Appendix B       Common Migration Procedures


This appendix describes procedures common to a number of migration scenarios. This appendix consists of the following sections:

• "Upgrading SIMS/Netscape Messaging Server to Netscape Directory Server 4.12".

• "Supporting a Multiple Schemas".
  • "Enabling Multi-schema Support On SIMS".

  • "Enabling Multi-schema Support On Netscape Messaging Server 4.x".

• "Using Existing Directory Information Trees in the iPlanet Messaging Server".
  • "Mapping an Netscape Messaging Server Namespace with a Single Domain to an iPlanet Messaging Server Namespace".

  • "Mapping a Netscape Messaging Server Namespace with Multiple Domains to an iPlanet Messaging Server Namespace".

  • "Using SIMS Directory Namespaces".

Upgrading SIMS/Netscape Messaging Server to Netscape Directory Server 4.12

---

Installations using Sun Directory Server or earlier versions of Netscape Directory Server should upgrade to Netscape Directory Server 4.12 before installing the iPlanet Messaging Server. For information on upgrading from an earlier version of the Netscape Directory Server to version 4.12, refer to the Netscape Directory Server documentation. For information on upgrading from the Sun Directory Server to the Netscape Directory Server version 4.12, refer to Appendix A of the SIMS 4.0 Installation Guide at http://docs.iplanet.com/docs/manuals/messaging/sims40/install/cookbook.doc.html#1000692.

Supporting a Multiple Schemas

---

In some migration scenarios, it may be necessary to simultaneously support the iPlanet Messaging Server and SIMS 4.0 or Netscape Messaging Server 4.1 schemas while migration is taking place. This involves installing the merged schema files for SIMS and Netscape Messaging Server. The merged schema files must be installed on the LDAP master server as well as on all its replicas.

The two merged schema files, merged.oc.conf and merged.at.conf, provide schema support for the SIMS, the Netscape Messaging Server and iPlanet Messaging Servers. These files are located at <CDRoot>/solaris/migrate/schema. They are also packaged with the migration toolkit.

To install the merged schema file, copy the files to <ServerRoot>/slapd-<instance>/config. Depending on whether you are running SIMS or the Netscape Messaging Server, you will need to perform a few more procedures. These are described below.

Enabling Multi-schema Support On SIMS

1. Comment out the following files from the ns-schema.conf file in the config directory of the Netscape Directory Server.

   #include $INSTANCEROOT/ns-mail-schema.conf

2. Comment out the following files from the slapd.conf file in the config directory of the Netscape Directory Server being used.

   #include $INSTANCEROOT/config/sims-sisp.at.conf
   #include $INSTANCEROOT/config/sims-sisp.oc.conf
   #include $INSTANCEROOT/config/sims.at.conf
   #include $INSTANCEROOT/config/sims.oc.conf

3. Add the merged.oc.conf and merged.at.conf to the ns-schema.conf file using the appropriate include statements. Note that merged.oc.conf must be included first. Example:

   include "<ServerRoot>/slapd-<instance>/config/merged.at.conf"
   include "<ServerRoot>/slapd-<instance>/config/merged.oc.conf"

4. Do a directory server restart (GUI or command line) to have the changes take effect.

Enabling Multi-schema Support On Netscape Messaging Server 4.x

1. Open file <ServerRoot>/slapd-<instance>/config/slapd.conf and add the following two lines. (The at.conf files must precede the oc.conf file).

   include "<ServerRoot>/slapd-<instance>/config/merged.at.conf"
   include "<ServerRoot>/slapd-<instance>/config/merged.oc.conf"

2. In file ns-schema.conf, comment out the following line:

# include "<ServerRoot>/slapd-<instance>/config/ns-mail-schema.conf"

3. Do a directory server restart (GUI or command line) to install the merged schema files.

Using Existing Directory Information Trees in the iPlanet Messaging Server

---

The iPlanet Messaging Server allows you to use the existing directory information trees (DITs) from your SIMS 4.0 deployments and some Netscape Messaging Server 4.1 deployments (see "Netscape Messaging Server 4.x Directory Namespace Limitations"). This section describe the following namespace migration scenarios:

• "Mapping an Netscape Messaging Server Namespace with a Single Domain to an iPlanet Messaging Server Namespace".

• "Mapping a Netscape Messaging Server Namespace with Multiple Domains to an iPlanet Messaging Server Namespace".

• "Using SIMS Directory Namespaces".

Mapping an Netscape Messaging Server Namespace with a Single Domain to an iPlanet Messaging Server Namespace

To describe how to map a Netscape Messaging Server namespace with a single domain to the iPlanet Messaging Server namespace, let us start by showing a simplified example of an Netscape Messaging Server namespace with a single domain (Figure B-1).

Figure B-1    Netscape Messaging Server Single Domain Namespace

When the iPlanet Messaging Server is installed (Figure B-2) three things relating to namespace mapping occur: 1) A DC Tree with a default domain node is created; 2) An empty default domain is created in the Organization Tree; 3) The inetDomainBaseDN attribute in DC Tree's default domain entry is set to the default domain node in the Organization Tree. (inetDomainBaseDN is the DN of the organization subtree where all user/group entries are stored.)

Figure B-2    Single-domain Namespace after iPlanet Messaging Server is Installed (underscored nodes created by install program)

The iPlanet Messaging Server will not work in this configuration because the DC Tree needs to be mapped to the Organization Tree where the user and group entries exist. This involves setting the inetDomainBaseDN in the DC Tree domain entry to point to the organization subtree containing the user and group data.

Using our example, the simplest way to map the Netscape Messaging Server namespace to the iPlanet Messaging Server namespace is shown in Figure B-3.

Figure B-3    Single-domain Netscape Messaging Server Namespace Mapped to iPlanet Messaging Server Namespace—Delegated Administrator and Hosted Domains Not Supported

In this example, we changed the attribute-value pair in the DC Tree domain node entry dc=siroe,dc=com,o=internet from
inetDomainBaseDN: o=siroe.com,o=siroe.com
to
inetDomainBaseDN: o=siroe.com.
This can be done with following LDIF change file:

dn: dc=siroe,dc=com,o=internet
changetype: modify
replace: inetdomainbasedn
inetDomainBaseDN: o=siroe.com

While this namespace configuration will work with the iPlanet Messaging Server, it will not support Delegated Administrator or hosted domains. To support Delegated Administrator and hosted domains, user and group entries must be moved into the organization subtree node, and the inetDomainBaseDN attribute in the DC Tree domain node needs to be reset as shown in Figure B-4.

Figure B-4    Single-domain Netscape Messaging Server Namespace Mapped to iPlanet Messaging Server Namespace—Delegated Administrator and Hosted Domains Supported

In this example we did the following:

1. In the Organization Tree we changed root suffix to o=siroe.com to o=isp. While this wasn't operationally necessary, it makes the Organization Tree more standard.

2. In the Organization Tree we moved user and group entries from ou=people,o=siroe.com and ou=groups,o=siroe.com to ou=people,o=siroe.com,o=isp and ou=group,o=siroe.com,o=isp.

3. In the DC Tree entry dc=siroe,dc=com,o=internet we replaced the existing inetDomainBaseDN attribute value pair with
   inetDomainBaseDN: o=siroe.com,o=isp

This namespace configuration will now support Delegated Administrator and hosted domains. To add Delegated Administrator functionality, run the imsdaaci command (packaged with the migration toolkit). This generates an LDIF file that can be used to create a Delegated Administrator Service Administrator Group and Delegated Administrator Domain Administrator Group along with the required ACIs.

<ServerRoot>/bin/msg/migrate/bin/imsdaaci

Use ldapmodify to add the LDIF file into the DIT. For an explanation of the ACIs refer to the iPlanet Messaging Server Provisioning Guide

Mapping a Netscape Messaging Server Namespace with Multiple Domains to an iPlanet Messaging Server Namespace

To describe how to map a Netscape Messaging Server namespace with multiple domains to the iPlanet Messaging Server namespace, let us start by showing a simplified example of a Netscape Messaging Server namespace with multiple domains (Figure B-5).

Figure B-5    Netscape Messaging Server Multiple Domain Namespace

When the iPlanet Messaging Server is installed (Figure B-6) three things relating to namespace mapping occur: 1) A DC Tree with a default domain node is created; 2) An empty default domain is created in the Organization Tree; 3) The inetDomainBaseDN attribute in DC Tree's default domain entry is set to the default domain node in the Organization Tree. (inetDomainBaseDN is the DN of the organization subtree where all user/group entries are stored.)

Figure B-6    Multiple-domain Namespace after iPlanet Messaging Server is Installed (underscored nodes created by install program)

The iPlanet Messaging Server will not work in this configuration because the DC Tree needs to be mapped to the Organization Tree where the user and group entries exist. This involves two steps: 1) For each domain in the Organization Tree, a corresponding domain node in the DC Tree must be created; 2) The inetDomainBaseDN attribute in each DC Tree domain entry must be set to the organization subtree containing the user and group data.

Using our example, the simplest way to map the Netscape Messaging Server namespace to the iPlanet Messaging Server namespace is shown in Figure B-7.

Figure B-7    Simple Multiple-domain Netscape Messaging Server Namespace Mapping to iPlanet Messaging Server Namespace—Delegated Administrator and Hosted Domains Not Supported (underscored nodes created by administrator)

In this example, we created a new DC Tree domain node called dc=varrius,dc=org,o=internet. (See the iPlanet Messaging Server Provisioning Guide for details on how to do this.) We also replaced the inetDomainBaseDN attribute-value pair in dc=siroe,dc=com,o=internet and dc=varrius,dc=org,o=internet with inetDomainBaseDN: o=siroe.com

While this namespace configuration will work in the iPlanet Messaging Server, it will not support Delegated Administrator or hosted domains. To support Delegated Administrator and hosted domains, separate domain nodes in the Organization Tree and the DC Tree need to be created, user and group entries need to be moved into those Organization Tree nodes, and the inetDomainBaseDN attribute in the DC Tree domain nodes need to be reset. This is shown in Figure B-8.

Figure B-8    Multiple-domain Netscape Messaging Server Namespace Mapped to DC Tree in the iPlanet Messaging Server Namespace—Delegated Administrator and Hosted Domains Supported (underscored nodes created/changed by administrator)

In this example we did the following:

1. In the Organization Tree we changed root suffix from o=siroe.com to o=isp. While this wasn't operationally necessary, it makes the Organization Tree more standard.

2. In the Organization Tree we created the subtree o=varrius.org,o=isp as well as two containers, ou=people and ou=groups. (See the iPlanet Messaging Server Provisioning Guide for information on how to create domains and containers.)

3. In the Organization Tree we moved user and group entries from ou=people,o=siroe.com and ou=groups,o=siroe.com to the people and group containers in varrius.org and siroe.com

4. In the DC Tree, we created the domain nodes dc=org,o=internet and dc=varrius,dc=org,o=internet

5. In the domain node entries dc=siroe,dc=com,o=internet and dc=varrius,dc=org,o=internet we added the attribute value pair inetDomainBaseDN: o=siroe.com,o=isp and inetDomainBaseDN: o=varrius.org,o=isp.

This namespace configuration will now support Delegated Administrator and hosted domains. To add Delegated Administrator functionality, run the imsdaaci command (packaged with the migration toolkit). This generates an LDIF file that can be used to create a Delegated Administrator Service Administrator Group and Delegated Administrator Domain Administrator Group along with the required ACIs.

<ServerRoot>/bin/msg/migrate/bin/imsdaaci

Use ldapmodify to add the LDIF file into the DIT. For an explanation of the ACIs refer to the iPlanet Messaging Server Provisioning Guide

Using SIMS Directory Namespaces

Using a SIMS 4.0 DIT with the iPlanet Messaging Server simply involves running the imsdirmig utility. This procedure is described in the sections discussing the various SIMS migration scenarios.

imsdirmig sets the inetDomainBaseDN attribute for each DC Tree domain entry to the domain node containing the user/group data. This value is the domain node itself. For the directory below, the domain entry for dc=siroe,dc=com,o=internet would contain the attribute pair inetDomainBaseDN: dc=siroe,dc=com,o=internet. The domain entry for dc=varrius,dc=org,o=internet would contain the attribute pair inetDomainBaseDN: dc=varrius,dc=org,o=internet.

Figure B-9    SIMS Directory Namespace