5.2. Pre-migration Tasks

Red Hat Directory Server 9 servers need to be reconfigured to match the previous version. You need to reconfigure plug-ins, SSL, schema, server configuration, and so on.
Each new Red Hat Directory Server 9 instance needs to be manually reconfigured to match the previous version. This includes adding, enabling, and configuring plug-ins. If SSL was previously used, it needs to be set up on the new instance as well. Any custom schema needs to be in place on the new server. The server settings, like cache sizes, resource limits, indexing, and general configuration settings need to be re-applied.

5.2.1. Directory Server Configuration

The Directory Server configuration includes back-end suffixes, cache settings, indexing, and so on.
When migrating to Red Hat Directory Server 9:
  • Make sure that you have recreated back-end suffixes. This is especially important for replication to work properly.
  • Make sure that you have configured attribute indexes.
  • You may need to reconfigure the database cache and each back-end entry cache to match the previous version.

5.2.2. Migration and SSL

If the new server will reuse the same host name as the previous server, then the security database files can simply be copied to the new server. For example:
/etc/dirsrv/slapd-instance_name/cert8.db
/etc/dirsrv/slapd-instance_name/key3.db
If the new server will not reuse the same host name, then you will need to issue and install new certificates in the Directory Server instance and Admin Server (if applicable).

5.2.3. Schema Migration

Using the default settings, Red Hat Directory Server 9 and later is RFC 4512-compliant and does not support older schema versions. To enable older schema support or to migrate:
  1. Enable the nsslapd-enquote-sup-oc parameter in the cn=config entry:
    # ldapmodify -D "cn=directory manager" -W -x
    
    dn: cn=config
    changetype: modify
    replace: nsslapd-enquote-sup-oc
    nsslapd-enquote-sup-oc: on
  2. Append the following parameter at the end of your /etc/sysconfig/dirsrv-instance file:
    LDAP_SCHEMA_ALLOW_QUOTED="on"
  3. Restart the Directory Server instance:
    # service dirsrv restart instance_name
You can migrate the schema from an old server instance in the following ways:
  • Copy the /etc/dirsrv/slapd-instance_name/schema/99user.ldif file and all custom schema files to the new instance. Restart the Directory Server instance to take the changes effect.
  • Perform a database migration. For details, see Section 5.3, “Database Migration Methods”.