Sun ONE Directory Server 5.2 Reference Manual |
Chapter 6 Migration From Earlier Versions
This chapter is intended to provide a reference of the information migrated by the migrateInstance5 script. It describes which attributes are migrated automatically by the migration script, and which ones must be set manually.
In the case of migration from a 4.x Directory Server to a 5.2 Directory Server, it also describes the mapping of configuration parameters to configuration attributes and configuration entries in the new Directory Server.
For information on how to run the migrateInstance5 script, refer to the Sun ONE Directory Server Installation and Tuning Guide.
Migrating From Directory Server 4.x to 5.2
In the Directory Server 4.x architecture, all configuration parameters were stored in text files. In Sun ONE Directory Server 5.x, all configuration attributes are stored in LDAP configuration entries in the dse.ldif file.
This section describes the mapping of configuration parameters in Directory Server 4.x to the corresponding LDAP configuration entries and attributes in Sun ONE Directory Server 5.2.
Server Attributes
In Directory Server 4.x, configuration parameters are stored in the slapd.conf file under the /usr/netscape/server4/slapd-serverID directory.
The corresponding configuration attributes in Sun ONE Directory Server 5.2 are stored in the cn=config entry. Table 6-1 shows the mapping of Directory Server 4.x configuration parameters to Directory Server 5.2 configuration attributes.
Database Attributes
In Directory Server 4.x, database parameters are stored in the slapd.ldbm.conf file under the /usr/netscape/server4/slapd-serverID directory.
Because one instance of Sun ONE Directory Server 5.x can manage several databases, the corresponding attributes in Sun ONE Directory Server 5.x are stored in a general entry for all databases (cn=config,cn=ldbm database,cn=plugins,cn=config), or in an entry specific to a particular database, of the form
cn=database instance name,cn=ldbm database,cn=config
Table 6-2 shows the mapping of general database configuration parameters between Directory Server 4.x and Directory Server 5.2.
Table 6-3 shows the mapping of database-specific parameters between Directory Server 4.x and Directory Server 5.2.
Not all parameters are migrated by the migrateInstance5 script. Table 6-4 indicates the Directory Server 4.x parameters that are not migrated automatically, and why automatic migration is not done in each case.
Table 6-5 indicates the parameters that are migrated but are potentially problematic. You are advised to check their values in the new installation:
Upgrading From Directory Server 5.0 or 5.1 to 5.2
In Directory Server 5.0, 5.1, and 5.2, configuration information is stored in the same way. This section explains which configuration attributes are automatically migrated by the migrateInstance5 script, and which ones are not. Attributes which are not automatically migrated are either configured during the installation process for the new Directory Server, or need to be configured manually for security reasons after the initial setup.
General Server Configuration Attributes
The following list provides the configuration attributes stored in the cn=config entry that are automatically migrated when you run the migrateInstance5 script:
- nsslapd-accesscontrol
- nsslapd-errorlog-logging-enabled
- nsslapd-accesslog-logging-enabled
- nsslapd-auditlog-logging-enabled
- nsslapd-accesslog-level
- nsslapd-accesslog-logbuffering
- nsslapd-accesslog-logexpirationtime
- nsslapd-accesslog-logexpirationtimeunit
- nsslapd-accesslog-logmaxdiskspace
- nsslapd-accesslog-logminfreediskspace
- nsslapd-accesslog-logrotationtime
- nsslapd-accesslog-logrotationtimeunit
- nsslapd-accesslog-maxlogsize
- nsslapd-accesslog-maxlogsperdir
- nsslapd-attribute_name_exceptions
- nsslapd-auditlog-logexpirationtime
- nsslapd-auditlog-logexpirationtimeunit
- nsslapd-auditlog-logmaxdiskspace
- nsslapd-auditlog-logminfreediskspace
- nsslapd-auditlog-logrotationtime
- nsslapd-auditlog-logrotationtimeunit
- nsslapd-auditlog-maxlogsize
- nsslapd-auditlog-maxlogsperdir
- nsslapd-certmap-basedn
- nsslapd-ds4-compatible-schema
- nsslapd-enquote_sup_oc
- nsslapd-errorlog-level
- nsslapd-errorlog-logexpirationtime
- nsslapd-errorlog-logexpirationtimeunit
- nsslapd-errorlog-logmaxdiskspace
- nsslapd-errorlog-logminfreediskspace
- nsslapd-errorlog-logrotationtime
- nsslapd-errorlog-logrotationtimeunit
- nsslapd-errorlog-maxlogsize
- nsslapd-errorlog-maxlogsperdir
- nsslapd-groupevalnestlevel
- nsslapd-idletimeout
- nsslapd-ioblocktimeout
- nsslapd-lastmod
- nsslapd-listenhost
- nsslapd-maxdescriptors (Not applicable on NT and AIX platforms)
- nsslapd-nagle
- nsslapd-readonly
- nsslapd-referralmode
- nsslapd-plugin-depends-on-name
- nsslapd-plugin-depends-on-type
- nsslapd-referral
- nsslapd-reservedescriptors (Not applicable on NT and AIX platforms)
- nsslapd-rootpwstoragescheme
- nsslapd-schemacheck
- nsslapd-securePort
- nsslapd-security
- nsslapd-sizelimit
- nsslapd-SSL3ciphers
- nsslapd-timelimit
Note The attribute nsslapd-errorlog-level has been deprecated in Sun ONE Directory Server 5.2. It is still supported for backward compatibility but has been replaced by the nsslapd-infolog-area (Information Log Area) and nsslapd-infolog-level (Information Log Level) attributes.
Table 6-6 lists the configuration attributes stored in the cn=config entry that are not automatically migrated when you run the migrateInstance5 script. Attributes that are not automatically migrated are either configured during the installation process for the new Directory Server, or need to be configured manually. The reason for not migrating an attribute is stated in the table.
Password Policy Attributes
The attributes that determine the password policy are stored in the entry cn=Password Policy,cn=config. Note that the location of these attributes has changed. In previous versions of Directory Server, they were located directly under cn=config. The following list provides the password policy attributes that are automatically migrated when you run the migrateInstance5 script:
- passwordChange
- passwordCheckSyntax
- passwordExp
- passwordExpireWithoutWarning
- passwordInHistory
- passwordLockout
- passwordLockoutDuration
- passwordMaxAge
- passwordMaxFailure
- passwordMinAge
- passwordMinLength
- passwordMustChange
- passwordResetFailureCount
- passwordStorageScheme
- passwordUnlock
- passwordWarning
Database Attributes
All general database configuration attributes are automatically migrated. These attributes are stored in the entry cn=config,cn=ldbm database, cn=plugins,cn=config, and are as follows:
- nsslapd-allidthreshold
- nsslapd-lookthroughlimit
- nsslapd-mode
- nsslapd-dbcachesize
- nsslapd-cache-autosize
- nsslapd-cache-autosize-split
- nsslapd-db-transaction-logging
Database-specific attributes are stored in entries of the form cn=database instance name,cn=ldbm database,cn=config. The following list provides the attributes that are migrated:
- nsslapd-cachesize
- nsslapd-cachememsize
- nsslapd-readonly
- nsslapd-require-index
Table 6-7 lists the attributes that are not migrated automatically and indicates why this is the case:
Chained Suffix Attributes
All chained suffix configuration attributes are migrated automatically. The following configuration attributes are common to all chained suffixes. These attributes are stored in the entry cn=config,cn=chaining database, cn=plugins,cn=config.
- nsActivechainingComponents
- nsTransmittedControls
The following configuration attributes apply to a default instance of a chained suffix. These attributes are stored in the entry cn=default instance config, cn=chaining database,cn=plugins,cn=config.
- nsAbandonedSearchCheckInterval
- nsBindConnectionsLimit
- nsBindTimeout
- nsBindRetryLimit
- nsHopLimit
- nsmaxresponsedelay
- nsmaxtestresponsedelay
- nsCheckLocalACI
- nsConcurrentBindLimit
- nsConcurrentOperationsLimit
- nsConnectionLife
- nsOperationConnectionslimit
- nsProxiedAuthorization
- nsReferralOnScopedSearch
- nsslapd-sizelimit
- nsslapd-timelimit
SNMP Attributes
All SNMP configuration attributes are automatically migrated. These attributes are stored in the entry cn=SNMP,cn=config, and are as follows:
- nssnmpenabled
- nssnmporganization
- nssnmplocation
- nssnmpcontact
- nssnmpdescription
- nssnmpmasterhost
- nssnmpmasterport