I'm doing much the same thing -- from an NDS 6.21 single master setup, ideally
to a 389 dual master setup. I have the same situation with critical production
servers and also plan to replicate my way through the upgrade.
I ran into two big caveats:
1) schema
I was not able to simply move my 99user.ldif (custom schema) file from NDS to
389. I ended up chopping up the migrate-ds.pl script and the DSMigration module
to only migrate schema. I used the resulting 99user.ldif as a 98mycompany.ldif
in 389. When I changed some schema in 389 all my custom schema landed in
99user.ldif and I was able to delete my 98mycompany.ldif.
2) syntax checking
Many entries from NDS 6.2 failed to import into 389. (Per Rich, NDS 6.2 has no
syntax checking.) My issues here were:
a) incorrect schema for the data type
In one instance whoever set up the NDS 6.2 directory had used the "DN" data
type for something which was really just a string. When I corrected that six
figures of ldif entries could move into 389. I had a few more similar things
revolving around how some entries will import as a DirectoryString but not as
IA5String.
b) dirty data in NDS 6.2
389 won't accept blank entries, base64-encoded spaces (" "), and other
incorrect syntax which NDS 6.2 accepted. I had to clean a bunch of those from
my dump.ldif before they would cleanly import. I'm not sure how well I'll be
able to replicate entries if the source has invalid syntax.
I'm still trucking along with it here. So far 389 is very pleasant to deal
with, in contrast with NDS.
On Thu, Mar 25, 2010 at 12:05:04PM +0000, Nick Brown wrote:
> Hi,
>
> I have been given a bunch of old Netscape 6.2 servers that need
> replacing with 389 Directory server, is it possible to have a Netscape
> 6.2 master and a 389 Directory server replicating between each other?
>
> The current setup consists of 2 Netscape Multimasters and 7 slaves, I
> think the easiest solution would be to build 2 389 Masters with 389
> slaves and have at least one of each Masters replicating between each
> other. Then to move the applications to the new platform the clients
> just need to change the IP they are talking to, then we always have the
> option of moving back if there are any problems.
>
> Does this sound like a sensible way to do it? The Netscape boxes are
> actually critical production boxes so we can afford very little downtime
> if any, and if we have the 2 setups replicating to each other the
> rollback plan is easy - otherwise we will need to somehow log all
> changes and manually apply those either way to keep everything in sync
> when we cutover and rollback.
>
> I'm rather new to LDAP so its a steep learning curve!
>
> Thanks in advance for any pointers.
>
> Nick.
> --
> 389 users mailing list
> 389-us...@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
