Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 73865108D0 for ; Tue, 4 Jun 2013 15:26:10 +0000 (UTC) Received: (qmail 40113 invoked by uid 500); 4 Jun 2013 15:26:09 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 39845 invoked by uid 500); 4 Jun 2013 15:26:08 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 39832 invoked by uid 99); 4 Jun 2013 15:26:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Jun 2013 15:26:07 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of elecharny@gmail.com designates 209.85.214.51 as permitted sender) Received: from [209.85.214.51] (HELO mail-bk0-f51.google.com) (209.85.214.51) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Jun 2013 15:26:02 +0000 Received: by mail-bk0-f51.google.com with SMTP id ji2so244701bkc.38 for ; Tue, 04 Jun 2013 08:25:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=Y44qrt1KSWBml2YIA9jzXSLuueFcAuZFX2+DlLUsX+w=; b=NNp97ZHrohxg2eOtnr52oGOD1uVuAWQBy3E2fjyiwyjEgZ9bErVaXeHournZkbfZgp IhGqI0n64XsBafb3GAtpYsXBe7svKRUKqkE0ttGzqztriFfKfj3UhCCNNWO4fwar5YzA e9nrqGy7lOgSJNVx0cGDaTnwjkGayAL7YHRBlqJtv/b1p7egTLlpbqTFXCIbauRYMS9X C6mqe4lwPxKhsE+TFiPHmoOULJkEfd35FVLX5HMePlbglTskoODN7CgCrQAXIf7qN0aT g1gcXfN1snQZgMlx22HTStVQexxp3a0T/1iUPCUxGvAgBb5wtPHBFHQKjRjVs6gVH+Mi uwGQ== X-Received: by 10.204.231.137 with SMTP id jq9mr6346191bkb.150.1370359540464; Tue, 04 Jun 2013 08:25:40 -0700 (PDT) Received: from Emmanuels-MacBook-Pro.local (lon92-10-78-226-4-211.fbx.proxad.net. [78.226.4.211]) by mx.google.com with ESMTPSA id es13sm23384534bkc.8.2013.06.04.08.25.39 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 04 Jun 2013 08:25:39 -0700 (PDT) Message-ID: <51AE06F2.1000101@gmail.com> Date: Tue, 04 Jun 2013 17:25:38 +0200 From: =?UTF-8?B?RW1tYW51ZWwgTMOpY2hhcm55?= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: users@directory.apache.org Subject: Re: Migrating from iPlanet to ApacheDS 2.0 server - Issue References: <51ADF146.4010605@gmail.com> <51ADFF42.7010806@pingtoo.com> In-Reply-To: <51ADFF42.7010806@pingtoo.com> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Le 6/4/13 4:52 PM, Brian Burch a écrit : > On 04/06/13 14:53, Emmanuel Lécharny wrote: >> Le 6/4/13 8:36 AM, Titus Rakkesh a écrit : >>> Dear All, >> >> Hi, >> >>> We have a live application which was running in iPlanet directory >>> server for the last 5 years and the LDAP is having around 3 million >>> user >>> info stored in. Currently we are in a need of getting the clone of that >>> LDAP and migrate to ApacheDS 2.0 one. Simply saying our requirement >>> is to >>> migrate all objects(schemas, roles, administrator accounts, Full >>> User Store >>> data and everything) to ApacheDS. After the migration, we should be >>> able to >>> redirect the application requests to the new LDAP without changing >>> application code. >>> >>> Pls direct us how we can do this? >> The first thing is to see if the schema you are using on iPlanet is >> compatible with ApacheDS schema. This may require a bit of tuning. The >> second step would be to inject the 3 millions of entries into apacheds, >> which may take a while, with the current version (expect around 5 to 20 >> hours, depending on which kind of disk and system you use). > > I migrated a fairly complex iPlanet directory to apacheDS 1.5 several > years ago. > > I clearly and painfully remember the most difficult task was setting > up new ACI's to properly replicated all the different permissions I > had in the iPlanet directory. The syntax and semantics are very > different. I did all my setup by creating individual ldif files, so > that I could experiment and test the outcome of the rules one by one. > > I already had all of my custom schema definitions as ldif's. Many of > them did not translate easily from iPlanet, but I could convert, > experiment and test those one by one too. > > Studio might be good for moving the people entries, but I recommend > building a set of ldifs to create the tree structure. > > I can remember having issues with some groups too, but nothing was too > difficult to convert successfully. > > My original iPlanet directory used master-slave replication. ApacheDS > 1.5 didn't have this feature working at the time, so I reverted to a > single master directory and implemented a snapshot backup regime. I > have not felt the need to experiment with replication on the 2.0 > milestones. In fact, I haven't yet felt the need to upgrade to 2.0, > although I'm watching each milestone with interest and intend to use > it soon. > > I preferred to move from one java directory implementation to another. > At the time, I didn't feel conversion to openldap would have been any > simpler - although I can't be certain that I was correct. > > Good luck, Many thanks for this feedback, Brian ! FTR, how many entries do you have in your server ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com