Migrating Sun Java Directory Server to HP-UX Directory Server White Paper
13
Suffixes and Database Back Ends
Suffix and Database Back End Creation
A suffix and its associated database are automatically created when the HPDS instance is created.
Create additional suffixes if more than one suffix will be migrated from SJDS to HPDS.
The database backend created for the suffix selected during setup is automatically assigned the
identifier userRoot. When creating additional suffixes, each must specify a different database
backend identifier. HP recommends specifying an identifier that indicates what is stored in the
associated database. For example, the suffix identifier west might be chosen for the suffix
dc=west,dc=example,dc=com. SJDS typically uses the left-most component of the suffix as the
database name. For HPDS databases, the same naming scheme can be used. To discover the
database name of one of the SJDS suffixes, use the following command:
# dsconf get-suffix-prop dc=example,dc=com db-name
For information about creating suffixes, see the
HP-UX Directory Server Administrator Guide.
Database Indexes
Configuring database indexes is optional. The data can still be imported without these indexes having
been configured. If the indexes are configured after data has been imported a re-indexing operation
or a re-import of the data is required for the indexes to be created.
SJDS and HPDS use database indexes to improve the performance of search operations. The two
products use similar configuration methods for indexes, prompting for attributes and any of four
different index types: presence, equality, substring, and approximate. One difference between SJDS
and HPDS search indexes is that HPDS uses a scalable method for storing index lists while SJDS relies
on a configuration setting of per-index size thresholds (“allids thresholds”). This configures a
hard, non-scalable limit to prevent the index lists from growing so large that they impede overall
system performance.
To see which attributes are indexed, use the SJDS dsconf list-indexes command. To see which
types of indexes are configured, use the SJDS dsconf get-index-prop command on each
indexed attribute. Several attributes are indexed by default by both SJDS and HPDS. For example,
both maintain an equality index on the uid attribute. Add any non-standard index configuration to
HPDS, making sure to match the index types, but ignoring the allids threshold settings, as they
are not supported or needed by HPDS. Changing which attributes are indexed or what types of
indexes are created for attributes can alter the disk usage of the directory server database. For
example, choosing a new attribute to be indexed in HPDS could cause disk space usage to increase
significantly, especially if that attribute is used frequently in the database.
For information about creating indexes, see the
HP-UX Directory Server Administrator Guide.
Attribute Encryption
Configuration encryption for the attribute values in database files is optional and should be done
before importing data. This avoids the need to re-import after the feature is configured. Furthermore,
to use attribute encryption to encrypt attribute values in the database files, certificates must first be
configured by migrating certificates from SJDS, as described in the “Migrating certificates from SJDS”
section, or by setting up new certificates. This must be done before configuring attribute encryption,
because the symmetric key used to encrypt the data is stored in the certificate database that is secured
by the directory server instance’s public key.
The attribute encryption features of SJDS and HPDS are different. SJDS supports DES, 3DES, RC2, and
RC4 encryption ciphers, while HPDS supports the current standards of 3DES and AES ciphers.
For information about attribute encryption, see the
HP-UX Directory Server Administrator Guide.