Chapter 6   Migration from Earlier Versions


This chapter is intended to provide a reference of the information migrated by the migrateInstance5 script. In the case of migration from a 4.x Directory Server to a 5.0 or 5.1 Directory Server, it describes the mapping of configuration parameters to configuration attributes and configuration entries in the new Directory Server.

In the case of an upgrade from Directory Server 5.0 to Directory Server 5.1, it describes which attributes are migrated automatically by the migration script, and which ones must be set manually.

For information on how to run the migrateInstance5 script, refer to the iPlanet Directory Server Installation Guide.

Migration from 4.x Directory Server to 5.0 or 5.1

---

In the Directory Server 4.x architecture, all configuration parameters were stored in text files. In iPlanet Directory Server 5.0 and 5.1, all configuration attributes are stored in LDAP configuration entries in the dse.ldif file.

This section describes the mapping of configuration parameters in Directory Server 4.1, 4.11, 4.12, and 4.13 to the corresponding LDAP configuration entries and attributes in iPlanet Directory Server 5.1.

Server Attributes

In Directory Server 4.1, 4.11, 4.12, and 4.13, configuration parameters are stored in the slapd.conf file under the /usr/netscape/server4/slapd-serverID directory.

The corresponding configuration attributes in iPlanet Directory Server 5.1 are stored in the cn=config entry. Table 6-1 shows the mapping of Directory Server 4.x configuration parameters to Directory Server 5.1 configuration attributes.

Table 6-1    Mapping of Legacy Server Parameters to Configuration Attributes  

Legacy Configuration Parameter	iPlanet Directory Server Configuration Attribute
accesscontrol	nsslapd-accesscontrol
error-logging-enabled	nsslapd-error-logging-enabled
audit-logging-enabled	nsslapd-audit-logging-enabled
logbuffering	nsslapd-accesslog-buffering
accesslog-logexpirationtime	nsslapd-accesslog-logexpirationtime
accesslog-logexpirationtimeunit	nsslapd-accesslog-logexpirationtimeunit
accesslog-maxlogdiskspace	nsslapd-accesslog-logmaxdiskspace
accesslog-minfreediskspace	nsslapd-accesslog-minfreediskspace
accesslog-logrotationtime	nsslapd-accesslog-logrotationtime
accesslog-logrotationtimeunit	nsslapd-accesslog-logrotationtimeunit
accesslog-maxlogsize	nsslapd-accesslog-maxlogsize
accesslog-MaxNumOfLogsPerDir	nsslapd-accesslog-maxlogsperdir
auditlog-logexpirationtime	nsslapd-auditlog-logexpirationtime
auditlog-logexpirationtimeunit	nsslapd-auditlog-logexpirationtimeunit
auditlog-maxlogdiskspace	nsslapd-auditlog-logmaxdiskspace
auditlog-minfreediskspace	nsslapd-auditlog-minfreediskspace
auditlog-logrotationtime	nsslapd-auditlog-logrotationtime
auditlog-logrotationtimeunit	nsslapd-auditlog-logrotationtimeunit
auditlog-maxlogsize	nsslapd-auditlog-maxlogsize
auditlog-MaxNumOfLogsPerDir	nsslapd-auditlog-maxlogsperdir
certmap-basedn	nsslapd-certmap-basedn
enquote_sup_oc	nsslapd-enquote_sup_oc
loglevel	nsslapd-error-loglevel
errorlog-logexpirationtime	nsslapd-errorlog-logexpirationtime
errorlog-logexpirationtimeunit	nsslapd-errorlog-logexpirationtimeunit
errorlog-maxlogdiskspace	nsslapd-errorlog-logmaxdiskspace
errorlog-minfreediskspace	nsslapd-errorlog-logminfreediskspace
errorlog-logrotationtime	nsslapd-errorlog-logrotationtime
errorlog-logrotationtimeunit	nsslapd-errorlog-logrotationtimeunit
errorlog-maxlogsize	nsslapd-errorlog-maxlogsize
errorlog-maxlogsperdir	nsslapd-errorlog-maxlogsperdir
idletimeout	nsslapd-idletimeout
ioblocktimeout	nsslapd-ioblocktimeout
lastmod	nsslapd-ioblocktimeout
listenhost	nsslapd-listenhost
maxdescriptors	nsslapd-maxdescriptors
NOTHING	nsslapd-depends-on-named
NOTHING	nsslapd-depends-on-type
referral	nsslapd-referral
reservedescriptors	nsslapd-reservedescriptors
rootpwstoragescheme	nsslapd-rootpwstoragescheme
schemacheck	nsslapd-schemacheck
secure-port	nsslapd-securePort
security	nsslapd-security
sizelimit	nsslapd-sizelimit
SSL3ciphers	nsslapd-SSL3ciphers
timelimit	nsslapd-timelimit
pw_change	passwordChange
pw_syntax	passwordCheckSyntax
pw_exp	passwordExp
pw_history	passwordHistory
pw_inhistory	passwordinHistory
pw_lockout	passwordLockout
pw_lockduration	passwordLockoutDuration
pw_maxage	passwordMaxAge
pw_maxfailure	passwordMaxFailure
pw_minage	passwordMinAge
pw_minlength	passwordMinLength
pw_must_change	passwordMustChange
pw_reset_failurecount	passwordResetFailureCount
pw_storagescheme	passwordStorageScheme
pw_unlock	passwordUnlock
pw_warning	passwordWarning
localhost	nsslapd-localhost
localuser	nsslapd-localuser
port	nsslapd-port
rootdn	nsslapd-rootdn
rootpw	nsslapd-rootpw
accesslog	nsslapd-accesslog
accesslog-level	nsslapd-accesslog-level
auditfile	nsslapd-auditlog
errorlog	nsslapd-errorlog
instancedir	nsslapd-instancedir
maxbersize	nsslapd-maxbersize
nagle	nsslapd-nagle
result_tweak	nsslapd-result_tweak
return_exact_case	nsslapd-return_exact_case
threadnumber	nsslapd-threadnumber
maxthreadsperconn	maxthreadsperconn

Database Attributes

In Directory Server 4.1, 4.11, 4.12, and 4.13, database parameters are stored in the slapd.ldbm.conf file under the /usr/netscape/server4/slapd-serverID directory.

Because one instance of iPlanet Directory Server 5.0 or 5.1 can manage several databases, the corresponding attributes in iPlanet Directory Server 5.0 or 5.1 are stored in a general entry for all databases (cn=config,cn=ldbm database,cn=plugins,cn=config), or in an entry specific to a particular database, of the form cn=database instance name,cn=ldbm database,cn=config.

Table 6-2 shows the mapping of general database configuration parameters between Directory Server 4.x and Directory Server 5.0 or 5.1. Table 6-3 shows the mapping of database-specific parameters between Directory Server 4.x and Directory Server5.0 or 5.1.

Table 6-2    Mapping of Legacy Database Parameters to Configuration Attributes (general)

Legacy Configuration Parameter	iPlanet Directory Server Configuration Attribute
allidthreshold	nsslapd-allidthreshold
lookthroughlimit	nsslapd-lookthroughlimit
mode	nsslapd-mode
dbcachesize	nsslapd-dbcachesize
database	OBSOLETE (used to specify database type)

Table 6-3    Mapping of Legacy Database Parameters to Configuration Attributes (database-specific)

Legacy Configuration Parameter	iPlanet Directory Server Configuration Attribute
cachesize	nsslapd-cachesize
readonly	nsslapd-readonly
directory	nsslapd-directory

Upgrade from Directory Server 5.0 to 5.1

---

In Directory Server 5.0 and 5.1, configuration information is stored in the same way. This section explains which configuration attributes are automatically migrated by the migrateInstance5 script, and which ones are not. Attributes which are not automatically migrated are either configured during the installation process for the new Directory Server, or need to be configured manually for security reasons after the initial set up.

General Server Configuration Attributes

Table 6-4 lists the configuration attributes stored in the cn=config entry that are automatically migrated when you run the migrateInstance5 script.

Table 6-5 lists the configuration attributes stored in the cn=config entry that are not automatically migrated when you run the migrateInstance5 script. Attributes that are not automatically migrated are either configured during the installation process for the new Directory Server, or need to be configured manually. The reason for not migrating an attribute is stated in the table.

Table 6-4    Attributes in cn=config Automatically Migrated

nsslapd-accesscontrol

nsslapd-errorlog-logging-enabled

nsslapd-accesslog-logging-enabled

nsslapd-auditlog-logging-enabled

nsslapd-accesslog-level

nsslapd-accesslog-logbuffering

nsslapd-accesslog-logexpirationtime

nsslapd-accesslog-logexpirationtimeunit

nsslapd-accesslog-logmaxdiskspace

nsslapd-accesslog-logminfreediskspace

nsslapd-accesslog-logrotationtime

nsslapd-accesslog-logrotationtimeunit

nsslapd-accesslog-maxlogsize

nsslapd-accesslog-maxlogsperdir

nsslapd-attribute_name_exceptions

nsslapd-auditlog-logexpirationtime

nsslapd-auditlog-logexpirationtimeunit

nsslapd-auditlog-logmaxdiskspace

nsslapd-auditlog-logminfreediskspace

nsslapd-auditlog-logrotationtime

nsslapd-auditlog-logrotationtimeunit

nsslapd-auditlog-maxlogsize

nsslapd-auditlog-maxlogsperdir

nsslapd-certmap-basedn

nsslapd-ds4-compatible-schema

nsslapd-enquote_sup_oc

nsslapd-errorlog-level

nsslapd-errorlog-logexpirationtime

nsslapd-errorlog-logexpirationtimeunit

nsslapd-errorlog-logmaxdiskspace

nsslapd-errorlog-logminfreediskspace

nsslapd-errorlog-logrotationtime

nsslapd-errorlog-logrotationtimeunit

nsslapd-errorlog-maxlogsize

nsslapd-errorlog-maxlogsperdir

nsslapd-groupevalnestlevel

nsslapd-idletimeout

nsslapd-ioblocktimeout

nsslapd-lastmod

nsslapd-listenhost

nsslapd-maxdescriptors (Not applicable on NT and AIX platforms)

nsslapd-nagle

nsslapd-readonly

nsslapd-referralmode

nsslapd-plugin-depends-on-name

nsslapd-plugin-depends-on-type

nsslapd-referral

nsslapd-reservedescriptors (Not applicable on NT and AIX platforms)

nsslapd-rootpwstoragescheme

nsslapd-schemacheck

nsslapd-securePort

nsslapd-security

nsslapd-sizelimit

nsslapd-SSL3ciphers

nsslapd-timelimit

passwordChange

passwordCheckSyntax

passwordExp

passwordExpirationTime

passwordHistory

passwordInHistory

passwordLockout

passwordLockoutDuration

passwordMaxAge

passwordMaxFailure

passwordMinAge

passwordMinLength

passwordMustChange

passwordResetFailureCount

passwordStorageScheme

passwordUnlock

passwordWarning

Table 6-5    Attributes in cn=config not Migrated

Attribute Name	Reason for not Migrating Automatically
nsslapd-localhost	Already set up.
nsslapd-localuser	Configured during the installation process.
nsslapd-port	Configured during the installation process.
nsslapd-rootdn	Configured during the installation process.
nsslapd-rootpw	Configured during the installation process.
nsslapd-accesslog	Path name to the log that records database access. It is set up during installation.
nsslapd-accesslog-list	Read-only attribute.
nsslapd-auditlog	Path name to the log that records changes made to the directory database. It is set up during installation.
nsslapd-accesslog-level	Read-only attribute.
nsslapd-errorlog	Path name to the log that records error messages generated by Directory Server. It is set up during installation.
nsslapd-errorlog-list	Read-only attribute.
nsslapd-instancedir	Configured during the installation process.
nsslapd-maxbersize	Do not change the value of this attribute unless told to do so by iPlanet technical staff.
nsslapd-plug-in
nsslapd-result-tweak	Reserved for future use. Do not change or remove. Doing so can have unpredictable results
nsslapd-return-exact-case	Do not modify unless you have legacy client applications that can check the case of attribute names in results returned from the server.
nsslapd-threadnumber	This attribute is not available from the Directory Server Console.
nsslapd-maxthreadsperconn	This attribute corresponds to a system parameter.

Database Attributes

All general database configuration attributes are automatically migrated. These attributes are stored in the entry cn=config,cn=ldbm database, cn=plugins,cn=config, and are listed in Table 6-6.

Database-specific attributes are stored in entries of the form cn=database instance name,cn=ldbm database,cn=config. The attributes that are migrated are listed in Table 6-7, the ones that are not migrated are listed in Table 6-8.

Table 6-6    General Database Attributes Automatically Migrated

nsslapd-allidthreshold

nsslapd-lookthroughlimit

nsslapd-mode

nsslapd-dbcachesize

nsslapd-cache-autosize

nsslapd-cache-autosize-split

nsslapd-db-transaction-logging

Table 6-7    Database-Specific Attributes Automatically Migrated

nsslapd-cachesize

nsslapd-cachememsize

nsslapd-readonly

nsslapd-require-index

Table 6-8    Database-Specific Attributes not Migrated

Attribute Name	Reason for not Migrating Automatically
nsslapd-directory	Set up automatically during installation.
nsslapd-db-logdirectory	Set up automatically during installation.
nsslapd-db-checkpoint-interval	This attribute is provided only for system modification/diagnostics and should be changed only under guidance from iPlanet technical staff. Inconsistent settings of this attribute might cause Directory Server crashes.
nsslapd-db-durable-transactions	This attribute is provided only for system modification/diagnostics and should be changed only under guidance from iPlanet technical staff. Inconsistent settings of this attribute might cause Directory Server crashes.
nsslapd-db-home-directory	If you have several directory servers running on the same machine, the value of this attribute must be different for each instance of the directory server. Therefore, it needs to be configured manually.

Database Link Attributes

All database link configuration attributes are automatically migrated. Table 6-9 lists the configuration attributes that are common to all database links. These attributes are stored in the entry cn=config, cn=chaining database, cn=plugins, cn=config.

Table 6-10 lists the configuration attributes for a default instance of a database link. These attributes are stored in the entry cn=default instance config, cn=chaining database, cn=plugins, cn=config.

Table 6-9    General Database Link Attributes Automatically Migrated

nsActivechainingComponents

nsTransmittedControls

Table 6-10    Default Instance Database Link Attributes Automatically Migrated

nsAbandonedSearchCheckInterval

nsBindConnectionsLimit

nsBindTimeout

nsBindRetryLimit

nsHopLimit

nsmaxresponsedelay

nsmaxtestresponsedelay

nsCheckLocalACI

nsConcurrentBindLimit

nsConcurrentOperationsLimit

nsConnectionLife

nsOperationConnectionslimit

nsProxiedAuthorization

nsReferralOnScopedSearch

nsslapd-sizelimit

nsslapd-timelimit

SNMP Attributes

All SNMP configuration attributes are automatically migrated. These attributes are stored in the entry cn=SNMP,cn=config, and are listed in Table 6-11.

Table 6-11    SNMP Attributes Automatically Migrated

nssnmpenabled

nssnmporganization

nssnmplocation

nssnmpcontact

nssnmpdescription

nssnmpmasterhost

nssnmpmasterport