This topic has 4 replies, 3 voices, and was last updated 8 years ago by Ludo.

  • Author
  • #1582
     Matt Mencel

    Is there any help docs for migrating from an old Sun DS 5.2 directory server to OpenDJ?

    I will probably want to run them in parallel for awhile. How would I go about keeping them in sync since I don’t think replication can be setup between them.


     Matt Miller




    If you want to keep both services in sync, keep in mind that DS 5.2 uses an old way of dealing with Password Policy (and keeping operational attributes in user entries). You will need to make sure that none of them are sync’d or that they are properly translated when needed (in OpenDJ most of these attributes are readonly anyway).

    For sync’ing I would recommend to look at lsc-project.org. I know of several migrations that have used it.


     Matt Mencel


    I wasn’t aware of the password policy differences, but I haven’t really thought that far ahead yet. Not a big deal though as I could just replicate the old pw policies in OpenDJ through whatever method is available there.

    The passwords themselves….I think I have another way to load those if they don’t sync.

    Thanks for the link to the lsc-project….that looks like it might do the trick for syncing data.

    Will there be any gotchas to watch out for when exporting/importing the schema? We also make heavy use of ACLs in Sun DS so I’ll have to figure that out too…. I can tell already this is going to be lots of fun. :)



    Sun DS 5.2 was the last version with a legacy password policy. In DS 6.x we’ve introduced a new password policy based on some IETF Internet Draft that I was working on, and some kind of backward compatibility options. In OpenDJ (and its legacy OpenDS) we dropped the compatibility option, to focus on managing password related operational attributes in a more predictable and efficient way. This said, password themselves are compatible (OpenDJ has a superset of password hash methods).
    ACI are compatible between SunDS and OpenDJ with some caveat : OpenDJ is much more strict with regards to the syntax of ACIs (and OpenDJ doesn’t support Macro ACIs). Same with Schema. My suggestion would be to try to import them in OpenDJ in a test environment and if some fails (most likely due to missing quotes or extra quotes), fix them in Sun DS. This will not change the behaviour but will make it easier to sync after.
    There are several ForgeRock customers that have done that migration. None of them found that really hard or tedious. So have fun ! ;-)


Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?