Sun Java System Communications Services 6 2005Q4 Schema Migration Guide

Choosing a Migration Path

As you read the scenarios and plan your migration path, keep in mind the following questions:

These questions can help you to decide which scenario to use as a model for your own migration path. For example:

However, no single scenario is likely to correspond exactly to your situation. The scenarios are general examples. They do not attempt to replicate an actual user installation.

Read the assumptions and characteristics at the start of each scenario. Read all the steps in the scenarios that most closely resemble your situation. Then refine your specific migration strategy based on those guidelines.

The scenarios are as follows:


Note –

Once you have become familiar with your particular migration issues and designed your migration strategy, it is a good practice to migrate on a test system before you migrate your production LDAP directory and Messaging and Calendar servers.


Potential Restrictions During Migration

Before you choose a migration strategy, you should understand the potential constraints on using the LDAP directory during the migration process.

Depending on the path you follow, old and new components might have to coexist during certain stages of the migration. Your installation temporarily could have a mixed environment, such as one of the following:

While your installation is in a mixed state, you might not be able to perform certain tasks such as domain provisioning. The following sections describe these issues in further detail.

Provisioning Tools

The following provisioning tools are available:

Provisioning Rules During Migration

While the directory data is being migrated (while the Schema Migration Utility, commdirmig, is running), you cannot perform any provisioning tasks of any type.

Provisioning Rules Before and After Schema Migration

Before and after the directory migration, your installation components can be in a mixed state, as described in Potential Restrictions During Migration. Constraints on provisioning depend on the relationships between the server version and configuration and the current schema level.

Provisioning Rules Before and After Schema Migration shows a matrix of the current directory schema level, the current server version and configuration, the provisioning tool you can use with each combination, and the provisioning constraints.

Table 2–1 Provisioning Constraints in a Mixed Environment

Directory Schema Level  

Server 5.x  

Server 6 - configured for Schema 1  

Server 6 - configured for Schema 2  

Schema 1 

For Messaging Server, use Delegated Administrator. For Calendar Server, use the Calendar Server command-line utilities. 

Full provisioning available. 

For Messaging Server, use Delegated Administrator. For Calendar Server, use the Calendar Server command-line utilities. 

Full provisioning available. 

Invalid combination for provisioning. * 

Schema 2, compatibility mode 

Use commadmin.

Full provisioning available. 

Use commadmin.

Full provisioning available. 

Invalid combination for provisioning. * 

Schema 2, native mode 

Invalid combination for provisioning. 

Use commadmin.

No domain provisioning. No administrative provisioning. 

Use commadmin.

Full provisioning available. 

* A Server 6 configured for Schema 2 will not run against a Schema 1 directory or a Schema 2, compatibility mode, directory. 

The following characteristics apply to the server-schema configurations shown in Provisioning Rules Before and After Schema Migration. They are numbered 1 - 9 for identification, not to indicate a required sequence of steps:

Provisioning Rules for Integration with Access Manager

After you migrate the directory to Schema 2 (native mode or compatibility mode), user-developed applications and provisioning tools must use the following rules for provisioning new entries:

Access Manager requires this hierarchy for provisioning user and group entries. Access Manager-based tools will not recognize users and groups provisioned under different nodes than the people node and group node, respectively.

Constraints in Compatibility Mode

In Schema 2, compatibility mode, a version 6 server and a 5.x server would provision using the DC Tree. In compatibility mode, the Messaging and Calendar servers continue to provision the LDAP directory exactly as they did in Schema 1.

inetDomainStatus

During the migration from Schema 1 to Schema 2, compatibility mode, the inetDomainStatus attribute is copied to the organization/domain node in the Organization Tree.

In compatibility mode, two instances of inetDomainStatus exist, one in the DC Tree and one in the Organization Tree.

A 5.x server would reference inetDomainStatus in the DC Tree. A version 6 server would reference inetDomainStatus in the Organization Tree.

Access Manager-based provisioning tools such as the Delegated Administrator console and command-line utility (commadmin) ensure that the two copies of inetDomainStatus maintain the same value (active or inactive).

Your own provisioning tools (if you use any) also must ensure that the two copies of inetDomainStatus are set to the same value.

Guidelines for Calendar Servers Using Two LDAP Directories

If a Calendar Server has configured separate LDAP directories for authentication and user preferences, you must run the Schema Migration Utility (commdirmig) against both directories.

To check if your Calendar Server deployment uses two different directories, examine the values for the following parameters in the Calendar Server configuration file, ics.conf:

local.authldapbasedn local.authldaphost

and

local.ugldapbasedn local.ugldaphost

If the basedn and host values for these parameters are different, Calendar Server is using two different LDAP directories.

Safeguards Built into the Migration

While the Schema Migration Utility (commdirmig) is running, Messaging and Calendar servers can stay online and continue to look up user entries in the LDAP directory. (However, no provisioning should take place during the migration.)

In addition, commdirmig provides the following safety features that let you control and stage the migration: