Migrating Sun Java Directory Server to HP-UX Directory Server White Paper
4
Table 1: HPDS and SJDS feature comparison
Feature Description and Notes
Multi-master replication Allows for multiple writable directory servers for ultimate high-availability, including across
wide area networks. HPDS and SJDS use the same protocol and similar configuration
data. Note: The configuration interfaces differ.
Attribute encryption Both products support encryption of specific attributes in the database. Management and
types of encryption differ. SJDS supports the DES, 3DES, RC2, and RC4 encryption
ciphers, while HPDS supports the 3DES and current Advanced Encryption Standard (AES)
ciphers.
SSL/TLS Enables over-the-network data encryption and integrity as well as client and server
validation. Based on the same data format and Network Security Services (NSS) libraries.
The only difference is in the list of available ciphers. For tables of supported HPDS ciphers,
see the
HP-UX Directory Server Administrator Guide.
Password policy Similar features offered, but each configuration follows a different IETF Internet draft. This
white paper explains how to migrate password policy data to the HPDS implementation.
ACIs Both products are based on the original ACI specification, with only a few differences. For
example, SJDS supports ACI scope, while HPDS ACIs are always subtree scope. Tools are
provided to scan for incompatible uses and to assist with ACI migration.
Command-line tools
These tools enable local administrator scripted management of SJDS and HPDS, and
provide the same set of management commands. Note: SJDS has implemented some new
tools but continues to support most of the core administration tools that are in common with
the HPDS toolset.
Online import/export,
backup and restore
These capabilities enable restore and backup of data while the directory servers are
running. Features between HPDS and SJDS are the same.
SASL A pluggable authentication subsystem. Both SJDS and HPDS offer EXTERNAL, DIGEST-
MD5, and GSSAPI. HPDS additionally offers CRAM-MD5.
SNMP Used for remotely monitoring the health of the directory server. SJDS and HPDS implement
the Network Services Monitoring defined in RFC 2788. SJDS additionally implements
grouped directory server monitoring, as defined in RFC 2605.
Chaining Enables the directory server to forward requests for data it does not manage. Chaining is
supported by both SJDS and HPDS.
Database backend Both SJDS and HPDS use Berkeley DB 4 for backend storage.
Schema management SJDS and HPDS offer the same schema management features.
Remote administration Enables server administration, without needing to establish a session on the remote host.
Both SJDS and HPDS offer remote administration through a combination of HTTP and LDAP.
Pluggable API
(slapd plug-ins)
These plug-ins enable custom functions and data manipulation before or after data is stored
or retrieved from the directory server database. A plug-in API for developers is provided by
both SJDS and HPDS, based on the same original API. For details on the HPDS plug-in API,
see the HP-UX Directory Server plug-in reference.
Roles and class of service Enable simple assignment of rights and service levels. The roles and class of service
features are the same in SJDS and HPDS, but SJDS also offers a Class of Service monitoring
mechanism.
File system layout Whereas SJDS consolidates all the files that belong to an instance under a single file system
path, HPDS follows the standard Unix System V layout for optional software, storing related
scripts under /opt, data under /var/opt, and configuration files under /etc/opt.
Graphical administration
interfaces
The SJDS interface is a web application, while HPDS employs a Java application for
administration. These interfaces offer different views and controls over the flexibility,
control, and automation of the directory.
Additional differences may affect deployments differently, depending on the features that are
enabled. This paper notes several differences that may be encountered while performing a migration.