directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Migrating from iPlanet to ApacheDS 2.0 server - Issue
Date Tue, 04 Jun 2013 15:25:38 GMT
Le 6/4/13 4:52 PM, Brian Burch a écrit :
> On 04/06/13 14:53, Emmanuel Lécharny wrote:
>> Le 6/4/13 8:36 AM, Titus Rakkesh a écrit :
>>> Dear All,
>>
>> Hi,
>>
>>>      We have a live application which was running in iPlanet directory
>>> server for the last 5 years and the LDAP is having around 3 million
>>> user
>>> info stored in. Currently we are in a need of getting the clone of that
>>> LDAP and migrate to ApacheDS 2.0 one. Simply saying our requirement
>>> is to
>>> migrate all objects(schemas, roles, administrator accounts, Full
>>> User Store
>>> data and everything) to ApacheDS. After the migration, we should be
>>> able to
>>> redirect the application requests to the new LDAP without changing
>>> application code.
>>>
>>> Pls direct us how we can do this?
>> The first thing is to see if the schema you are using on iPlanet is
>> compatible with ApacheDS schema. This may require a bit of tuning. The
>> second step would be to inject the 3 millions of entries into apacheds,
>> which may take a while, with the current version (expect around 5 to 20
>> hours, depending on which kind of disk and system you use).
>
> I migrated a fairly complex iPlanet directory to apacheDS 1.5 several
> years ago.
>
> I clearly and painfully remember the most difficult task was setting
> up new ACI's to properly replicated all the different permissions I
> had in the iPlanet directory. The syntax and semantics are very
> different. I did all my setup by creating individual ldif files, so
> that I could experiment and test the outcome of the rules one by one.
>
> I already had all of my custom schema definitions as ldif's. Many of
> them did not translate easily from iPlanet, but I could convert,
> experiment and test those one by one too.
>
> Studio might be good for moving the people entries, but I recommend
> building a set of ldifs to create the tree structure.
>
> I can remember having issues with some groups too, but nothing was too
> difficult to convert successfully.
>
> My original iPlanet directory used master-slave replication. ApacheDS
> 1.5 didn't have this feature working at the time, so I reverted to a
> single master directory and implemented a snapshot backup regime. I
> have not felt the need to experiment with replication on the 2.0
> milestones. In fact, I haven't yet felt the need to upgrade to 2.0,
> although I'm watching each milestone with interest and intend to use
> it soon.
>
> I preferred to move from one java directory implementation to another.
> At the time, I didn't feel conversion to openldap would have been any
> simpler - although I can't be certain that I was correct.
>
> Good luck,

Many thanks for this feedback, Brian !


FTR, how many entries do you have in your server ?

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com 


Mime
View raw message