Chapter 5. Migrating Directory Server 10 to Directory Server 11
This chapter contains information about migrating from Red Hat Directory Server 10 to 11, including tasks that you must perform before the migration begins.
Red Hat supports only migrations from Red Hat Directory Server 10 to 11.
To migrate Directory Server 7, 8, and 9 to version 11, you must first migrate the installation to Directory Server 10. For details, see the Migrating from Previous Versions chapter in the Red Hat Directory Server 10 Installation Guide.
- The existing Directory Server installation runs on version 10 and has all available updates installed.
5.1. Migrating to Directory Server 11 using the replication method
In a replication topology, use the replication method to migrate to Directory Server 11.
- Install Directory Server 11. See Chapter 2, Setting up a new Directory Server instance.
- Optionally, configure TLS. See the Enabling TLS chapter in the Red Hat Directory Server 11 Administrator Guide.
- Enable replication on a Directory Server 10 host. For more information, see the Configuring the Read-Write Replicas on the Supplier Servers section in the Red Hat Directory Server 10 Administrator Guide.
- Set up the replication agreement on the Directory Server 11 host. See the Multi-Master Replication section in the Red Hat Directory Server 11 Administrator Guide.
- Optionally, set up further Directory Server 11 hosts with replication agreements between the Directory Server 11 hosts.
- Configure your clients to use only the Directory Server 11 hosts.
- Remove the replication agreements with Directory Server 10 hosts. See Removing a Directory Server Instance from the Replication Topology in the Red Hat Directory Server 11 Administrator Guide.
- Uninstall the Directory Server 10 hosts. See Uninstalling Directory Server in the Red Hat Directory Server 10 Installation Guide.
5.2. Migrating to Directory Server 11 using the export and import method
Use the export and import method to migrate small Directory Server environments, such as instances without replication.
On the existing Directory Server 10 host:
Stop and disable the
systemctl stop dirsrv@instance_name#
systemctl disable dirsrv@instance_name
Export the back end. For example, to export the
userRootback end and store it in the
db2ldif -Z instance_name -n userRoot -a /tmp/userRoot.ldif
Copy the following files to the new host where you want to install Directory Server 11:
- The LDIF file that you exported in the previous step.
/etc/dirsrv/slapd-instance_name/schema/99user.ldifif you use a custom schema
If you want to migrate an instance with TLS enabled and reuse the same host name for the Directory Server 11 installation, copy the following files to the new host:
- If you want to reuse the same host name and IP on the Directory Server 11 host, disconnect the old server from the network.
On the new host:
- Install Directory Server 11. For details, see Chapter 2, Setting up a new Directory Server instance.
Optionally, configure TLS encryption:
If the new installation uses a different host name than the Directory Server 10 instance:
- See the Enabling TLS chapter in the Red Hat Directory Server Administrator Guide.
To use the same host name as the previous Directory Server 10 installation:
Stop the instance:
systemctl stop dirsrv@instance_name
Remove the Network Security Services (NSS) databases and the password file for Directory Server, if they already exist:
rm /etc/dirsrv/slapd-instance_name/cert*.db /etc/dirsrv/slapd-instance_name/key*.db /etc/dirsrv/slapd-instance_name/pin.txt
pin.txtfiles that you copied from the Directory Server 10 host in the
Set the correct permissions for the NSS databases and the password file:
chown dirsrv:root /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db /etc/dirsrv/slapd-instance_name/pin.txt#
chmod 600 /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db /etc/dirsrv/slapd-instance_name/pin.txt
Start the instance:
systemctl start dirsrv@instance_name
Directory Server automatically converts the NSS databases to the SQLite format. The converted databases are stored in the
key4.dbfiles in the
Optionally, remove the old NSS databases, to avoid confusion:
rm /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db
If you used a custom schema, restore the
99user.ldiffile into the
/etc/dirsrv/slapd-instance_name/schema/directory, set appropriate permissions, and restart the instance. For example:
cp /tmp/99user.ldif /etc/dirsrv/slapd-instance_name/schema/#
chmod 644 /etc/dirsrv/slapd-instance_name/schema/99user.ldif#
chown root:root /etc/dirsrv/slapd-instance_name/schema/99user.ldif#
systemctl restart dirsrv@instance_name
Import the LDIF file. For example, to import the
/tmp/migration.ldiffile into the
dsconf -D 'cn=Directory Manager' ldap://server.example.com backend import userRoot /tmp/migration.ldif