I'm doing much the same thing -- from an NDS 6.21 single master setup, ideally to a
389 dual master setup. I have the same situation with critical production servers and also
plan to replicate my way through the upgrade.
I ran into two big caveats:
1) schema
I was not able to simply move my 99user.ldif (custom schema) file from NDS to 389. I ended
up chopping up the migrate-ds.pl script and the DSMigration module to only migrate schema.
I used the resulting 99user.ldif as a 98mycompany.ldif in 389. When I changed some schema
in 389 all my custom schema landed in 99user.ldif and I was able to delete my
98mycompany.ldif.
2) syntax checking
Many entries from NDS 6.2 failed to import into 389. (Per Rich, NDS 6.2 has no syntax
checking.) My issues here were:
a) incorrect schema for the data type
In one instance whoever set up the NDS 6.2 directory had used the "DN" data type
for something which was really just a string. When I corrected that six figures of ldif
entries could move into 389. I had a few more similar things revolving around how some
entries will import as a DirectoryString but not as IA5String.
b) dirty data in NDS 6.2
389 won't accept blank entries, base64-encoded spaces (" "), and other
incorrect syntax which NDS 6.2 accepted. I had to clean a bunch of those from my dump.ldif
before they would cleanly import. I'm not sure how well I'll be able to replicate
entries if the source has invalid syntax.
I'm still trucking along with it here. So far 389 is very pleasant to deal with, in
contrast with NDS.
On Thu, Mar 25, 2010 at 12:05:04PM +0000, Nick Brown wrote:
Hi,
I have been given a bunch of old Netscape 6.2 servers that need
replacing with 389 Directory server, is it possible to have a Netscape
6.2 master and a 389 Directory server replicating between each other?
The current setup consists of 2 Netscape Multimasters and 7 slaves, I
think the easiest solution would be to build 2 389 Masters with 389
slaves and have at least one of each Masters replicating between each
other. Then to move the applications to the new platform the clients
just need to change the IP they are talking to, then we always have the
option of moving back if there are any problems.
Does this sound like a sensible way to do it? The Netscape boxes are
actually critical production boxes so we can afford very little downtime
if any, and if we have the 2 setups replicating to each other the
rollback plan is easy - otherwise we will need to somehow log all
changes and manually apply those either way to keep everything in sync
when we cutover and rollback.
I'm rather new to LDAP so its a steep learning curve!
Thanks in advance for any pointers.
Nick.
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users