Migrating Sun Java Directory Server to HP-UX Directory Server White Paper
22
Data Migration Mode
In data migration mode, the sjdsmig.pl script converts SJDS ACI and password policy information
for compatibility with HPDS.
ACI Conversion
The conversions for ACIs are relatively simple. If an ACI grants or denies the rights import or
export, the script removes those rights because they are only used with the MODDN operation, which
is not supported with HPDS. Additionally, if an ACI contains a targetscope parameter with a
value of subtree, the script removes this parameter because ACIs in HPDS default to subtree scope.
Note:
If the LDIF that was exported from SJDS contains ACIs with targetscope
parameters having values of one or subtree, these ACIs are imported but
have no effect on HPDS but they are not compatible and access control
may not function as intended. If such an ACI is encountered, the
sjdsmig.pl script will issue a warning, and the ACI must be redesigned
manually. For details about creating ACIs, see the
HP-UX Directory Server
Administrator Guide.
Password Policy Conversion
SJDS and HPDS follow different versions of the Internet draft standard on how password policy should
be configured and its state maintained. The following tables describe how the password policy
configuration and state are converted.
Table 5: Password policy configuration conversions
SJDS setting HPDS setting Conversion
n/a nsslapd-pwpolicy-local
Because SJDS always evaluates
fine-grained password policies,
the nsslapd-pwpolicy-local setting
is also enabled in HPDS.
pwdLockoutDuration passwordLockoutDuration
Renames the setting name to its
new HPDS name.
pwdMustChange passwordMustChange
HPDS global password policy
requires Booleans to be “on” or
“off. It renames the setting name
to its new HPDS name; translates
values “true” and “1” to be “on”,
and “false” and “0” to be “off”.
pwdInHistory passwordInHistory
The supported range for the
password history setting for HPDS
is between 2 and 24. The
migration script renames the
setting name to its new HPDS
name; adjusts up or down to
supported range.
pwdInHistory passwordHistory
HPDS uses a toggle attribute to
enable the password history
policy translating “0” to be “off”
and any other value to be “on”.
pwdAllowUserChange passwordChange
HPDS global password policy
requires Booleans to be “on” or