Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 9. Migrating Directory Server 11 to Directory Server 13

Learn about migrating from Red Hat Directory Server 11 to version 13, including tasks that you must perform before the migration begins.

Important

Red Hat supports migration only from Red Hat Directory Server 10, 11, 12 to version 13. To migrate Directory Server from an earlier version, you must perform incremental migrations to Directory Server 10 or 11.

Red Hat does not support an in-place upgrade of Directory Server 10 or 11 servers to version 13 by using the leapp upgrade tool.

For migration, you can use one of the following ways:

  • If you have a replication topology, use the replication method.
  • If you have a disconnected topology without planned replication between Directory Server 11 and Directory Server 13, or if your database is more that 1 GB, use the export and import method.

9.1. Prerequisites
Copy link

  • The existing Directory Server installation runs on version 11 and has all available updates installed.
  • You installed a Directory Server 13 host and created an instance on the host.

In a replication topology, use the replication method to migrate to Directory Server 13.

Procedure

  1. On the Directory Server 13 host, enable replication, but do not create a replication agreement. For details about enabling replication, see the Configuring and managing replication documentation for Red Hat Directory Server 13.

  2. On the Directory Server 11 host, enable replication and create a replication agreement that points to the Directory Server 13 host. For more information, see the Multi-Supplier Replication section in the Red Hat Directory Server 11 Administrator Guide.

    Important

    If you used a custom configuration on the Directory Server 11 host, do not replace the dse.ldif configuration file on the Directory Server 13 host with the file from the Directory Server 11 host, because the dse.ldif layout changes between versions. Instead, use the dsconf utility or the web console to add the custom configuration for each parameter and plug-in that you require.

  3. Optional: Set up further Directory Server 13 hosts with replication agreements between Directory Server 13 hosts.
  4. Configure your clients to use only Directory Server 13 hosts.
  5. On the Directory Server 11 host, remove the replication agreements that point to the Directory Server 13 host. See Removing a Directory Server Instance from the Replication Topology in the Red Hat Directory Server 11 Administration Guide.
  6. Uninstall the Directory Server 11 hosts. See Uninstalling Directory Server in the Red Hat Directory Server 11 Installation Guide.

Use the export and import method for migration in the following cases:

  • You have instances without replication.
  • Your database is more that 1 GB.

Procedure

  1. Perform the following steps on the existing Directory Server 11 host:

    1. Stop and disable the dirsrv service: 

      # dsctl <ds_11_instance_name> stop
# systemctl disable dirsrv@<ds_11_instance_name>

    2. Export the backend. For example, to export the userRoot database and store it in the /var/lib/dirsrv/slapd-<ds_11_instance_name>/migration.ldif file, run: 

      # dsctl <ds_11_instance_name> db2ldif userroot /var/lib/dirsrv/slapd-<ds_11_instance_name>/migration.ldif

    3. Copy the following files to the new host where you want to install Directory Server 13:

      • The /var/lib/dirsrv/slapd-<ds_11_instance_name>/migration.ldif file that you exported in the previous step.

      • The /etc/dirsrv/slapd-<ds_11_instance_name>/dse.ldif configuration file.

        Important

        Do not replace the dse.ldif configuration file on the Directory Server 13 host with the file from the Directory Server 11 host because the dse.ldif layout changes different versions. Store the dse.ldif file for the reference.

      • The /etc/dirsrv/slapd-<ds_11_instance_name>/schema/99user.ldif file, if you use a custom schema.

      • If you want to migrate an instance with TLS enabled and reuse the same host name for the Directory Server 13 installation, copy the following files to the new host:

        • /etc/dirsrv/slapd-<ds_11_instance_name>/cert9.db
        • /etc/dirsrv/slapd-<ds_11_instance_name>/key4.db
        • /etc/dirsrv/slapd-<ds_11_instance_name>/pin.txt
    4. If you want to use the same host name and IP on the Directory Server 13 host, disconnect the old server from the network.

  2. Perform the following steps on the new Directory Server 13 host:

    1. Optional: Configure TLS encryption:

      • If the new installation uses a different host name than the Directory Server 11 instance, see the Enabling TLS-encrypted connections to Directory Server section in the Red Hat Directory Server Security and access control documentation.

      • To use the same host name as the previous Directory Server 11 installation:

        1. Stop the instance: 

          # dsctl <ds_13_instance_name> stop

        2. Remove the Network Security Services (NSS) databases and the password file for Directory Server, if they already exist: 

          # rm /etc/dirsrv/slapd-<ds_13_instance_name>/cert*.db \
/etc/dirsrv/slapd-<ds_13_instance_name>/key*.db \
/etc/dirsrv/slapd-<ds_13_instance_name>/pin.txt
        3. Place the cert9.db, key4.db, and pin.txt files that you copied from the Directory Server 11 host in the /etc/dirsrv/slapd-<ds_13_instance_name>/ directory:

        4. Set the correct permissions for the NSS databases and the password file: 

          # chown dirsrv:root /etc/dirsrv/slapd-<ds_13_instance_name>/cert9.db \
/etc/dirsrv/slapd-<ds_13_instance_name>/key4.db \
/etc/dirsrv/slapd-<ds_13_instance_name>/pin.txt

# chmod 600 /etc/dirsrv/slapd-<ds_13_instance_name>/cert9.db \
/etc/dirsrv/slapd-<ds_13_instance_name>/key4.db \
/etc/dirsrv/slapd-<ds_13_instance_name>/pin.txt

        5. Start the instance: 

          # dsctl <ds_13_instance_name> start

    2. If you used a custom schema, place the 99user.ldif file into the /etc/dirsrv/slapd-<ds_13_instance_name>/schema/ directory, set appropriate permissions, and restart the instance: 

      # cp /etc/dirsrv/slapd-<ds_11_instance_name>/schema/99user.ldif /etc/dirsrv/slapd-<ds_13_instance_name>/schema/

# chmod 644 /etc/dirsrv/slapd-<ds_13_instance_name>/schema/99user.ldif

# chown root:root /etc/dirsrv/slapd-<ds_13_instance_name>/schema/99user.ldif

# dsctl <ds_13_instance_name> restart

    3. Place the /var/lib/dirsrv/slapd-<ds_11_instance_name>/migration.ldif file that you copied from the Directory Server 11 host in the /var/lib/dirsrv/slapd-<ds_13_instance_name>/ldif/ directory and set the correct permissions: 

      # cp /var/lib/dirsrv/slapd-<ds_11_instance_name>/migration.ldif /etc/dirsrv/slapd-<ds_13_instance_name>/ldif/

# chown dirsrv:dirsrv /var/lib/dirsrv/slapd-<ds_13_instance_name>/ldif/migration.ldif

    4. Import the migration.ldif file to restore the userRoot database with all entries: 

      # dsconf <ds_13_instance_name> backend import userRoot /var/lib/dirsrv/slapd-<ds_13_instance_name>/ldif/migration.ldif

      Note that Directory Server requires the LDIF file you want to import in the /var/lib/dirsrv/slapd-<ds_13_instance_name>/ directory.

      Important

      If you used a custom configuration on the Directory Server 11 host, do not replace the dse.ldif configuration file on the Directory Server 13 host with the file from the Directory Server 11 host. Instead, use the dsconf utility or the web console to add the custom configuration manually for each parameter and plug-in that you require.

Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top