[Fedora-directory-users] How to migrate a server instance of NS directory 4.1 to FC ns directory 7.1?

Thu Sep 29 14:29:00 UTC 2005

Comments inline below

Jet Young wrote:

> Now I want to create a new server in Fedora Directory 7.1 with these 
> data. But I found some problems.
> 1.In NS directory 4.1, I only need to copy those files to the relative 
> directory and everything will be ok. But now, I can't find any files 
> named "sldap_user_at.conf" or "sladp_user_oc.conf".

Local schema is now in slapd-<instance>/config/schema/99user.ldif, and 
both objectclasses (slapd_user_oc.conf) and attributes 
(slapd_user_oc.conf) are in that file.  However, they are in a different 
format in 5.x+ than they were in 4.x. Attribute types changes as well 
(i.e. they don't call it cis, ces, etc.) Probably the easiest thing to 
do would be to go into the FDS console, and recreate the schema in the 
FDS server.  Be sure you use exactly the same names, and match up the 
old types with the new (i.e. cis is now directoryString, ces is 
IA5String, I believe).

> 2.The DB used in Fedora Directory 7.1 is version 4, but the db files I 
> backuped is version 2. I don't know if they are compatible.

If you still have the Netscape 4.x software around, I'd restore to that, 
then export the database to ldif.  Not only have the db files changed, 
but other db related things have changed as well - in 4.x, all ldap 
suffixes were in a common db, whereas starting with 5.x, the directory 
stored each suffix in a separate db, so more than just the db version 
has changed.  You can do one of the following to export from 4.x 
(assuming your suffix for users/groups is o=isp - change this to 
whatever is appropriate for your server):

1.  Use server tools to export to ldif:
cd /usr/netscape/server4/bin/slapd/server
./ns-slapd db2ldif -f 
/usr/netscape/server4/slapd-<inst>/config/slapd.conf -n -a 
/path/to/export.ldif -s "o=isp"

Replace <inst> with whatever you have.  You want to run the above, 
rather than just db2ldif, because db2ldif will export replication 
agreements, o=netscaperoot, etc into your ldif, which you don't want (if 
you overwrite or add to o=netscaperoot in FDS, you can really mess 
things up).  You really just want your user/group tree.

2.  Alternately, you can run
ldapsearch -D"cn=directory manager" -w <dm password> -b "o=isp" -L 
"objectclass=*" "aci" "*">/path/to/export.ldif

This assumes the Sun ldapsearch.  If you are running openldap's 
ldapsearch, use -x instead of -L.  Note that the search may not return 
operational attributes unless you specifically ask for them ("aci" "*" 
says to return the aci operational attribute as well as all normal 
attributes).  If you have password policies, you need to add those 
attributes (i.e. passwordexpirationtime, etc).

One you have the ldif, you should be able to import it into FDS 
(assuming you have created the same suffix in FDS), and it should be 
compatible (including ACI's, etc).

- Jeff