Le 6/4/13 4:52 PM, Brian Burch a écrit : > On 04/06/13 14:53, Emmanuel Lécharny wrote: >> Le 6/4/13 8:36 AM, Titus Rakkesh a écrit : >>> Dear All, >> >> Hi, >> >>> We have a live application which was running in iPlanet directory >>> server for the last 5 years and the LDAP is having around 3 million >>> user >>> info stored in. Currently we are in a need of getting the clone of that >>> LDAP and migrate to ApacheDS 2.0 one. Simply saying our requirement >>> is to >>> migrate all objects(schemas, roles, administrator accounts, Full >>> User Store >>> data and everything) to ApacheDS. After the migration, we should be >>> able to >>> redirect the application requests to the new LDAP without changing >>> application code. >>> >>> Pls direct us how we can do this? >> The first thing is to see if the schema you are using on iPlanet is >> compatible with ApacheDS schema. This may require a bit of tuning. The >> second step would be to inject the 3 millions of entries into apacheds, >> which may take a while, with the current version (expect around 5 to 20 >> hours, depending on which kind of disk and system you use). > > I migrated a fairly complex iPlanet directory to apacheDS 1.5 several > years ago. > > I clearly and painfully remember the most difficult task was setting > up new ACI's to properly replicated all the different permissions I > had in the iPlanet directory. The syntax and semantics are very > different. I did all my setup by creating individual ldif files, so > that I could experiment and test the outcome of the rules one by one. > > I already had all of my custom schema definitions as ldif's. Many of > them did not translate easily from iPlanet, but I could convert, > experiment and test those one by one too. > > Studio might be good for moving the people entries, but I recommend > building a set of ldifs to create the tree structure. > > I can remember having issues with some groups too, but nothing was too > difficult to convert successfully. > > My original iPlanet directory used master-slave replication. ApacheDS > 1.5 didn't have this feature working at the time, so I reverted to a > single master directory and implemented a snapshot backup regime. I > have not felt the need to experiment with replication on the 2.0 > milestones. In fact, I haven't yet felt the need to upgrade to 2.0, > although I'm watching each milestone with interest and intend to use > it soon. > > I preferred to move from one java directory implementation to another. > At the time, I didn't feel conversion to openldap would have been any > simpler - although I can't be certain that I was correct. > > Good luck,
Many thanks for this feedback, Brian ! FTR, how many entries do you have in your server ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
