Migrating Sun Java Directory Server to HP-UX Directory Server White Paper
18
Step 1: Exporting to LDIF Data from the Legacy SJDS Instance for each Suffix
Exporting the SJDS suffixes by using the dsadm tool with the following syntax:
# dsadm export --no-repl -f not-folded-output instance suffix targetfile
For example:
# dsadm export --no-repl -f not-folded-output /export/instance1 dc=example,dc=com
/export/example.ldif
The
--no-repl option prevents replication state information from being exported. The –f not-
folded-output option disables wrapping of long lines, which facilitates file parsing.
Note:
If the SJDS instance makes use of attribute encryption, then also specify the
--decrypt-attr option with the dsadm export command. This causes
encrypted attribute values to be decrypted when they are written to the LDIF
file. If the encrypted attribute values are not decrypted, they will not be
accessible when the LDIF is imported into HPDS. If attribute encryption is
planned for HPDS, see the “Attribute encryption
” subsection of this
document for additional information about this feature.
Before importing the data into HPDS, some elements of the data may need modification to be
compatible with HPDS. The following sections document this process.
Step 2: Collecting Password Policy Assignments
HPDS and SJDS both provide a flexible mechanism for assigning password policy to users, using the
class of service feature. A drawback to this approach is when the data is exported to LDIF, it is not
easy to determine which password policy covers a given user. This is because the password policy
assignments are made with computed values that are not present in the exported LDIF.
The sjdsmig.pl script converts SJDS password policy information for compatibility with HPDS. This
process requires information about password policy assignments. However, detailed password policy
information can be discovered only from the running SJDS instance, because this information is
computed on demand by the server itself. To discover the proper password policy data from SJDS,
use an ldapsearch command to store that information in an LDIF file. The following ldapsearch
command for the example.com organization shows how to collect this password policy information.
Be sure to bind with an identity that has permission to retrieve this information. For example:
# ldapsearch –D "cn=directory manager" –w - –b "dc=example,dc=com"
"(|(passwordPolicySubentry=*)(&(objectclass=sunPwdPolicy)(objectclass=ldapsubentry)))" \*
passwordPolicySubentry > /tmp/searched.ldif
The sjdsmig.pl script uses the /tmp/searched.ldif file to properly apply the password policy
in HPDS.
Step 3: Producing an HPDS-compatible LDIF
Check that he following four items have been transferred to the HPDS host:
− LDIF file exported from the SJDS instance
− Results from the password policy search
− dse.ldif file
− sjdsmig.pl script