Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 8. Migrating Directory Server 11 to Directory Server 12

Learn about migrating from Red Hat Directory Server 11 to 12, including tasks that you must perform before the migration begins.

Important

Red Hat supports migration only from Red Hat Directory Server 10 or 11 to version 12. To migrate Directory Server from earlier version, you must perform incremental migrations to Directory Server 10 or 11.

Red Hat does not support an in-place upgrade of Directory Server 10 or 11 servers to version 12 by using the leapp upgrade tool.

For migration, you can use one of the following ways:

  • If you have a replication topology, use the replication method.
  • If you have a disconnected topology without planned replication between Directory Server 10 and Directory Server 12, or if your database is more that 1 GB, use the export and import method.

8.1. Prerequisites
Copy link

  • The existing Directory Server installation runs on version 11 and has all available updates installed.
  • You installed a Directory Server 12 host and created an instance on the host.

In a replication topology, use the replication method to migrate to Directory Server 12.

Procedure

  1. On the Directory Server 12 host, enable replication, but do not create a replication agreement. For details about enabling replication, see the Configuring and managing replication documentation for Red Hat Directory Server 12.

  2. On the Directory Server 11 host, enable replication and create a replication agreement that points to the Directory Server 12 host. For more information, see the Multi-Supplier Replication section in the Red Hat Directory Server 11 Administrator Guide.

    Important

    If you used a custom configuration on the Directory Server 11 host, do not replace the dse.ldif configuration file on the Directory Server 12 host with the file from the Directory Server 11 host, because the dse.ldif layout changes between versions. Instead, use the dsconf utility or the web console to add the custom configuration for each parameter and plug-in that you require.

  3. Optional: Set up further Directory Server 12 hosts with replication agreements between Directory Server 12 hosts.
  4. Configure your clients to use only Directory Server 12 hosts.
  5. On the Directory Server 11 host, remove the replication agreements that point to Directory Server 12 host. See Removing a Directory Server Instance from the Replication Topology in the Red Hat Directory Server 11 Administration Guide.
  6. Uninstall the Directory Server 11 hosts. See Uninstalling Directory Server in the Red Hat Directory Server 11 Installation Guide.

Use the export and import method for migration in the following cases:

  • You have instances without replication.
  • Your database is more that 1 GB.

Procedure

  1. Perform the following steps on the existing Directory Server 11 host:

    1. Stop and disable the dirsrv service: 

      # dsctl DS11_instance_name stop
# systemctl disable dirsrv@DS11_instance_name
      Copy to Clipboard Toggle word wrap

    2. Export the backend. For example, to export the userRoot database and store it in the /var/lib/dirsrv/slapd-DS11_instance_name/migration.ldif file, run: 

      # dsctl DS11_instance_name db2ldif userroot /var/lib/dirsrv/slapd-DS11_instance_name/migration.ldif
      Copy to Clipboard Toggle word wrap

    3. Copy the following files to the new host where you want to install Directory Server 12:

      • The /var/lib/dirsrv/slapd-DS11_instance_name/migration.ldif file that you exported in the previous step.

      • The /etc/dirsrv/slapd-DS11_instance_name/dse.ldif configuration file.

        Important

        Do not replace the dse.ldif configuration file on the Directory Server 12 host with the file from the Directory Server 11 host because the dse.ldif layout changes different versions. Store the dse.ldif file for the reference.

      • The /etc/dirsrv/slapd-DS11_instance_name/schema/99user.ldif file, if you use a custom schema.

      • If you want to migrate an instance with TLS enabled and reuse the same host name for the Directory Server 12 installation, copy the following files to the new host:

        • /etc/dirsrv/slapd-DS11_instance_named/cert9.db
        • /etc/dirsrv/slapd-DS11_instance_name/key4.db
        • /etc/dirsrv/slapd-DS11_instance_name/pin.txt
    4. If you want to use the same host name and IP on the Directory Server 12 host, disconnect the old server from the network.

  2. Perform the following steps on the new Directory Server 12 host:

    1. Optional: Configure TLS encryption:

      • If the new installation uses a different host name than the Directory Server 11 instance, see the Enabling TLS-encrypted connections to Directory Server section in the Securing Red Hat Directory Server documentation.

      • To use the same host name as the previous Directory Server 11 installation:

        1. Stop the instance: 

          # dsctl DS12_instance_name stop
          Copy to Clipboard Toggle word wrap

        2. Remove the Network Security Services (NSS) databases and the password file for Directory Server, if they already exist: 

          # rm /etc/dirsrv/slapd-DS12_instance_name/cert*.db /etc/dirsrv/slapd-DS12_instance_name/key*.db /etc/dirsrv/slapd-DS12_instance_name/pin.txt
          Copy to Clipboard Toggle word wrap
        3. Place the cert9.db, key4.db, and pin.txt files that you copied from the Directory Server 11 host in the /etc/dirsrv/slapd-DS12_instance_name/ directory:

        4. Set the correct permissions for the NSS databases and the password file: 

          # chown dirsrv:root /etc/dirsrv/slapd-DS12_instance_name/cert9.db /etc/dirsrv/slapd-DS12_instance_name/key4.db /etc/dirsrv/slapd-DS12_instance_name/pin.txt

# chmod 600 /etc/dirsrv/slapd-DS12_instance_name/cert9.db /etc/dirsrv/slapd-DS12_instance_name/key4.db /etc/dirsrv/slapd-DS12_instance_name/pin.txt
          Copy to Clipboard Toggle word wrap

        5. Start the instance: 

          # dsctl DS12_instance_name start
          Copy to Clipboard Toggle word wrap

    2. If you used a custom schema, place the 99user.ldif file into the /etc/dirsrv/slapd-DS12_instance_name/schema/ directory, set appropriate permissions, and restart the instance: 

      # cp /etc/dirsrv/slapd-DS11_instance_name/schema/99user.ldif /etc/dirsrv/slapd-DS12_instance_name/schema/

# chmod 644 /etc/dirsrv/slapd-DS12_instance_name/schema/99user.ldif

# chown root:root /etc/dirsrv/slapd-DS12_instance_name/schema/99user.ldif

# dsctl DS12_instance_name restart
      Copy to Clipboard Toggle word wrap

    3. Place the /var/lib/dirsrv/slapd-DS11_instance_name/migration.ldif file that you copied from the Directory Server 11 host in the /var/lib/dirsrv/slapd-DS12_instance_name/ldif/ directory and set the correct permissions: 

      # cp /var/lib/dirsrv/slapd-DS11_instance_name/migration.ldif /var/lib/dirsrv/slapd-DS12_instance_name/ldif/

# chown dirsrv:dirsrv /var/lib/dirsrv/slapd-DS12_instance_name/ldif/migration.ldif
      Copy to Clipboard Toggle word wrap

    4. Import the migration.ldif file to restore the userRoot database with all entries: 

      # dsconf -D 'cn=Directory Manager' ldap://server.example.com backend import userRoot /var/lib/dirsrv/slapd-DS12_instance_name/ldif/migration.ldif
      Copy to Clipboard Toggle word wrap

      Note that Directory Server requires the LDIF file you want to import in the /var/lib/dirsrv/slapd-DS12_instance_name/ directory.

      Important

      If you used a custom configuration on the Directory Server 11 host, do not replace the dse.ldif configuration file on the Directory Server 12 host with the file from the Directory Server 11 host. Instead, use the dsconf utility or the web console to add the custom configuration manually for each parameter and plug-in that you require.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat