Chapter 5. Migrating Directory Server 10 to Directory Server 11
This chapter contains information about migrating from Red Hat Directory Server 10 to 11, including tasks that you must perform before the migration begins.
Red Hat supports only migrations from Red Hat Directory Server 10 to 11.
To migrate Directory Server 7, 8, and 9 to version 11, you must first migrate the installation to Directory Server 10. For details, see the Migrating from Previous Versions chapter in the Red Hat Directory Server 10 Installation Guide.
Prerequisites
- The existing Directory Server installation runs on version 10 and has all available updates installed.
5.1. Migrating to Directory Server 11 using the replication method
In a replication topology, use the replication method to migrate to Directory Server 11.
Procedure
- Install Directory Server 11. See Chapter 2, Setting up a new Directory Server instance.
- Optionally, configure TLS. See the Enabling TLS chapter in the Red Hat Directory Server 11 Administrator Guide.
- On the Directory Server 11 host, enable replication, but do not create a replication agreement. For details about enabling replication, see the Setting up multi-supplier replication section in the Red Hat Directory Server 11 Administrator Guide.
- On the Directory Server 10 host, enable replication and create a replication agreement that points to the Directory Server 11 host. For more information, see the Configuring the Read-Write Replicas on the Supplier Servers section in the Red Hat Directory Server 10 Administrator Guide.
- Optionally, set up further Directory Server 11 hosts with replication agreements between the Directory Server 11 hosts.
- Configure your clients to use only the Directory Server 11 hosts.
- Remove the replication agreements with Directory Server 10 hosts. See Removing a Directory Server Instance from the Replication Topology in the Red Hat Directory Server 11 Administrator Guide.
- Uninstall the Directory Server 10 hosts. See Uninstalling Directory Server in the Red Hat Directory Server 10 Installation Guide.
5.2. Migrating to Directory Server 11 using the export and import method
Use the export and import method to migrate small Directory Server environments, such as instances without replication.
Procedure
On the existing Directory Server 10 host:
Stop and disable the
dirsrv
service:#
systemctl stop dirsrv@instance_name
#systemctl disable dirsrv@instance_name
Export the back end. For example, to export the
userRoot
back end and store it in the/tmp/userRoot.ldif
file:#
db2ldif -Z instance_name -n userRoot -a /tmp/userRoot.ldif
Copy the following files to the new host where you want to install Directory Server 11:
- The LDIF file that you exported in the previous step.
-
/etc/dirsrv/slapd-instance_name/schema/99user.ldif
if you use a custom schema If you want to migrate an instance with TLS enabled and reuse the same host name for the Directory Server 11 installation, copy the following files to the new host:
-
/etc/dirsrv/slapd-instance_name/cert8.db
-
/etc/dirsrv/slapd-instance_name/key3.db
-
/etc/dirsrv/slapd-instance_name/pin.txt
-
- If you want to reuse the same host name and IP on the Directory Server 11 host, disconnect the old server from the network.
On the new host:
- Install Directory Server 11. For details, see Chapter 2, Setting up a new Directory Server instance.
Optionally, configure TLS encryption:
If the new installation uses a different host name than the Directory Server 10 instance:
- See the Enabling TLS chapter in the Red Hat Directory Server Administrator Guide.
To use the same host name as the previous Directory Server 10 installation:
Stop the instance:
#
systemctl stop dirsrv@instance_name
Remove the Network Security Services (NSS) databases and the password file for Directory Server, if they already exist:
#
rm /etc/dirsrv/slapd-instance_name/cert*.db /etc/dirsrv/slapd-instance_name/key*.db /etc/dirsrv/slapd-instance_name/pin.txt
-
Store the
cert8.db
,key3.db
, andpin.txt
files that you copied from the Directory Server 10 host in the/etc/dirsrv/slapd-instance_name/
directory. Set the correct permissions for the NSS databases and the password file:
#
chown dirsrv:root /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db /etc/dirsrv/slapd-instance_name/pin.txt
#chmod 600 /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db /etc/dirsrv/slapd-instance_name/pin.txt
Start the instance:
#
systemctl start dirsrv@instance_name
Directory Server automatically converts the NSS databases to the SQLite format. The converted databases are stored in the
cert9.db
andkey4.db
files in the/etc/dirsrv/slapd-instance_name/
directory.Optionally, remove the old NSS databases, to avoid confusion:
#
rm /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db
If you used a custom schema, restore the
99user.ldif
file into the/etc/dirsrv/slapd-instance_name/schema/
directory, set appropriate permissions, and restart the instance. For example:#
cp /tmp/99user.ldif /etc/dirsrv/slapd-instance_name/schema/
#chmod 644 /etc/dirsrv/slapd-instance_name/schema/99user.ldif
#chown root:root /etc/dirsrv/slapd-instance_name/schema/99user.ldif
#systemctl restart dirsrv@instance_name
Import the LDIF file. For example, to import the
/var/lib/dirsrv/slapd-instance_name/ldif/migration.ldif
file into theuserRoot
database:#
dsconf -D 'cn=Directory Manager' ldap://server.example.com backend import userRoot /var/lib/dirsrv/slapd-instance_name/ldif/migration.ldif
Note that Directory Server requires the LDIF file you want to import in the
/var/lib/dirsrv/slapd-instance_name/
directory.