Good to hear as we are also looking at doing this. I fear I may have a
real nightmare though as it seems schema checking was disabled on the
Netscape boxes when it was migrated from openldap many years back and
never turned back on! No doubt there will be all sorts of mess stuffed
into our LDAP database. with no schema checking OR syntax checking :(
Christopher Wood wrote:
I'm doing much the same thing -- from an NDS 6.21 single master
setup, ideally to a 389 dual master setup. I have the same situation with critical
production servers and also plan to replicate my way through the upgrade.
I ran into two big caveats:
I was not able to simply move my 99user.ldif (custom schema) file from NDS to 389. I
ended up chopping up the migrate-ds.pl script and the DSMigration module to only migrate
schema. I used the resulting 99user.ldif as a 98mycompany.ldif in 389. When I changed some
schema in 389 all my custom schema landed in 99user.ldif and I was able to delete my
2) syntax checking
Many entries from NDS 6.2 failed to import into 389. (Per Rich, NDS 6.2 has no syntax
checking.) My issues here were:
a) incorrect schema for the data type
In one instance whoever set up the NDS 6.2 directory had used the "DN" data
type for something which was really just a string. When I corrected that six figures of
ldif entries could move into 389. I had a few more similar things revolving around how
some entries will import as a DirectoryString but not as IA5String.
b) dirty data in NDS 6.2
389 won't accept blank entries, base64-encoded spaces (" "), and other
incorrect syntax which NDS 6.2 accepted. I had to clean a bunch of those from my dump.ldif
before they would cleanly import. I'm not sure how well I'll be able to replicate
entries if the source has invalid syntax.
I'm still trucking along with it here. So far 389 is very pleasant to deal with, in
contrast with NDS.
On Thu, Mar 25, 2010 at 12:05:04PM +0000, Nick Brown wrote:
> I have been given a bunch of old Netscape 6.2 servers that need
> replacing with 389 Directory server, is it possible to have a Netscape
> 6.2 master and a 389 Directory server replicating between each other?
> The current setup consists of 2 Netscape Multimasters and 7 slaves, I
> think the easiest solution would be to build 2 389 Masters with 389
> slaves and have at least one of each Masters replicating between each
> other. Then to move the applications to the new platform the clients
> just need to change the IP they are talking to, then we always have the
> option of moving back if there are any problems.
> Does this sound like a sensible way to do it? The Netscape boxes are
> actually critical production boxes so we can afford very little downtime
> if any, and if we have the 2 setups replicating to each other the
> rollback plan is easy - otherwise we will need to somehow log all
> changes and manually apply those either way to keep everything in sync
> when we cutover and rollback.
> I'm rather new to LDAP so its a steep learning curve!
> Thanks in advance for any pointers.
> 389 users mailing list
389 users mailing list