directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Burch <>
Subject Re: Migrating from iPlanet to ApacheDS 2.0 server - Issue
Date Tue, 04 Jun 2013 14:52:50 GMT
On 04/06/13 14:53, Emmanuel Lécharny wrote:
> Le 6/4/13 8:36 AM, Titus Rakkesh a écrit :
>> Dear All,
> Hi,
>>      We have a live application which was running in iPlanet directory
>> server for the last 5 years and the LDAP is having around 3 million user
>> info stored in. Currently we are in a need of getting the clone of that
>> LDAP and migrate to ApacheDS 2.0 one. Simply saying our requirement is to
>> migrate all objects(schemas, roles, administrator accounts, Full User Store
>> data and everything) to ApacheDS. After the migration, we should be able to
>> redirect the application requests to the new LDAP without changing
>> application code.
>> Pls direct us how we can do this?
> The first thing is to see if the schema you are using on iPlanet is
> compatible with ApacheDS schema. This may require a bit of tuning. The
> second step would be to inject the 3 millions of entries into apacheds,
> which may take a while, with the current version (expect around 5 to 20
> hours, depending on which kind of disk and system you use).

I migrated a fairly complex iPlanet directory to apacheDS 1.5 several 
years ago.

I clearly and painfully remember the most difficult task was setting up 
new ACI's to properly replicated all the different permissions I had in 
the iPlanet directory. The syntax and semantics are very different. I 
did all my setup by creating individual ldif files, so that I could 
experiment and test the outcome of the rules one by one.

I already had all of my custom schema definitions as ldif's. Many of 
them did not translate easily from iPlanet, but I could convert, 
experiment and test those one by one too.

Studio might be good for moving the people entries, but I recommend 
building a set of ldifs to create the tree structure.

I can remember having issues with some groups too, but nothing was too 
difficult to convert successfully.

My original iPlanet directory used master-slave replication. ApacheDS 
1.5 didn't have this feature working at the time, so I reverted to a 
single master directory and implemented a snapshot backup regime. I have 
not felt the need to experiment with replication on the 2.0 milestones. 
In fact, I haven't yet felt the need to upgrade to 2.0, although I'm 
watching each milestone with interest and intend to use it soon.

I preferred to move from one java directory implementation to another. 
At the time, I didn't feel conversion to openldap would have been any 
simpler - although I can't be certain that I was correct.

Good luck,


>> Will this possible with Apache Directory Studio Tool?
> Ldap Studio is just an agnostic LDAP tool, so yes, it should be possible.
> You may talk to Kiran (see
> if you need some
> quick help.

View raw message