On 04/06/13 16:25, Emmanuel Lécharny wrote:
Le 6/4/13 4:52 PM, Brian Burch a écrit :
On 04/06/13 14:53, Emmanuel Lécharny wrote:
Le 6/4/13 8:36 AM, Titus Rakkesh a écrit :
Dear All,
Hi,
We have a live application which was running in iPlanet directory
server for the last 5 years and the LDAP is having around 3 million
user
info stored in. Currently we are in a need of getting the clone of that
LDAP and migrate to ApacheDS 2.0 one. Simply saying our requirement
is to
migrate all objects(schemas, roles, administrator accounts, Full
User Store
data and everything) to ApacheDS. After the migration, we should be
able to
redirect the application requests to the new LDAP without changing
application code.
Pls direct us how we can do this?
The first thing is to see if the schema you are using on iPlanet is
compatible with ApacheDS schema. This may require a bit of tuning. The
second step would be to inject the 3 millions of entries into apacheds,
which may take a while, with the current version (expect around 5 to 20
hours, depending on which kind of disk and system you use).
I migrated a fairly complex iPlanet directory to apacheDS 1.5 several
years ago.
I clearly and painfully remember the most difficult task was setting
up new ACI's to properly replicated all the different permissions I
had in the iPlanet directory. The syntax and semantics are very
different. I did all my setup by creating individual ldif files, so
that I could experiment and test the outcome of the rules one by one.
I already had all of my custom schema definitions as ldif's. Many of
them did not translate easily from iPlanet, but I could convert,
experiment and test those one by one too.
Studio might be good for moving the people entries, but I recommend
building a set of ldifs to create the tree structure.
I can remember having issues with some groups too, but nothing was too
difficult to convert successfully.
My original iPlanet directory used master-slave replication. ApacheDS
1.5 didn't have this feature working at the time, so I reverted to a
single master directory and implemented a snapshot backup regime. I
have not felt the need to experiment with replication on the 2.0
milestones. In fact, I haven't yet felt the need to upgrade to 2.0,
although I'm watching each milestone with interest and intend to use
it soon.
I preferred to move from one java directory implementation to another.
At the time, I didn't feel conversion to openldap would have been any
simpler - although I can't be certain that I was correct.
Good luck,
Many thanks for this feedback, Brian !
FTR, how many entries do you have in your server ?
Only a few hundred. The complexity comes from the fact that I designed
and created the original iPlanet directory for a customer with many
thousand entries and a sophisticated set of applications. I used the
same schema and architecture for my own installation because it allowed
me to develop and test away from their production environment. (I no
longer work for that organisation, but I believe they attempted to fold
the data and functions into Novell Directory and Microsoft ADS. I do not
know whether that effort was successful.)
I spent quite a lot of time working with Fedora Directory when the
product was taken over from iPlanet, but I never got it working to my
satisfaction... the more troublesome issues were associated with iPlanet
Certificate Management System, but I have subsequently migrated my own
CA to OpenSSL.
Regards,
Brian
