Hi, I have an old Netscape Directory Server version 4.1 (circa 2001) that I need to migrate to Fedora Directory Server, but I am confused as to the proper migration path. I''ve been reading the Red Hat DS install guides at http://www.redhat.com/docs/manuals/dir-server/ (as there doesn''t appear to be as a comprehensive guide for Fedora DS. The Redhat DS 8.0 guide says that migrating Netscape DS 4.x is not supported (only version 6 and above), so I read the Red Hat DS 6.0 install guide and it says that Netscape DS 4.x is indeed supported. So am I right to presume that a step-upgrade will be required, from my current version 4.x to 6.x and then to the current version 8.0? Also, what version of the Fedora-DS is equivalent to Red Hat DS 6.0? Thanks -Dave p.s. If somebody can tell me how to search this list''s archives that would be much appreciated!
solarflow99
2008-Oct-03 09:33 UTC
Re: [Fedora-directory-users] Migrating Netscape DS to FDS
how extensive is it, can you export/import to LDIF? On Fri, Oct 3, 2008 at 12:57 AM, Dave <dave@posthost.com> wrote:> > Hi, I have an old Netscape Directory Server version 4.1 (circa 2001) that > I need to migrate to Fedora Directory Server, but I am confused as to the > proper migration path. > > I''ve been reading the Red Hat DS install guides at > http://www.redhat.com/docs/manuals/dir-server/ (as there doesn''t appear > to be as a comprehensive guide for Fedora DS. > > The Redhat DS 8.0 guide says that migrating Netscape DS 4.x is not > supported (only version 6 and above), so I read the Red Hat DS 6.0 install > guide and it says that Netscape DS 4.x is indeed supported. > So am I right to presume that a step-upgrade will be required, from my > current version 4.x to 6.x and then to the current version 8.0? > > Also, what version of the Fedora-DS is equivalent to Red Hat DS 6.0? > Thanks -Dave > > p.s. If somebody can tell me how to search this list''s archives that would > be much appreciated! > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Marcelo N. Halpern
2008-Oct-03 14:55 UTC
Re: [Fedora-directory-users] Migrating Netscape DS to FDS
I think you will find the most trouble in o=NetscapeRoot. More than likely you will have to recreate acls, roles, replication agreements, etc. by hand. I''m sure the data in o=UserRoot will not be a big deal. You just have to keep in mind that schemas may have varied slightly. Certificates and keys will have to be imported/exported to the new server also. In all, i think you can go from Netscape 4.1 -> FDS 1.1.3 manually if you are well prepared. You can always bring up a cloned instance of Netscape 4.1 and try the step upgrade. solarflow99 wrote:> how extensive is it, can you export/import to LDIF? > > > > On Fri, Oct 3, 2008 at 12:57 AM, Dave <dave@posthost.com > <mailto:dave@posthost.com>> wrote: > > > Hi, I have an old Netscape Directory Server version 4.1 (circa > 2001) that I need to migrate to Fedora Directory Server, but I am > confused as to the proper migration path. > > I''ve been reading the Red Hat DS install guides at > http://www.redhat.com/docs/manuals/dir-server/ (as there doesn''t > appear to be as a comprehensive guide for Fedora DS. > > The Redhat DS 8.0 guide says that migrating Netscape DS 4.x is not > supported (only version 6 and above), so I read the Red Hat DS 6.0 > install guide and it says that Netscape DS 4.x is indeed supported. > So am I right to presume that a step-upgrade will be required, from > my current version 4.x to 6.x and then to the current version 8.0? > > Also, what version of the Fedora-DS is equivalent to Red Hat DS 6.0? > Thanks -Dave > > p.s. If somebody can tell me how to search this list''s archives that > would be much appreciated! > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >-- Marcelo Nicolás Halpern Systems Administrator Accoona Corporation T: +1-201-377-3424 B: +1-201-850-3135 aim:mnhxacna y!:mnhxacna msn:mnhxacna@hotmail.com
Rich Megginson
2008-Oct-03 15:20 UTC
Re: [Fedora-directory-users] Migrating Netscape DS to FDS
Dave wrote:> > Hi, I have an old Netscape Directory Server version 4.1 (circa 2001) > that I need to migrate to Fedora Directory Server, but I am confused > as to the proper migration path. > > I''ve been reading the Red Hat DS install guides at > http://www.redhat.com/docs/manuals/dir-server/ (as there doesn''t > appear to be as a comprehensive guide for Fedora DS.The Red Hat Guides are pretty good, but refer to the wiki for information about where the differ.> > The Redhat DS 8.0 guide says that migrating Netscape DS 4.x is not > supported (only version 6 and above), so I read the Red Hat DS 6.0 > install guide and it says that Netscape DS 4.x is indeed supported. > So am I right to presume that a step-upgrade will be required, from my > current version 4.x to 6.x and then to the current version 8.0?Yes. I hope you are a perl hacker . . . If you look here - http://cvs.fedoraproject.org/viewvc/ldapserver/ldap/admin/src/scripts/?hideattic=0&root=dirsec - you will see several dead migration scripts. The main one you want to start with is template-migrateTo5 - http://cvs.fedoraproject.org/viewvc/ldapserver/ldap/admin/src/scripts/template-migrateTo5?hideattic=0&revision=1.7&root=dirsec&view=markup - that file contains the code to convert the config and schema settings from the old style to the new ldif style.> > Also, what version of the Fedora-DS is equivalent to Red Hat DS 6.0?There isn''t one. The first version of Fedora DS was 7.1 which was essentially the same as Red Hat DS 7.1> Thanks -Dave > > p.s. If somebody can tell me how to search this list''s archives that > would be much appreciated! > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Edward Capriolo
2008-Oct-03 15:28 UTC
Re: [Fedora-directory-users] Migrating Netscape DS to FDS
Everyone here hit on the main points. The products are made from the same code base so usually you only face minor schema changes. If you directory is small you can usually use the ldapsearch and ldapmodify command line tools. Some entire corporate directories are less then 4000 entries and export in less then a second. They import in less then 1 minute. I suggest exporting the data using an ldapsearch and try to load it on a fresh system using ldapmodify/add. The tools will stop on a schema violation and you investigate why that particular object did not load. What you are facing now is similar to a situation you may face with an upgrade from mysql 3.0 upgrade to mysql 5.0. It might be hard to find an upgrade path from vendor documentation, but a plain old mysqldump/mysqlimport will likely work. As mentioned you may have to specifically deal with acls, roles, replication agreements- but you would likely want to add those by hand so you can audit them in the process.
Michael Ströder
2008-Oct-04 15:46 UTC
Re: [Fedora-directory-users] Migrating Netscape DS to FDS
Edward Capriolo wrote:> Everyone here hit on the main points. The products are made from the > same code base so usually you only face minor schema changes.Edward, please don''t take it personally but without knowing the original poster''s directory deployment you cannot assume only minor schema changes. I''ve setup Netscape DS 4.x deployments myself with massive schema changes.> If you > directory is small you can usually use the ldapsearch and ldapmodify > command line tools. Some entire corporate directories are less then > 4000 entries and export in less then a second. They import in less > then 1 minute.Using ldapsearch/ldapmodify for migration has the disadvantage of loosing the operational attributes. This might be ok for this migration but has to be considered carefully. I''d strongly recommend to export with db2ldif and sanitize the LDIF data if needed before doing an import. Without knowing further details detailed recommendations are hard to give. Ciao, Michael.
Hey everybody thanks for all the responses. I am new to this (if you couldn''t tell), but this is a relatively small directory installation of about 500 people in the database. There is also iPlanet messaging server, app server, and web server installed, but job is to migrate off those platforms onto open source so I am not too concerned about the config schema for those services. With respect to exporting/import an LDIF file, yes there are about 20 custom fields in the schema for varying types of data such as user preferences. This is one reason I was trying to avoid an import/export of LDIF as it would require some cleansing. The challenge of doing the step-upgrade now appears to be in finding version 6 iPlanet Directory Server to download somewhere... By the way, f anyone is willing to take a crack at this I''d be more than happy to compensate... I have a Red Hat test server set up with fedora-ds installed and an LDIF file containing a dump of the Netscape DS 4.1 server. About Ed''s comment about MySQL: I''ve never had so much trouble with SQL files as much as LDIF files... don''t SQL files usually have the data and schema right in the same file so everything can be done on a single import without much need for cleansing? Thanks again -Dave Edward Capriolo wrote:> Everyone here hit on the main points. The products are made from the > same code base so usually you only face minor schema changes. If you > directory is small you can usually use the ldapsearch and ldapmodify > command line tools. Some entire corporate directories are less then > 4000 entries and export in less then a second. They import in less > then 1 minute. > > I suggest exporting the data using an ldapsearch and try to load it on > a fresh system using ldapmodify/add. The tools will stop on a schema > violation and you investigate why that particular object did not load. > > What you are facing now is similar to a situation you may face with an > upgrade from mysql 3.0 upgrade to mysql 5.0. It might be hard to find > an upgrade path from vendor documentation, but a plain old > mysqldump/mysqlimport will likely work. As mentioned you may have to > specifically deal with acls, roles, replication agreements- but you > would likely want to add those by hand so you can audit them in the > process. > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Michael Ströder
2008-Oct-05 18:38 UTC
Re: [Fedora-directory-users] Migrating Netscape DS to FDS
Dave wrote:> With respect to exporting/import an LDIF file, yes there are about 20 > custom fields in the schema for varying types of data such as user > preferences. This is one reason I was trying to avoid an > import/export of LDIF as it would require some cleansing. The > challenge of doing the step-upgrade now appears to be in finding version > 6 iPlanet Directory Server to download somewhere... By the way, f > anyone is willing to take a crack at this I''d be more than happy to > compensate... I have a Red Hat test server set up with fedora-ds > installed and an LDIF file containing a dump of the Netscape DS 4.1 server.Still I''d recommend to directly migrate to FDS by bulk-importing the LDIF. If that does not work you can come to the mailing list for asking why it fails. Ciao, Michael.
OK exporting/importing the LDIF worked, but I had to do some sleuth work to determine the custom objects and attributes in the slapd.user_oc.conf slapd.user_at.conf respectively, then manually create these in the new server using the same object and attribute types. I suppose this is what the migration scripts would have done in version 6.0... not sure why they couldn''t do the same work in version 8.0. They build this software to last decades, but we''re supposed to discard it after a few years when the support discontinues? good grief. Thanks again to all who chimed in. cheers -Dave Michael Ströder wrote:> Dave wrote: > >> With respect to exporting/import an LDIF file, yes there are about 20 >> custom fields in the schema for varying types of data such as user >> preferences. This is one reason I was trying to avoid an >> import/export of LDIF as it would require some cleansing. The >> challenge of doing the step-upgrade now appears to be in finding version >> 6 iPlanet Directory Server to download somewhere... By the way, f >> anyone is willing to take a crack at this I''d be more than happy to >> compensate... I have a Red Hat test server set up with fedora-ds >> installed and an LDIF file containing a dump of the Netscape DS 4.1 server. >> > > Still I''d recommend to directly migrate to FDS by bulk-importing the > LDIF. If that does not work you can come to the mailing list for asking > why it fails. > > Ciao, Michael. > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >