Chapter 9. Migrating Directory Server 10 to Directory Server 12
Learn about migration from Red Hat Directory Server 10 to 12, including tasks that you must perform before you start the migration.
Red Hat supports migration only from Red Hat Directory Server 10 or 11 to version 12. To migrate Directory Server from earlier version, you must perform incremental migrations to Directory Server 10 or 11.
Red Hat does not support an in-place upgrade of Directory Server 10 or 11 servers to version 12 by using the leapp upgrade tool.
9.1. Prerequisites
- The existing Directory Server installation runs on version 10 and has all available updates installed.
9.2. Migrating Directory Server 10 to version 12 using the replication method
In a replication topology, use the replication method to migrate to Directory Server 12.
Procedure
- Install Directory Server 12 on a new host.
- On the Directory Server 12 host, enable replication, but do not create a replication agreement. For details about enabling replication, see the Configuring and managing replication in the Red Hat Directory Server 12 documentation.
On the Directory Server 10 host, enable replication and create a replication agreement that points to the Directory Server 12 host. For details about enabling replication, see the corresponding section in the Red Hat Directory Server 10 Administrator Guide.
ImportantIf you used a custom configuration on the Directory Server 10 host, do not replace the
dse.ldifconfiguration file on the Directory Server 12 host with the file from previous versions, because thedse.ldiflayout changes between versions. Instead, use thedsconfutility or the web console to add the custom configuration for each parameter and plug-in that you require.- Optional: Set up further Directory Server 12 hosts with replication agreements between the Directory Server 12 hosts.
- Configure your clients to use only the Directory Server 12 hosts.
- On the Directory Server 12 host, remove the replication agreements that point to the Directory Server 10 host. See Removing an instance from a replication topology in the Red Hat Directory Server 12 Administrator Guide.
- Uninstall the Directory Server 10 hosts. See Uninstalling Directory Server in the Red Hat Directory Server 10 Installation Guide.
9.3. Migrating Directory Server 10 to version 12 using the export and import method
Use the export and import method to migrate large Directory Server environments.
Procedure
Perform the following steps on the existing Directory Server 10 host:
Stop and disable the
dirsrvservice:# dsctl instance_name stop # systemctl disable dirsrv@instance_name
Export the back end. For example, to export the
userRootback end and store it in the/tmp/userRoot.ldiffile:# db2ldif -Z instance_name -n userRoot -a /tmp/userRoot.ldifCopy the following files to the new host where you want to install Directory Server 12:
-
The LDIF file
userRoot.ldifthat you exported in the previous step. -
The
/etc/dirsrv/slapd-instance_name/schema/99user.ldiffile if you use a custom schema. The
/etc/dirsrv/slapd-instance_name/dse.ldifconfiguration file.ImportantDo not replace the
dse.ldifconfiguration file on the Directory Server 12 host with the file from the Directory Server 10 host because thedse.ldiflayout changes between versions. Store thedse.ldiffile for the reference.If you want to migrate an instance with TLS enabled and reuse the same host name for the Directory Server 12 installation, copy:
-
/etc/dirsrv/slapd-instance_name/cert8.db -
/etc/dirsrv/slapd-instance_name/key3.db -
/etc/dirsrv/slapd-instance_name/pin.txt
-
-
The LDIF file
- If you want to use the same host name and IP on the Directory Server 12 host, disconnect the old server from the network.
Perform the following steps on the new Directory Server 12 host:
- Install Directory Server 12.
Optional: Configure TLS encryption:
- If the new installation uses a different host name than the Directory Server 10 instance, see the Enabling TLS-encrypted connections to Directory Server section in the Securing Red Hat Directory Server documentation.
If you want to use the same host name as the previous Directory Server 10 installation:
Stop the instance:
# dsctl instance_name stopRemove the Network Security Services (NSS) databases and the password file for Directory Server, if they already exist:
# rm /etc/dirsrv/slapd-instance_name/cert*.db /etc/dirsrv/slapd-instance_name/key*.db /etc/dirsrv/slapd-instance_name/pin.txt-
Move the
cert8.db,key3.db, andpin.txtfiles that you copied from the Directory Server 10 host to the/etc/dirsrv/slapd-instance_name/directory. Set the correct permissions for the NSS databases and the password file:
# chown dirsrv:root /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db /etc/dirsrv/slapd-instance_name/pin.txt # chmod 600 /etc/dirsrv/slapd-instance_name/cert8.db /etc/dirsrv/slapd-instance_name/key3.db /etc/dirsrv/slapd-instance_name/pin.txt
Start the instance:
# dsctl instance_name start
If you used a custom schema, restore the
99user.ldiffile into the/etc/dirsrv/slapd-instance_name/schema/directory, set appropriate permissions, and restart the instance:# cp /tmp/99user.ldif /etc/dirsrv/slapd-instance_name/schema/ # chmod 644 /etc/dirsrv/slapd-instance_name/schema/99user.ldif # chown root:root /etc/dirsrv/slapd-instance_name/schema/99user.ldif # dsctl instance_name restart
-
Place the
/tmp/userRoot.ldiffile you prepared on the Directory Server 10 host to/var/lib/dirsrv/slapd-instance_name/ldif/directory. Import the
userRoot.ldiffile to restore theuserRootback end with all entries:# dsconf -D 'cn=Directory Manager' ldap://server.example.com backend import userRoot /var/lib/dirsrv/slapd-instance_name/ldif/userRoot.ldifNote that Directory Server 12 can import LDIF files only from
/var/lib/dirsrv/slapd-instance_name/directory.ImportantIf you used a custom configuration on the Directory Server 10 host, do not replace the
dse.ldifconfiguration file on the Directory Server 12 host with the file from previous versions. Instead, use thedsconfutility or the web console to add the custom configuration manually for each parameter and plug-in that you require.
