Tagged: 

This topic has 4 replies, 3 voices, and was last updated 6 years, 10 months ago by Ludo.

  • Author
    Posts
  • #1582
     Matt Mencel
    Participant

    Is there any help docs for migrating from an old Sun DS 5.2 directory server to OpenDJ?

    I will probably want to run them in parallel for awhile. How would I go about keeping them in sync since I don’t think replication can be setup between them.

    Thanks,
    Matt

    #1583
     Matt Miller
    Participant

    https://lists.forgerock.org/pipermail/opendj/2012-June/001852.html

    • This reply was modified 6 years, 10 months ago by Matt Miller.
    • This reply was modified 6 years, 10 months ago by Matt Miller.
    • This reply was modified 6 years, 10 months ago by Matt Miller.
    #1590
     Ludo
    Moderator

    Matt,

    If you want to keep both services in sync, keep in mind that DS 5.2 uses an old way of dealing with Password Policy (and keeping operational attributes in user entries). You will need to make sure that none of them are sync’d or that they are properly translated when needed (in OpenDJ most of these attributes are readonly anyway).

    For sync’ing I would recommend to look at lsc-project.org. I know of several migrations that have used it.

    Regards,
    Ludo

    #1591
     Matt Mencel
    Participant

    ludo,

    I wasn’t aware of the password policy differences, but I haven’t really thought that far ahead yet. Not a big deal though as I could just replicate the old pw policies in OpenDJ through whatever method is available there.

    The passwords themselves….I think I have another way to load those if they don’t sync.

    Thanks for the link to the lsc-project….that looks like it might do the trick for syncing data.

    Will there be any gotchas to watch out for when exporting/importing the schema? We also make heavy use of ACLs in Sun DS so I’ll have to figure that out too…. I can tell already this is going to be lots of fun. :)

    Matt

    #1592
     Ludo
    Moderator

    Sun DS 5.2 was the last version with a legacy password policy. In DS 6.x we’ve introduced a new password policy based on some IETF Internet Draft that I was working on, and some kind of backward compatibility options. In OpenDJ (and its legacy OpenDS) we dropped the compatibility option, to focus on managing password related operational attributes in a more predictable and efficient way. This said, password themselves are compatible (OpenDJ has a superset of password hash methods).
    ACI are compatible between SunDS and OpenDJ with some caveat : OpenDJ is much more strict with regards to the syntax of ACIs (and OpenDJ doesn’t support Macro ACIs). Same with Schema. My suggestion would be to try to import them in OpenDJ in a test environment and if some fails (most likely due to missing quotes or extra quotes), fix them in Sun DS. This will not change the behaviour but will make it easier to sync after.
    There are several ForgeRock customers that have done that migration. None of them found that really hard or tedious. So have fun ! ;-)

    Ludo

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?