Chapter 6
Migration from Earlier Versions
This chapter is intended to provide a reference of the information migrated by the migrateInstance5 script. In the case of migration from a 4.x Directory Server to a 5.0 or 5.1 Directory Server, it describes the mapping of configuration parameters to configuration attributes and configuration entries in the new Directory Server.
In the case of an upgrade from Directory Server 5.0 to Directory Server 5.1, it describes which attributes are migrated automatically by the migration script, and which ones must be set manually.
For information on how to run the migrateInstance5 script, refer to the iPlanet Directory Server Installation Guide.
Migration from 4.x Directory Server to 5.0 or 5.1
In the Directory Server 4.x architecture, all configuration parameters were stored in text files. In iPlanet Directory Server 5.0 and 5.1, all configuration attributes are stored in LDAP configuration entries in the dse.ldif file.
This section describes the mapping of configuration parameters in Directory Server 4.1, 4.11, 4.12, and 4.13 to the corresponding LDAP configuration entries and attributes in iPlanet Directory Server 5.1.
Server Attributes
In Directory Server 4.1, 4.11, 4.12, and 4.13, configuration parameters are stored in the slapd.conf file under the /usr/netscape/server4/slapd-serverID directory.
The corresponding configuration attributes in iPlanet Directory Server 5.1 are stored in the cn=config entry. Table 6-1 shows the mapping of Directory Server 4.x configuration parameters to Directory Server 5.1 configuration attributes.
Table 6-1    Mapping of Legacy Server Parameters to Configuration Attributes
Legacy Configuration Parameter
|
iPlanet Directory Server Configuration Attribute
|
accesscontrol
|
nsslapd-accesscontrol
|
error-logging-enabled
|
nsslapd-error-logging-enabled
|
audit-logging-enabled
|
nsslapd-audit-logging-enabled
|
logbuffering
|
nsslapd-accesslog-buffering
|
accesslog-logexpirationtime
|
nsslapd-accesslog-logexpirationtime
|
accesslog-logexpirationtimeunit
|
nsslapd-accesslog-logexpirationtimeunit
|
accesslog-maxlogdiskspace
|
nsslapd-accesslog-logmaxdiskspace
|
accesslog-minfreediskspace
|
nsslapd-accesslog-minfreediskspace
|
accesslog-logrotationtime
|
nsslapd-accesslog-logrotationtime
|
accesslog-logrotationtimeunit
|
nsslapd-accesslog-logrotationtimeunit
|
accesslog-maxlogsize
|
nsslapd-accesslog-maxlogsize
|
accesslog-MaxNumOfLogsPerDir
|
nsslapd-accesslog-maxlogsperdir
|
auditlog-logexpirationtime
|
nsslapd-auditlog-logexpirationtime
|
auditlog-logexpirationtimeunit
|
nsslapd-auditlog-logexpirationtimeunit
|
auditlog-maxlogdiskspace
|
nsslapd-auditlog-logmaxdiskspace
|
auditlog-minfreediskspace
|
nsslapd-auditlog-minfreediskspace
|
auditlog-logrotationtime
|
nsslapd-auditlog-logrotationtime
|
auditlog-logrotationtimeunit
|
nsslapd-auditlog-logrotationtimeunit
|
auditlog-maxlogsize
|
nsslapd-auditlog-maxlogsize
|
auditlog-MaxNumOfLogsPerDir
|
nsslapd-auditlog-maxlogsperdir
|
certmap-basedn
|
nsslapd-certmap-basedn
|
enquote_sup_oc
|
nsslapd-enquote_sup_oc
|
loglevel
|
nsslapd-error-loglevel
|
errorlog-logexpirationtime
|
nsslapd-errorlog-logexpirationtime
|
errorlog-logexpirationtimeunit
|
nsslapd-errorlog-logexpirationtimeunit
|
errorlog-maxlogdiskspace
|
nsslapd-errorlog-logmaxdiskspace
|
errorlog-minfreediskspace
|
nsslapd-errorlog-logminfreediskspace
|
errorlog-logrotationtime
|
nsslapd-errorlog-logrotationtime
|
errorlog-logrotationtimeunit
|
nsslapd-errorlog-logrotationtimeunit
|
errorlog-maxlogsize
|
nsslapd-errorlog-maxlogsize
|
errorlog-maxlogsperdir
|
nsslapd-errorlog-maxlogsperdir
|
idletimeout
|
nsslapd-idletimeout
|
ioblocktimeout
|
nsslapd-ioblocktimeout
|
lastmod
|
nsslapd-ioblocktimeout
|
listenhost
|
nsslapd-listenhost
|
maxdescriptors
|
nsslapd-maxdescriptors
|
NOTHING
|
nsslapd-depends-on-named
|
NOTHING
|
nsslapd-depends-on-type
|
referral
|
nsslapd-referral
|
reservedescriptors
|
nsslapd-reservedescriptors
|
rootpwstoragescheme
|
nsslapd-rootpwstoragescheme
|
schemacheck
|
nsslapd-schemacheck
|
secure-port
|
nsslapd-securePort
|
security
|
nsslapd-security
|
sizelimit
|
nsslapd-sizelimit
|
SSL3ciphers
|
nsslapd-SSL3ciphers
|
timelimit
|
nsslapd-timelimit
|
pw_change
|
passwordChange
|
pw_syntax
|
passwordCheckSyntax
|
pw_exp
|
passwordExp
|
pw_history
|
passwordHistory
|
pw_inhistory
|
passwordinHistory
|
pw_lockout
|
passwordLockout
|
pw_lockduration
|
passwordLockoutDuration
|
pw_maxage
|
passwordMaxAge
|
pw_maxfailure
|
passwordMaxFailure
|
pw_minage
|
passwordMinAge
|
pw_minlength
|
passwordMinLength
|
pw_must_change
|
passwordMustChange
|
pw_reset_failurecount
|
passwordResetFailureCount
|
pw_storagescheme
|
passwordStorageScheme
|
pw_unlock
|
passwordUnlock
|
pw_warning
|
passwordWarning
|
localhost
|
nsslapd-localhost
|
localuser
|
nsslapd-localuser
|
port
|
nsslapd-port
|
rootdn
|
nsslapd-rootdn
|
rootpw
|
nsslapd-rootpw
|
accesslog
|
nsslapd-accesslog
|
accesslog-level
|
nsslapd-accesslog-level
|
auditfile
|
nsslapd-auditlog
|
errorlog
|
nsslapd-errorlog
|
instancedir
|
nsslapd-instancedir
|
maxbersize
|
nsslapd-maxbersize
|
nagle
|
nsslapd-nagle
|
result_tweak
|
nsslapd-result_tweak
|
return_exact_case
|
nsslapd-return_exact_case
|
threadnumber
|
nsslapd-threadnumber
|
maxthreadsperconn
|
maxthreadsperconn
|
Database Attributes
In Directory Server 4.1, 4.11, 4.12, and 4.13, database parameters are stored in the slapd.ldbm.conf file under the /usr/netscape/server4/slapd-serverID directory.
Because one instance of iPlanet Directory Server 5.0 or 5.1 can manage several databases, the corresponding attributes in iPlanet Directory Server 5.0 or 5.1 are stored in a general entry for all databases (cn=config,cn=ldbm database,cn=plugins,cn=config), or in an entry specific to a particular database, of the form cn=database instance name,cn=ldbm database,cn=config.
Table 6-2 shows the mapping of general database configuration parameters between Directory Server 4.x and Directory Server 5.0 or 5.1. Table 6-3 shows the mapping of database-specific parameters between Directory Server 4.x and Directory Server5.0 or 5.1.
Table 6-2    Mapping of Legacy Database Parameters to Configuration Attributes (general)
Legacy Configuration Parameter
|
iPlanet Directory Server Configuration Attribute
|
allidthreshold
|
nsslapd-allidthreshold
|
lookthroughlimit
|
nsslapd-lookthroughlimit
|
mode
|
nsslapd-mode
|
dbcachesize
|
nsslapd-dbcachesize
|
database
|
OBSOLETE (used to specify database type)
|
Table 6-3    Mapping of Legacy Database Parameters to Configuration Attributes (database-specific)
Legacy Configuration Parameter
|
iPlanet Directory Server Configuration Attribute
|
cachesize
|
nsslapd-cachesize
|
readonly
|
nsslapd-readonly
|
directory
|
nsslapd-directory
|
Upgrade from Directory Server 5.0 to 5.1
In Directory Server 5.0 and 5.1, configuration information is stored in the same way. This section explains which configuration attributes are automatically migrated by the migrateInstance5 script, and which ones are not. Attributes which are not automatically migrated are either configured during the installation process for the new Directory Server, or need to be configured manually for security reasons after the initial set up.
General Server Configuration Attributes
Table 6-4 lists the configuration attributes stored in the cn=config entry that are automatically migrated when you run the migrateInstance5 script.
Table 6-5 lists the configuration attributes stored in the cn=config entry that are not automatically migrated when you run the migrateInstance5 script. Attributes that are not automatically migrated are either configured during the installation process for the new Directory Server, or need to be configured manually. The reason for not migrating an attribute is stated in the table.
Table 6-4    Attributes in cn=config Automatically Migrated
nsslapd-accesscontrol
|
nsslapd-errorlog-logging-enabled
|
nsslapd-accesslog-logging-enabled
|
nsslapd-auditlog-logging-enabled
|
nsslapd-accesslog-level
|
nsslapd-accesslog-logbuffering
|
nsslapd-accesslog-logexpirationtime
|
nsslapd-accesslog-logexpirationtimeunit
|
nsslapd-accesslog-logmaxdiskspace
|
nsslapd-accesslog-logminfreediskspace
|
nsslapd-accesslog-logrotationtime
|
nsslapd-accesslog-logrotationtimeunit
|
nsslapd-accesslog-maxlogsize
|
nsslapd-accesslog-maxlogsperdir
|
nsslapd-attribute_name_exceptions
|
nsslapd-auditlog-logexpirationtime
|
nsslapd-auditlog-logexpirationtimeunit
|
nsslapd-auditlog-logmaxdiskspace
|
nsslapd-auditlog-logminfreediskspace
|
nsslapd-auditlog-logrotationtime
|
nsslapd-auditlog-logrotationtimeunit
|
nsslapd-auditlog-maxlogsize
|
nsslapd-auditlog-maxlogsperdir
|
nsslapd-certmap-basedn
|
nsslapd-ds4-compatible-schema
|
nsslapd-enquote_sup_oc
|
nsslapd-errorlog-level
|
nsslapd-errorlog-logexpirationtime
|
nsslapd-errorlog-logexpirationtimeunit
|
nsslapd-errorlog-logmaxdiskspace
|
nsslapd-errorlog-logminfreediskspace
|
nsslapd-errorlog-logrotationtime
|
nsslapd-errorlog-logrotationtimeunit
|
nsslapd-errorlog-maxlogsize
|
nsslapd-errorlog-maxlogsperdir
|
nsslapd-groupevalnestlevel
|
nsslapd-idletimeout
|
nsslapd-ioblocktimeout
|
nsslapd-lastmod
|
nsslapd-listenhost
|
nsslapd-maxdescriptors (Not applicable on NT and AIX platforms)
|
nsslapd-nagle
|
nsslapd-readonly
|
nsslapd-referralmode
|
nsslapd-plugin-depends-on-name
|
nsslapd-plugin-depends-on-type
|
nsslapd-referral
|
nsslapd-reservedescriptors (Not applicable on NT and AIX platforms)
|
nsslapd-rootpwstoragescheme
|
nsslapd-schemacheck
|
nsslapd-securePort
|
nsslapd-security
|
nsslapd-sizelimit
|
nsslapd-SSL3ciphers
|
nsslapd-timelimit
|
passwordChange
|
passwordCheckSyntax
|
passwordExp
|
passwordExpirationTime
|
passwordHistory
|
passwordInHistory
|
passwordLockout
|
passwordLockoutDuration
|
passwordMaxAge
|
passwordMaxFailure
|
passwordMinAge
|
passwordMinLength
|
passwordMustChange
|
passwordResetFailureCount
|
passwordStorageScheme
|
passwordUnlock
|
passwordWarning
|
Table 6-5    Attributes in cn=config not Migrated
Attribute Name
|
Reason for not Migrating Automatically
|
nsslapd-localhost
|
Already set up.
|
nsslapd-localuser
|
Configured during the installation process.
|
nsslapd-port
|
Configured during the installation process.
|
nsslapd-rootdn
|
Configured during the installation process.
|
nsslapd-rootpw
|
Configured during the installation process.
|
nsslapd-accesslog
|
Path name to the log that records database access. It is set up during installation.
|
nsslapd-accesslog-list
|
Read-only attribute.
|
nsslapd-auditlog
|
Path name to the log that records changes made to the directory database. It is set up during installation.
|
nsslapd-accesslog-level
|
Read-only attribute.
|
nsslapd-errorlog
|
Path name to the log that records error messages generated by Directory Server. It is set up during installation.
|
nsslapd-errorlog-list
|
Read-only attribute.
|
nsslapd-instancedir
|
Configured during the installation process.
|
nsslapd-maxbersize
|
Do not change the value of this attribute unless told to do so by iPlanet technical staff.
|
nsslapd-plug-in
|
|
nsslapd-result-tweak
|
Reserved for future use. Do not change or remove. Doing so can have unpredictable results
|
nsslapd-return-exact-case
|
Do not modify unless you have legacy client applications that can check the case of attribute names in results returned from the server.
|
nsslapd-threadnumber
|
This attribute is not available from the Directory Server Console.
|
nsslapd-maxthreadsperconn
|
This attribute corresponds to a system parameter.
|
Database Attributes
All general database configuration attributes are automatically migrated. These attributes are stored in the entry cn=config,cn=ldbm database, cn=plugins,cn=config, and are listed in Table 6-6.
Database-specific attributes are stored in entries of the form cn=database instance name,cn=ldbm database,cn=config. The attributes that are migrated are listed in Table 6-7, the ones that are not migrated are listed in Table 6-8.
Table 6-6    General Database Attributes Automatically Migrated
nsslapd-allidthreshold
|
nsslapd-lookthroughlimit
|
nsslapd-mode
|
nsslapd-dbcachesize
|
nsslapd-cache-autosize
|
nsslapd-cache-autosize-split
|
nsslapd-db-transaction-logging
|
Table 6-7    Database-Specific Attributes Automatically Migrated
nsslapd-cachesize
|
nsslapd-cachememsize
|
nsslapd-readonly
|
nsslapd-require-index
|
Table 6-8    Database-Specific Attributes not Migrated
Attribute Name
|
Reason for not Migrating Automatically
|
nsslapd-directory
|
Set up automatically during installation.
|
nsslapd-db-logdirectory
|
Set up automatically during installation.
|
nsslapd-db-checkpoint-interval
|
This attribute is provided only for system modification/diagnostics and should be changed only under guidance from iPlanet technical staff. Inconsistent settings of this attribute might cause Directory Server crashes.
|
nsslapd-db-durable-transactions
|
This attribute is provided only for system modification/diagnostics and should be changed only under guidance from iPlanet technical staff. Inconsistent settings of this attribute might cause Directory Server crashes.
|
nsslapd-db-home-directory
|
If you have several directory servers running on the same machine, the value of this attribute must be different for each instance of the directory server. Therefore, it needs to be configured manually.
|
Database Link Attributes
All database link configuration attributes are automatically migrated. Table 6-9 lists the configuration attributes that are common to all database links. These attributes are stored in the entry cn=config, cn=chaining database, cn=plugins, cn=config.
Table 6-10 lists the configuration attributes for a default instance of a database link. These attributes are stored in the entry cn=default instance config, cn=chaining database, cn=plugins, cn=config.
Table 6-9    General Database Link Attributes Automatically Migrated
nsActivechainingComponents
|
nsTransmittedControls
|
Table 6-10    Default Instance Database Link Attributes Automatically Migrated
nsAbandonedSearchCheckInterval
|
nsBindConnectionsLimit
|
nsBindTimeout
|
nsBindRetryLimit
|
nsHopLimit
|
nsmaxresponsedelay
|
nsmaxtestresponsedelay
|
nsCheckLocalACI
|
nsConcurrentBindLimit
|
nsConcurrentOperationsLimit
|
nsConnectionLife
|
nsOperationConnectionslimit
|
nsProxiedAuthorization
|
nsReferralOnScopedSearch
|
nsslapd-sizelimit
|
nsslapd-timelimit
|
SNMP Attributes
All SNMP configuration attributes are automatically migrated. These attributes are stored in the entry cn=SNMP,cn=config, and are listed in Table 6-11.
Table 6-11    SNMP Attributes Automatically Migrated
nssnmpenabled
|
nssnmporganization
|
nssnmplocation
|
nssnmpcontact
|
nssnmpdescription
|
nssnmpmasterhost
|
nssnmpmasterport
|