCc123 Book titles, new terms, and terms to be

emphasized (note that some emphasized items appear bold online)

Shell Prompts in Command Examples

The following table shows default system prompts and superuser prompts.

TABLE P–5 ShellPrompts

Shell Prompt

C shell on UNIX and Linux systems machine_name%

C shell superuser on UNIX and Linux systems machine_name#

Bourne shell and Korn shell on UNIX and Linux systems $

Bourne shell and Korn shell superuser on UNIX and Linux systems #

Microsoft Windows command line C:\

Symbol Conventions

Read Chapter 6 in the User's Guide.

A cache is a copy that is stored locally.

Do not save the le.

The following table explains symbols that might be used in this book.

TABLE P–6 SymbolConventions

Symbol Description Example Meaning

[] Contains optional arguments

and command options.

{|} Contains a set of choices for a

required command option.

${ } Indicates a variable

reference.

- Joins simultaneous multiple keystrokes.

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200722

Sun Condential: Registered

ls [-l] The -l option is not required.

-d {y|n} The -d option requires that you use

either the y argument or the n argument.

${com.sun.javaRoot} References the value of the

com.sun.javaRoot variable.

Control-A Press the Control key while you press

the A key.

TABLE P–6 Symbol Conventions (Continued)

Symbol Description Example Meaning

Preface

+ Joins consecutive multiple

keystrokes.

→ Indicates menu item

selection in a graphical user interface.

Ctrl+A+N Press the Control key, release it, and

File → New → Templates From the File menu, choose New.

Documentation, Support, and Training

The Sun web site provides information about the following additional resources:

■

Documentation (http://www.sun.com/documentation/)

■

Support (http://www.sun.com/support/)

■

Training (http://www.sun.com/training/)

Third-PartyWeb Site References

Third-party URLs are referenced in this document and provide additional, related information.

Note – Sun is not responsible for the availability of third-party web sites mentioned in this

document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through such sites or resources.

then press the subsequent keys.

From the New submenu, choose Templates.

Searching Sun Product Documentation

Besides searching for Sun product documentation from the docs.sun.com web site, you can use a search engine of your choice by typing the following syntax in the search eld:

search-term site:docs.sun.com

For example, to search for Directory Server, type the following:

"Directory Server" site:docs.sun.com

To include other Sun web sites in your search, such as java.sun.com, www.sun.com, and developers.sun.com, use sun.com in place of docs.sun.com in the search eld.

Sun Condential: Registered

Preface

Sun WelcomesYour Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. To share your comments, go to http://docs.sun.com and click Send Comments. In the online form, provide the full document title and part number. The part number is a 7-digit or 9-digit number that can be found on the book's title page or in the document's URL. For example, the part number of this book is 819-0994.

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200724

Sun Condential: Registered

CHAPTER 1

Overview of the Migration Process for Directory Server

This chapter describes the steps involved in migrating to Directory Server 6.0. Directory Server

6.0 provides a migration tool, dsmig, that automates aspects of the migration for certain platform/version combinations. If servers within your topology fall outside of these combinations, the same migration steps must be performed manually.

This chapter includes the following topics:

■

“Before You Migrate” on page 25

■

“Deciding on the New Product Distribution” on page 27

■

“Outline of Migration Steps” on page 27

■

“Deciding on Automatic or Manual Migration” on page 28

Before You Migrate

This chapter provides an overview of the upgrade and data migration process.

Before upgrading, familiarize yourself with the new features and xes available in the current version. Take the opportunity to review design decisions made during implementation of existing directory services. For a description of all new features and xes, see “What’s New at a Glance” in Sun Java System Directory Server Enterprise Edition 6.0 Evaluation Guide.For information about the new features that specically aect migration, see

Chapter 5.

Sun Condential: Registered

Before You Migrate

Prerequisites to Migrating a Single Directory Server Instance From 5.1

Before migrating from a 5.1 server instance, ensure that the following prerequisites are met:

■

Directory Server 6.0 must be installed. The new server can be installed on the same machine as the existing server or on a dierent machine.

■

Ensure that the new machine has sucient local disk space to house binaries and databases for both the old and new servers, and also enough extra space to hold LDIF les containing the entries in all existing suxes. You can estimate the local disk space required as somewhat larger than the following calculation.

local space required=2*(space for existing server) + (space for LDIF files)

Prerequisites to Migrating a Single Directory Server Instance From 5.2

Before migrating from a 5.2 server instance, ensure that the following prerequisites are met:

■

Directory Server 6.0 must be installed. The new server can be installed on the same machine as the existing server or on a dierent machine.

■

local space required=2*(space for existing server) + (space for LDIF files)

■

If you are using the automatic migration tool, the following two prerequisites must be met:

■

The existing server instance must be stopped cleanly.

■

If the new server is located on a dierent machine, a complete image of the original server instance must be created on the new machine. This includes all schema les, conguration les, security les, and database les, in an identical layout to the original server root.

To determine whether you should use automatic or manual migration, see

Automatic or Manual Migration” on page 28

■

If your Directory Server deployment includes Identity Synchronization for Windows, you

“Deciding on

must uninstall Identity Synchronization for Windows before migrating to Directory Server

6.0. For information about migrating Identity Synchronization for Windows, see

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200726

Sun Condential: Registered

Chapter 7.

Deciding on the New Product Distribution

Directory Server 6.0 is provided in two distributions:

■

Java Enterprise System distribution. This distribution takes the form of operating system-specic packages, such as pkg for Solaris and rpm for Linux.

■

Compressed archive (zip) distribution.

There are two major dierences between these two distributions:

1. Installation from zip can be done anywhere on the system and as a non-root user. The Java Enterprise System distribution requires installation as a super user. It is also more dicult from an automated deployment perspective to install the packages anywhere but in the default location.

2. The zip distribution can be installed as many times as required and multiple distinct versions of the same product can coexist on a single operating system instance. This is not true for the Java Enterprise System distribution. The new version of certain shared component packages required by Directory Server are incompatible with the previous version of these packages. When you migrate to the new version of Directory Server using the Java Enterprise System distribution, the old Directory Server version will no longer run on that machine.

Outline of Migration Steps

Depending on your environment and the specic requirements of your organization, select the appropriate packaging format. Note that the Sun Java Web Console is currently available only in the Java Enterprise System distribution.

Outline of Migration Steps

Migration to Directory Server 6.0 can be broken down into the following distinct steps:

1. Migrating the Schema

2. Migrating the Security Settings

3. Migrating the Conguration

4. Migrating the Data

5. Migrating the Plug-Ins

6. Post-migration tasks

To avoid unforeseen problems with the migration, these steps should be performed in the order listed above. In certain cases, you can automate some or all of these steps, using the dsmig command. The following section indicates what can be automated and what must be done manually, depending on your existing deployment.

Chapter 1 • Overview of the Migration Process for Directory Server 27

Sun Condential: Registered

Deciding on Automatic or Manual Migration

This section provides a table that shows when you can use dsmig and when you need to migrate manually. It is based on the migration steps described in the previous section.

TABLE 1–1 Migration Matrix Showing Support for Automated Migration

From To Migration Step

Software

Version Version

5.1 6.0 Any Any Manual Manual Manual Manual Manual

5.2 6.0 Dierent Any dsmig dsmig dsmig Manual Manual

5.2 6.0 Same Dierent dsmig dsmig dsmig Manual Manual

5.2 6.0 Same Same dsmig dsmig dsmig dsmig Manual

The following two chapters explain how to perform each migration step outlined above, either automatically, or manually. For information on automatic migration, see Chapter 2.For information on manual migration, see Chapter 3.

(32/64–bit) OS Schema Cong Security Data Plug-Ins

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200728

Sun Condential: Registered

CHAPTER 2

Automated Migration Using the dsmig Command

Directory Server 6.0 provides a command-line migration tool to help you migrate from a Directory Server 5.2 instance to a Directory Server 6.0 instance. You can only use the migration tool if your deployment satises the requirements for automatic migration described in

“Deciding on Automatic or Manual Migration” on page 28.

The migration tool provides migration per instance. If several instances exist within the same server root, the migration tool must be run for each individual instance.

This chapter explains how to use the migration tool and covers the following topics:

■

“About the Automatic Migration Tool” on page 29

■

“Prerequisites for Running dsmig” on page 30

■

“Using dsmig to Migrate the Schema” on page 30

■

“Using dsmig to Migrate Security Data” on page 31

■

“Using dsmig to Migrate Conguration Data” on page 31

■

“Using dsmig to Migrate User Data” on page 35

■

“Tasks to be Performed After Automatic Migration” on page 35

About the Automatic Migration Tool

The migration tool, dsmig, is delivered with the Directory Server 6.0 packages. When these packages have been installed, dsmig is located in install-path/ds6/bin.

dsmig must be run on the machine on which the new Directory Server instance will be located. When the command is run, a migration directory is created within the new instance directory (new-instance-path/migration). This directory is a repository for data produced by the migration, including log les and migration status les.

dsmig includes a set of sub-commands and options, that map to the individual migration steps described in dsmig, see dsmig(1M).

“Outline of Migration Steps” on page 27. For information about the usage of

Sun Condential: Registered

Prerequisitesfor Running dsmig

Prerequisites for Running dsmig

In this section, old instance refers to the 5.2 instance and new instance refers to the Directory Server 6.0 instance.

Before you use dsmig to migrate an instance, ensure that the following tasks have been performed:

■

The Directory Server 6.0 packages (either zip, or native packages) have been installed.

The Directory Server 6.0 packages can be installed on the same machine that holds the Directory Server 5.2 instance, or on a dierent machine.

■

The old instance must have been stopped correctly.

A disorderly shutdown of the old instance will cause problems during the migration. Even if the old and new instance are on dierent machines, the old instance must be stopped before the migration is started.

■

dsmig has access to the old instance les.

■

If the old and new instances are on dierent machines, a complete image of the old instance must be created on the machine that hosts the new instance.

The complete image includes all the les required for migration of the instance (schema, conguration, security and database les). The complete image les must be located in the same directories as they were under the original Server Root. You can run cp -r to achieve this, provided none of the les have been relocated outside the Server Root.

You can create and start the new instance manually, but is not mandatory to create the new instance before running dsmig. dsmig checks whether a new Directory Server instance exists in the specied path. If a new instance exists, the commands are carried out on this instance. If a new instance does exist, the instance is created automatically.

The new instance can be created anywhere except for the exact location of the old instance.

Using dsmig to Migrate the Schema

Directory Server 5.2 schema les are located in serverRoot/slapd-instance-path/config/schema. Directory Server 6.0 schema les are located in INSTANCE-PATH/config/schema.

Directory Server 6.0 provides a new schema le, 00ds6pwp.ldif, that contains new password policy attributes. In addition, certain conguration attributes have been added to 00core.ldif. Apart from these les, the standard schema les provided with Directory Server 6.0 are identical to those provided in 5.2.

To migrate the schema automatically, run the following command:

$ dsmig migrate-schema old-instance-path new-instance-path

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200730

Sun Condential: Registered

+ 118 hidden pages

Sun Microsystems 8190994 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide

Preface

Who Should Use This Book

BeforeYou Read This Book

HowThis Book Is Organized

Directory Server Enterprise Edition Documentation Set

Related Reading

Redistributable Files

Default Paths and Command Locations

Default Paths

Command Locations

Typographic Conventions

Shell Prompts in Command Examples

Symbol Conventions

Documentation, Support, and Training

Third-PartyWeb Site References

Searching Sun Product Documentation

Sun WelcomesYour Comments

Overview of the Migration Process for Directory Server

Before You Migrate

Prerequisites to Migrating a Single Directory Server Instance From 5.1

Prerequisites to Migrating a Single Directory Server Instance From 5.2

Deciding on the New Product Distribution

Outline of Migration Steps

Deciding on Automatic or Manual Migration

Automated Migration Using the dsmig Command

About the Automatic Migration Tool

Prerequisitesfor Running dsmig

Using dsmig to Migrate the Schema