Chapter 6   Migration From Earlier Versions

This chapter is intended to provide a reference of the information migrated by the migrateInstance5 script. It describes which attributes are migrated automatically by the migration script, and which ones must be set manually.

In the case of migration from a 4.x Directory Server to a 5.2 Directory Server, it also describes the mapping of configuration parameters to configuration attributes and configuration entries in the new Directory Server.

For information on how to run the migrateInstance5 script, refer to the Sun ONE Directory Server Installation and Tuning Guide.

Migrating From Directory Server 4.x to 5.2

---

In the Directory Server 4.x architecture, all configuration parameters were stored in text files. In Sun ONE Directory Server 5.x, all configuration attributes are stored in LDAP configuration entries in the dse.ldif file.

This section describes the mapping of configuration parameters in Directory Server 4.x to the corresponding LDAP configuration entries and attributes in Sun ONE Directory Server 5.2.

Server Attributes

In Directory Server 4.x, configuration parameters are stored in the slapd.conf file under the /usr/netscape/server4/slapd-serverID directory.

The corresponding configuration attributes in Sun ONE Directory Server 5.2 are stored in the cn=config entry. Table 6-1 shows the mapping of Directory Server 4.x configuration parameters to Directory Server 5.2 configuration attributes.

Table 6-1    Mapping of Legacy Server Parameters to Configuration Attributes  

Legacy Configuration Parameter	Sun ONE Directory Server Configuration Attribute
accesscontrol	nsslapd-accesscontrol
error-logging-enabled	nsslapd-error-logging-enabled
audit-logging-enabled	nsslapd-audit-logging-enabled
logbuffering	nsslapd-accesslog-buffering
accesslog-logexpirationtime	nsslapd-accesslog-logexpirationtime
accesslog-logexpirationtimeunit	nsslapd-accesslog-logexpirationtimeunit
accesslog-maxlogdiskspace	nsslapd-accesslog-logmaxdiskspace
accesslog-minfreediskspace	nsslapd-accesslog-minfreediskspace
accesslog-logrotationtime	nsslapd-accesslog-logrotationtime
accesslog-logrotationtimeunit	nsslapd-accesslog-logrotationtimeunit
accesslog-maxlogsize	nsslapd-accesslog-maxlogsize
accesslog-MaxNumOfLogsPerDir	nsslapd-accesslog-maxlogsperdir
auditlog-logexpirationtime	nsslapd-auditlog-logexpirationtime
auditlog-logexpirationtimeunit	nsslapd-auditlog-logexpirationtimeunit
auditlog-maxlogdiskspace	nsslapd-auditlog-logmaxdiskspace
auditlog-minfreediskspace	nsslapd-auditlog-minfreediskspace
auditlog-logrotationtime	nsslapd-auditlog-logrotationtime
auditlog-logrotationtimeunit	nsslapd-auditlog-logrotationtimeunit
auditlog-maxlogsize	nsslapd-auditlog-maxlogsize
auditlog-MaxNumOfLogsPerDir	nsslapd-auditlog-maxlogsperdir
certmap-basedn	nsslapd-certmap-basedn
enquote_sup_oc	nsslapd-enquote_sup_oc
loglevel	nsslapd-error-loglevel
errorlog-logexpirationtime	nsslapd-errorlog-logexpirationtime
errorlog-logexpirationtimeunit	nsslapd-errorlog-logexpirationtimeunit
errorlog-maxlogdiskspace	nsslapd-errorlog-logmaxdiskspace
errorlog-minfreediskspace	nsslapd-errorlog-logminfreediskspace
errorlog-logrotationtime	nsslapd-errorlog-logrotationtime
errorlog-logrotationtimeunit	nsslapd-errorlog-logrotationtimeunit
errorlog-maxlogsize	nsslapd-errorlog-maxlogsize
errorlog-maxlogsperdir	nsslapd-errorlog-maxlogsperdir
idletimeout	nsslapd-idletimeout
ioblocktimeout	nsslapd-ioblocktimeout
lastmod	nsslapd-lastmod
listenhost	nsslapd-listenhost
maxdescriptors	nsslapd-maxdescriptors
(No equivalent)	nsslapd-depends-on-named
(No equivalent)	nsslapd-depends-on-type
referral	nsslapd-referral
reservedescriptors	nsslapd-reservedescriptors
rootpwstoragescheme	nsslapd-rootpwstoragescheme
schemacheck	nsslapd-schemacheck
secure-port	nsslapd-securePort
security	nsslapd-security
sizelimit	nsslapd-sizelimit
SSL3ciphers	nsslapd-SSL3ciphers
timelimit	nsslapd-timelimit
pw_change	passwordChange
pw_syntax	passwordCheckSyntax
pw_exp	passwordExp
pw_history	passwordHistory
pw_inhistory	passwordinHistory
pw_lockout	passwordLockout
pw_lockduration	passwordLockoutDuration
pw_maxage	passwordMaxAge
pw_maxfailure	passwordMaxFailure
pw_minage	passwordMinAge
pw_minlength	passwordMinLength
pw_must_change	passwordMustChange
pw_reset_failurecount	passwordResetFailureCount
pw_storagescheme	passwordStorageScheme
pw_unlock	passwordUnlock
pw_warning	passwordWarning
localhost	nsslapd-localhost
localuser	nsslapd-localuser
port	nsslapd-port
rootdn	nsslapd-rootdn
rootpw	nsslapd-rootpw
accesslog	nsslapd-accesslog
accesslog-level	nsslapd-accesslog-level
auditfile	nsslapd-auditlog
errorlog	nsslapd-errorlog
instancedir	nsslapd-instancedir
maxbersize	nsslapd-maxbersize
nagle	nsslapd-nagle
result_tweak	nsslapd-result_tweak
return_exact_case	nsslapd-return_exact_case
threadnumber	nsslapd-threadnumber
maxthreadsperconn	nsslapd-maxthreadsperconn

Database Attributes

In Directory Server 4.x, database parameters are stored in the slapd.ldbm.conf file under the /usr/netscape/server4/slapd-serverID directory.

Because one instance of Sun ONE Directory Server 5.x can manage several databases, the corresponding attributes in Sun ONE Directory Server 5.x are stored in a general entry for all databases (cn=config,cn=ldbm database,cn=plugins,cn=config), or in an entry specific to a particular database, of the form

cn=database instance name,cn=ldbm database,cn=config

Table 6-2 shows the mapping of general database configuration parameters between Directory Server 4.x and Directory Server 5.2.

Table 6-2    Mapping of General Legacy Database Parameters to Configuration Attributes

Legacy Configuration Parameter	Sun ONE Directory Server Configuration Attribute
allidsthreshold	nsslapd-allidsthreshold
lookthroughlimit	nsslapd-lookthroughlimit
mode	nsslapd-mode
database	OBSOLETE (used to specify database type)

Table 6-3 shows the mapping of database-specific parameters between Directory Server 4.x and Directory Server 5.2.

Table 6-3    Mapping of Database-Specific Legacy Parameters to Configuration Attributes

Legacy Configuration Parameter	Sun ONE Directory Server Configuration Attribute
cachesize	nsslapd-cachesize
readonly	nsslapd-readonly
directory	nsslapd-directory

Not all parameters are migrated by the migrateInstance5 script. Table 6-4 indicates the Directory Server 4.x parameters that are not migrated automatically, and why automatic migration is not done in each case.

Table 6-4    Legacy Parameters Not Migrated by the Migration Script

Legacy Configuration Parameter	Directory Server 5.2 Configuration Attribute	Reason
localhost	nsslapd-localhost	Already configured.
port	nsslapd-port	Configured manually during installation.
rootdn	nsslapd-rootdn	Configured manually during installation.
rootpw	nsslapd-rootpw	Configured manually during installation.
accesslog	nsslapd-accesslog	Set up automatically. Pathname of the database access log.
accessloglevel	nsslapd-accesslog-level	Reserved for future use. Do not use, change or remove. Doing so may have unpredictable results.
auditfile	nsslapd-auditlog	Set up automatically. Pathname of the log used to record changes made to the database.
errorlog	nsslapd-errorlog	Set up automatically. Pathname of the log used to record error msgs generated by Directory Server.
instancedir	nsslapd-instancedir	Set up during installation.
result_tweak	nsslapd-result_tweak	Reserved for future use. Do not use, change or remove. Doing so may have unpredictable results.
directory	nsslapd-directory	Set up during installation.
database	(No equivalent)	OBSOLETE (used to specify database type)

Table 6-5 indicates the parameters that are migrated but are potentially problematic. You are advised to check their values in the new installation:

Table 6-5    Legacy Parameters Migrated by the Migration Script

Legacy Configuration Parameter	Directory Server 5.2 Configuration Attribute
maxbersize	nsslapd-maxbersize
maxthreadsperconn	nsslapd-maxthreadsperconn
nagle	nsslapd-nagle
return_exact_case	nsslapd-return_exact_case
threadnumber	nsslapd-threadnumber

Upgrading From Directory Server 5.0 or 5.1 to 5.2

---

In Directory Server 5.0, 5.1, and 5.2, configuration information is stored in the same way. This section explains which configuration attributes are automatically migrated by the migrateInstance5 script, and which ones are not. Attributes which are not automatically migrated are either configured during the installation process for the new Directory Server, or need to be configured manually for security reasons after the initial setup.

General Server Configuration Attributes

The following list provides the configuration attributes stored in the cn=config entry that are automatically migrated when you run the migrateInstance5 script:

• nsslapd-accesscontrol
• nsslapd-errorlog-logging-enabled
• nsslapd-accesslog-logging-enabled
• nsslapd-auditlog-logging-enabled
• nsslapd-accesslog-level
• nsslapd-accesslog-logbuffering
• nsslapd-accesslog-logexpirationtime
• nsslapd-accesslog-logexpirationtimeunit
• nsslapd-accesslog-logmaxdiskspace
• nsslapd-accesslog-logminfreediskspace
• nsslapd-accesslog-logrotationtime
• nsslapd-accesslog-logrotationtimeunit
• nsslapd-accesslog-maxlogsize
• nsslapd-accesslog-maxlogsperdir
• nsslapd-attribute_name_exceptions
• nsslapd-auditlog-logexpirationtime
• nsslapd-auditlog-logexpirationtimeunit
• nsslapd-auditlog-logmaxdiskspace
• nsslapd-auditlog-logminfreediskspace
• nsslapd-auditlog-logrotationtime
• nsslapd-auditlog-logrotationtimeunit
• nsslapd-auditlog-maxlogsize
• nsslapd-auditlog-maxlogsperdir
• nsslapd-certmap-basedn
• nsslapd-ds4-compatible-schema
• nsslapd-enquote_sup_oc
• nsslapd-errorlog-level
• nsslapd-errorlog-logexpirationtime
• nsslapd-errorlog-logexpirationtimeunit
• nsslapd-errorlog-logmaxdiskspace
• nsslapd-errorlog-logminfreediskspace
• nsslapd-errorlog-logrotationtime
• nsslapd-errorlog-logrotationtimeunit
• nsslapd-errorlog-maxlogsize
• nsslapd-errorlog-maxlogsperdir
• nsslapd-groupevalnestlevel
• nsslapd-idletimeout
• nsslapd-ioblocktimeout
• nsslapd-lastmod
• nsslapd-listenhost
• nsslapd-maxdescriptors (Not applicable on NT and AIX platforms)
• nsslapd-nagle
• nsslapd-readonly
• nsslapd-referralmode
• nsslapd-plugin-depends-on-name
• nsslapd-plugin-depends-on-type
• nsslapd-referral
• nsslapd-reservedescriptors (Not applicable on NT and AIX platforms)
• nsslapd-rootpwstoragescheme
• nsslapd-schemacheck
• nsslapd-securePort
• nsslapd-security
• nsslapd-sizelimit
• nsslapd-SSL3ciphers
• nsslapd-timelimit

---

Note	The attribute nsslapd-errorlog-level has been deprecated in Sun ONE Directory Server 5.2. It is still supported for backward compatibility but has been replaced by the nsslapd-infolog-area (Information Log Area) and nsslapd-infolog-level (Information Log Level) attributes.

---

Table 6-6 lists the configuration attributes stored in the cn=config entry that are not automatically migrated when you run the migrateInstance5 script. Attributes that are not automatically migrated are either configured during the installation process for the new Directory Server, or need to be configured manually. The reason for not migrating an attribute is stated in the table.

Table 6-6    Attributes in cn=config Not Migrated

Attribute Name	Reason for not Migrating Automatically
nsslapd-localhost	Already set up.
nsslapd-localuser	Configured during the installation process.
nsslapd-port	Configured during the installation process.
nsslapd-rootdn	Configured during the installation process.
nsslapd-rootpw	Configured during the installation process.
nsslapd-accesslog	Path name to the log that records database access. It is set up during installation.
nsslapd-accesslog-list	Read-only attribute.
nsslapd-auditlog	Path name to the log that records changes made to the directory database. It is set up during installation.
nsslapd-accesslog-level	Read-only attribute.
nsslapd-errorlog	Path name to the log that records error messages generated by Directory Server. It is set up during installation.
nsslapd-errorlog-list	Read-only attribute.
nsslapd-instancedir	Configured during the installation process.
nsslapd-maxbersize	Do not change the value of this attribute unless told to do so by Sun ONE technical staff.
nsslapd-plug-in
nsslapd-result-tweak	Reserved for future use. Do not change or remove.
nsslapd-return-exact-case	Do not modify unless you have legacy client applications that can check the case of attribute names in results returned from the server.
nsslapd-threadnumber	This attribute is not available from the Directory Server Console.
nsslapd-maxthreadsperconn	This attribute corresponds to a system parameter.

Password Policy Attributes

The attributes that determine the password policy are stored in the entry cn=Password Policy,cn=config. Note that the location of these attributes has changed. In previous versions of Directory Server, they were located directly under cn=config. The following list provides the password policy attributes that are automatically migrated when you run the migrateInstance5 script:

• passwordChange
• passwordCheckSyntax
• passwordExp
• passwordExpireWithoutWarning
• passwordInHistory
• passwordLockout
• passwordLockoutDuration
• passwordMaxAge
• passwordMaxFailure
• passwordMinAge
• passwordMinLength
• passwordMustChange
• passwordResetFailureCount
• passwordStorageScheme
• passwordUnlock
• passwordWarning

Database Attributes

All general database configuration attributes are automatically migrated. These attributes are stored in the entry cn=config,cn=ldbm database, cn=plugins,cn=config, and are as follows:

• nsslapd-allidthreshold
• nsslapd-lookthroughlimit
• nsslapd-mode
• nsslapd-dbcachesize
• nsslapd-cache-autosize
• nsslapd-cache-autosize-split
• nsslapd-db-transaction-logging

Database-specific attributes are stored in entries of the form cn=database instance name,cn=ldbm database,cn=config. The following list provides the attributes that are migrated:

• nsslapd-cachesize
• nsslapd-cachememsize
• nsslapd-readonly
• nsslapd-require-index

Table 6-7 lists the attributes that are not migrated automatically and indicates why this is the case:

Table 6-7    Database-Specific Attributes Not Migrated 

Attribute Name	Reason For Not Migrating Automatically
nsslapd-directory	Set up automatically during installation.
nsslapd-db-logdirectory	Set up automatically during installation.
nsslapd-db-checkpoint-interval	This attribute is provided only for system modification/diagnostics and should be changed only under guidance from Sun ONE technical staff. Inconsistent settings of this attribute might cause Directory Server crashes.
nsslapd-db-durable-transactions	This attribute is provided only for system modification/diagnostics and should be changed only under guidance from Sun ONE technical staff. Inconsistent settings of this attribute might cause Directory Server crashes.
nsslapd-db-home-directory	If you have several directory servers running on the same machine, the value of this attribute must be different for each instance of the directory server. Therefore, it needs to be configured manually.

Chained Suffix Attributes

All chained suffix configuration attributes are migrated automatically. The following configuration attributes are common to all chained suffixes. These attributes are stored in the entry cn=config,cn=chaining database, cn=plugins,cn=config.

• nsActivechainingComponents
• nsTransmittedControls

The following configuration attributes apply to a default instance of a chained suffix. These attributes are stored in the entry cn=default instance config, cn=chaining database,cn=plugins,cn=config.

• nsAbandonedSearchCheckInterval
• nsBindConnectionsLimit
• nsBindTimeout
• nsBindRetryLimit
• nsHopLimit
• nsmaxresponsedelay
• nsmaxtestresponsedelay
• nsCheckLocalACI
• nsConcurrentBindLimit
• nsConcurrentOperationsLimit
• nsConnectionLife
• nsOperationConnectionslimit
• nsProxiedAuthorization
• nsReferralOnScopedSearch
• nsslapd-sizelimit
• nsslapd-timelimit

SNMP Attributes

All SNMP configuration attributes are automatically migrated. These attributes are stored in the entry cn=SNMP,cn=config, and are as follows:

• nssnmpenabled
• nssnmporganization
• nssnmplocation
• nssnmpcontact
• nssnmpdescription
• nssnmpmasterhost
• nssnmpmasterport