Chapter 5. Migrating Directory Server 10 to Directory Server 11

This chapter contains information about migrating from Red Hat Directory Server 10 to 11, including tasks that you must perform before the migration begins.

Important

Red Hat supports only migrations from Red Hat Directory Server 10 to 11.

To migrate Directory Server 7, 8, and 9 to version 11, you must first migrate the installation to Directory Server 10. For details, see the Migrating from Previous Versions chapter in the Red Hat Directory Server 10 Installation Guide.

Prerequisites

  • The existing Directory Server installation runs on version 10 and has all available updates installed.

5.1. Migrating to Directory Server 11 using the replication method

In a replication topology, use the replication method to migrate to Directory Server 11.

Procedure

  1. Install Directory Server 11. See Chapter 2, Setting up a new Directory Server instance.
  2. Optionally, configure TLS. See the Enabling TLS chapter in the Red Hat Directory Server 11 Administrator Guide.
  3. Enable replication on a Directory Server 10 host. For more information, see the Configuring the Read-Write Replicas on the Supplier Servers section in the Red Hat Directory Server 10 Administrator Guide.
  4. Set up the replication agreement on the Directory Server 11 host. See the Multi-Master Replication section in the Red Hat Directory Server 11 Administrator Guide.
  5. Optionally, set up further Directory Server 11 hosts with replication agreements between the Directory Server 11 hosts.
  6. Configure your clients to use only the Directory Server 11 hosts.
  7. Remove the replication agreements with Directory Server 10 hosts. See Removing a Directory Server Instance from the Replication Topology in the Red Hat Directory Server 11 Administrator Guide.
  8. Uninstall the Directory Server 10 hosts. See Uninstalling Directory Server in the Red Hat Directory Server 10 Installation Guide.

5.2. Migrating to Directory Server 11 using the export and import method

Use the export and import method to migrate small Directory Server environments, such as instances without replication.

Procedure

  1. On the existing Directory Server 10 host:

    1. Stop and disable the dirsrv service:

      # systemctl stop dirsrv@instance_name
      # systemctl disable dirsrv@instance_name
    2. Export the back end. For example, to export the userRoot back end and store it in the /tmp/userRoot.ldif file:

      # db2ldif -Z instance_name -n userRoot -a /tmp/userRoot.ldif
    3. Copy the following files to the new host where you want to install Directory Server 11:

      • The LDIF file that you exported in the previous step.
      • /etc/dirsrv/slapd-instance_name/schema/99user.ldif if you use a custom schema
      • If you want to migrate an instance with TLS enabled and reuse the same host name for the Directory Server 11 installation, copy the following files to the new host:

        • /etc/dirsrv/slapd-instance_name/cert8.db
        • /etc/dirsrv/slapd-instance_name/key3.db
        • /etc/dirsrv/slapd-instance_name/pin.txt
    4. If you want to reuse the same host name and IP on the Directory Server 11 host, disconnect the old server from the network.
  2. On the new host:

    1. Install Directory Server 11. For details, see Chapter 2, Setting up a new Directory Server instance.
    2. Optionally, configure TLS encryption:

      • If the new installation uses a different host name than the Directory Server 10 instance:

        1. See the Enabling TLS chapter in the Red Hat Directory Server Administrator Guide.
      • To use the same host name as the previous Directory Server 10 installation:

        1. Stop the instance:

          # systemctl stop dirsrv@instance_name
        2. Remove the Network Security Services (NSS) databases and the password file for Directory Server, if they already exist:

          # rm /etc/dirsrv/slapd-instance_name/cert*.db /etc/dirsrv/slapd-instance_name/key*.db /etc/dirsrv/slapd-instance_name/pin.txt
        3. Store the cert8.db, key3.db, and pin.txt files that you copied from the Directory Server 10 host in the /etc/dirsrv/slapd-instance_name/ directory.
        4. Set the correct permissions for the NSS databases and the password file:

          # chown dirsrv:root /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db /etc/dirsrv/slapd-instance_name/pin.txt
          
          # chmod 600 /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db /etc/dirsrv/slapd-instance_name/pin.txt
        5. Start the instance:

          # systemctl start dirsrv@instance_name

          Directory Server automatically converts the NSS databases to the SQLite format. The converted databases are stored in the cert9.db and key4.db files in the /etc/dirsrv/slapd-instance_name/ directory.

        6. Optionally, remove the old NSS databases, to avoid confusion:

          # rm /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db
    3. If you used a custom schema, restore the 99user.ldif file into the /etc/dirsrv/slapd-instance_name/schema/ directory, set appropriate permissions, and restart the instance. For example:

      # cp /tmp/99user.ldif /etc/dirsrv/slapd-instance_name/schema/
      
      # chmod 644 /etc/dirsrv/slapd-instance_name/schema/99user.ldif
      
      # chown root:root /etc/dirsrv/slapd-instance_name/schema/99user.ldif
      
      # systemctl restart dirsrv@instance_name
    4. Import the LDIF file. For example, to import the /tmp/migration.ldif file into the userRoot database:

      # dsconf -D 'cn=Directory Manager' ldap://server.example.com backend import userRoot /tmp/migration.ldif