Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Chapter 10. Migrating Directory Server 10 to Directory Server 13
Learn about migration from Red Hat Directory Server 10 to 13, including tasks that you must perform before you start the migration.
Red Hat supports migration only from Red Hat Directory Server 10, 11, 12 to version 13. To migrate Directory Server from an earlier version, you must perform incremental migrations to Directory Server 10 or 11.
Red Hat does not support an in-place upgrade of Directory Server 10 or 11 servers to version 13 by using the leapp upgrade tool.
For migration, you can use one of the following ways:
- If you have a replication topology, use the replication method.
- If you have a disconnected topology without planned replication between Directory Server 10 and Directory Server 13, or if your database is more that 1 GB, use the export and import method.
10.1. Prerequisites
- The existing Directory Server installation runs on version 10 and has all available updates installed.
- You installed a Directory Server 13 host and created an instance on the host.
10.2. Migrating Directory Server 10 to version 13 using the replication method
In a replication topology, use the replication method to migrate to Directory Server 13.
Procedure
- On the Directory Server 13 host, enable replication, but do not create a replication agreement. For details about enabling replication, see the Configuring and managing replication section in the Red Hat Directory Server 13 documentation.
On the Directory Server 10 host, enable replication and create a replication agreement that points to the Directory Server 13 host. For details about enabling replication, see chapter 15 "Managing Replication" in the Red Hat Directory Server 10 Administration Guide.
ImportantIf you used a custom configuration on the Directory Server 10 host, do not replace the
dse.ldifconfiguration file on the Directory Server 13 host with the file from previous versions, because thedse.ldiflayout changes between versions. Instead, use thedsconfutility or the web console to add the custom configuration for each parameter and plug-in that you require.- Optional: Set up further Directory Server 13 hosts with replication agreements between the Directory Server 13 hosts.
- Configure your clients to use only the Directory Server 13 hosts.
On the Directory Server 10 host, remove the replication agreements that point to the Directory Server 13 host:
# ldapmodify -D "cn=Directory Manager" -W -x -H ldap://<ds.10.server.example.com> dn: cn=<agreement-to-ds-13-server>,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config changetype: delete- Uninstall the Directory Server 10 hosts. See the chapter 4.8 "Uninstalling Directory Server" in the Red Hat Directory Server 10 Installation Guide.
10.3. Migrating Directory Server 10 to version 13 using the export and import method
Use the export and import method to migrate large Directory Server environments or instances without replication.
Procedure
Perform the following steps on the existing Directory Server 10 host:
Stop and disable the
dirsrvservice:# dsctl <ds_10_instance_name> stop # systemctl disable dirsrv@<ds_10_instance_name>Export the backend. For example, to export the
userRootdatabase and store it in the/tmp/userRoot.ldiffile, run:# db2ldif -Z <ds_10_instance_name> -n userRoot -a /tmp/userRoot.ldifCopy the following files to the new Directory Server 13 host:
-
The LDIF file
userRoot.ldifthat you exported in the previous step. -
The
/etc/dirsrv/slapd-<ds_10_instance_name>/schema/99user.ldiffile if you use a custom schema. The
/etc/dirsrv/slapd-<ds_10_instance_name>/dse.ldifconfiguration file.ImportantDo not replace the
dse.ldifconfiguration file on the Directory Server 13 host with the file from the Directory Server 10 host because thedse.ldiflayout changes between versions. Store thedse.ldiffile for the reference.If you want to migrate an instance with TLS enabled and reuse the same host name for the Directory Server 13 installation, copy:
-
/etc/dirsrv/slapd-<ds_10_instance_name>/cert8.db -
/etc/dirsrv/slapd-<ds_10_instance_name>/key3.db -
/etc/dirsrv/slapd-<ds_10_instance_name>/pin.txt
-
-
The LDIF file
- If you want to use the same host name and IP on the Directory Server 13 host, disconnect the old server from the network.
Perform the following steps on the new Directory Server 13 host:
Optional: Configure TLS encryption:
- If the new installation uses a host name that differs from the Directory Server 10 instance host name, see the Enabling TLS-encrypted connections to Directory Server section in the Red Hat Directory Server Security and access control documentation.
If you want to use the same host name as the previous Directory Server 10 installation:
Stop the instance:
# dsctl <ds_13_instance_name> stopRemove the Network Security Services (NSS) databases and the password file for Directory Server, if they already exist:
# rm /etc/dirsrv/slapd-<ds_13_instance_name>/cert*.db /etc/dirsrv/slapd-<ds_13_instance_name>/key*.db /etc/dirsrv/slapd-<ds_13_instance_name>/pin.txt-
Move the
cert8.db,key3.db, andpin.txtfiles that you copied from the Directory Server 10 host to the/etc/dirsrv/slapd-<ds_13_instance_name>/directory. Set the correct permissions for the NSS databases and the password file:
# chown dirsrv:root /etc/dirsrv/slapd-<ds_13_instance_name>/cert8.db \ /etc/dirsrv/slapd-<ds_13_instance_name>/key3.db \ /etc/dirsrv/slapd-<ds_13_instance_name>/pin.txt # chmod 600 /etc/dirsrv/slapd-<ds_13_instance_name>/cert8.db \ /etc/dirsrv/slapd-<ds_13_instance_name>/key3.db \ /etc/dirsrv/slapd-<ds_13_instance_name>/pin.txtStart the instance:
# dsctl <ds_13_instance_name> start
If you used a custom schema, place the
99user.ldiffile in the/etc/dirsrv/slapd-<ds_13_instance_name>/schema/directory, set appropriate permissions, and restart the instance:# cp /etc/dirsrv/slapd-<ds_10_instance_name>/schema/99user.ldif /etc/dirsrv/slapd-<ds_13_instance_name>/schema/ # chmod 644 /etc/dirsrv/slapd-<ds_13_instance_name>/schema/99user.ldif # chown root:root /etc/dirsrv/slapd-<ds_13_instance_name>/schema/99user.ldif # dsctl <ds_13_instance_name> restartPlace the
/tmp/userRoot.ldiffile you prepared on the Directory Server 10 host in the/var/lib/dirsrv/slapd-<ds_13_instance_name>/ldif/directory and set the correct permissions:# cp /tmp/userRoot.ldif /etc/dirsrv/slapd-<ds_13_instance_name>/ldif/ # chown dirsrv:dirsrv /var/lib/dirsrv/slapd-<ds_13_instance_name>/ldif/userRoot.ldifImport the
userRoot.ldiffile to restore theuserRootbackend with all entries:# dsconf <ds_13_instance_name> backend import userRoot /var/lib/dirsrv/slapd-<ds_13_instance_name>/ldif/userRoot.ldifNote that Directory Server 13 can import LDIF files only from the
/var/lib/dirsrv/slapd-<ds_13_instance_name>/directory.ImportantIf you used a custom configuration on the Directory Server 10 host, do not replace the
dse.ldifconfiguration file on the Directory Server 12 host with the file from previous versions. Instead, use thedsconfutility or the web console to add the custom configuration manually for each parameter and plug-in that you require.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}