4. Installing Directory Server 9.0

For more detailed instructions on installing Directory Server 9.0, see the Directory Server Installation Guide.

4.1. Installing the JDK

Directory Server 9.0 requires either Sun JRE 1.6.0 or OpenJDK 1.6.0.
For example:
yum install java-1.6.0-openjdk
OpenJDK is also available for download from http://openjdk.java.net/install/.


When the new JDK is installed for Directory Server 9.0, it is no longer possible to manage older instances of Directory Server using the Directory Server Console because the required JDKs for the different Directory Server versions are different. You must migrate any older instance to Directory Server 9.0 if you need to manage that instance with the Directory Server Console.

4.2. Obtaining Packages

The simplest way to install Red Hat Directory Server 9.0 is using the yum command:
yum install redhat-ds* redhat-idm-console
RPM packages can be downloaded from Red Hat Network:
  1. Downloading packages from Red Hat Network requires specific entitlements for the account for the 9.0 release.
  2. Click the Downloads tab, and select the Red Hat Enterprise Linux channels.
  3. Set the product to filter for Red Hat Directory Server.
  4. Select the architecture.
  5. Open the Downloads tab, and begin downloading the ISO.
  6. Install the packages using rpm.
    ls *.rpm | egrep -iv -e devel -e debuginfo | xargs rpm -ivh
The PassSync.msi installer is available in the WinSync package in the Directory Server channel, through the Downloads tab, same as the ISO image. Download this file to the Windows machine, and then double-click the icon and go through the installer.


There are two PassSync packages available, one for 32-bit Windows servers and one for 64-bit. Make sure to select the appropriate packages for your Windows platform.

4.3. Running setup-ds-admin.pl

After installing the packages, run the setup-ds-admin.pl script to configure the new Directory Server and Admin Server instances. For example:
See the Directory Server Installation Guide for more information about setup-ds-admin.pl script options and the Directory Server configuration interface.

4.4. Upgrading to Directory Server 9.0

This upgrade procedure assumes that the original machine and the new machine have the same architecture (i.e., both are 32-bit machines or both are 64-bit machines).


Upgrade is only supported from 8.2 to 9.0. Other versions of Red Hat Directory Server should be migrated to 8.2 and then upgraded to 9.0.


Migration cannot change the hostname used by the Directory Server and Admin Server.
  1. Stop the Directory Server and Admin Server.
    service dirsrv-admin stop
    service dirsrv stop
  2. Back up all the Directory Server user and configuration data. For example:
     cd /usr/lib/dirsrv/slapd-instance_name  
     db2bak /var/lib/dirsrv/slapd-instance_name/bak/instance_name-2011_04_30_16_27_56
  3. Tar (almost) all of the files and directories for the original Directory Server 8.2 instance.
    The admserv.conf and httpd.conf files should not be included since the new versions of these files should always be used. Additionally, these tar files don't contain the error and access log files. These files are not necessary for upgrading an instance but can be stored separately.


    Make sure that partition where the tar file is created has enough space to store all of the configuration and data.
    [root@server1 ~]# cd  /
    [root@server1 ~]# tar cpjf rhds-upgrade.tar.bz2 -C / --no-recursion --exclude httpd.conf --exclude admserv.conf etc/sysconfig/dirsrv* etc/dirsrv/slapd-* etc/dirsrv/slapd-*/* etc/dirsrv/slapd-*/schema/* var/run/dirsrv var/lock/dirsrv/slapd-* var/log/dirsrv/slapd-* var/lib/dirsrv/slapd-* var/lib/dirsrv/slapd-*/* var/lib/dirsrv/slapd-*/ldif/* var/lib/dirsrv/slapd-*/db/* var/lib/dirsrv/slapd-*/db/*/* etc/dirsrv/admin-serv etc/dirsrv/admin-serv/* var/log/dirsrv/admin-serv var/lib/dirsrv/slapd-*/cldb/* usr/lib[64]/dirsrv/slapd-*


    The cldb location assumes that the changelog is located in the default changelog directory. If the changelog is in a different location, use the appropriate directory. If replication is not enabled, this directory can be omitted.
  4. On the new machine which will host Directory Server, install or upgrade the Directory Server 9.0 packages. For example:
    yum install redhat-ds
  5. Copy over the tar file to the new machine.
  6. Open the root directory, and then unpack the tar file. For example:
    cd /
    tar xfjp /path/to/rhds-upgrade.tar.bz2
  7. Make sure that the new Directory Server instance is not running.
    service dirsrv-admin stop
    service dirsrv stop
  8. Run the setup-ds.pl command in offline mode to upgrade only the Directory Server configuration. This performs all of the basic setup required to perform any schema or data changes.
    For example:
    setup-ds.pl -u -s General.UpdateMode=offline
  9. Start the servers.
    service dirsrv-admin start
    service dirsrv start
  10. Run the setup-ds-admin.pl -u script to update the configuration. Make sure that the Directory Server and Admin Server are running when the script is run.
    setup-ds-admin.pl -u
  11. Update syntaxes and the enable syntax checking.
    In 8.2, syntax checking is available, but disabled by default, while a new 9.0 instance has syntax checking enabled by default. Syntax validation checks every modification to attributes to make sure that the new value has the required syntax for that attribute type, so this is a beneficial configuration attribute to use to ensure data quality.
    1. Run the syntax-validate.pl Perl script to validate and, if necessary, correct any syntax errors in the migrated 8.2 data.
      /usr/lib64/dirsrv/instance_name/syntax-validate.pl -D "cn=directory manager" -w secret -b "dc=example,dc=com"
    2. Enable syntax checking for the migrated server.
      /usr/lib64/mozldap/ldapmodify -D "cn=directory manager" -w secret -p 389
      dn: cn=config
      changetype: modify
      replace: nsslapd-syntaxcheck
      nsslapd-syntaxcheck: on
  12. Verify that the directory databases have been successfully migrated. Directory Server 9.0 normalizes DN syntax during the upgrade import process. Make sure that the upgraded database is functional and contains all the data before deleting the backups.
    Search an entry which could contain escaped characters; the DNs should be updated. For example, for a DN which was previously cn="a=abc,x=xyz":
    /usr/lib64/mozldap/ldapsearch -b "dc=example,dc=com" '(cn=\"*\")' entrydn
    dn: cn=a\3Dabc\2Cx\3Dxyz,dc=example,dc=com
    entrydn: cn=a\3dabc\2cx\3dxyz,dc=example,dc=com
    If the search results are correctly escaped, the original database backend instance directory can be removed.