3.3 Upgrading eDirectory

Use the information in the following sections to ensure a smooth eDirectory upgrade in connection with upgrading NetWare to OES.

3.3.1 Do Not Install or Upgrade to eDirectory 8.8 Separately from OES

Because OES services are tightly integrated with eDirectory, both the services and eDirectory must be upgraded at the same time. The OES install is not designed to handle a separate installation or upgrade of eDirectory 8.8.

3.3.2 Choosing an Upgrade Strategy

There are several basic strategies for setting up eDirectory on OES or upgrading to the OES platform:

Transferring eDirectory to a New Server

If your current tree is meeting your needs, the simplest upgrade method is to transfer an existing NetWare server to a new OES server.

Use the OES Migration Tool for this purpose, specifically the Identity Transfer functionality. For more information, see Transfer ID Migration in the OES 2023: Migration Tool Administration Guide.

Starting Fresh with OES

This is a good choice if you are unhappy with your existing tree (the tree hasn't kept up with organizational changes and growth). Moving to OES provides an opportunity to update the tree by starting from scratch. You might consider consolidating more services while adding new OES servers. Some Novell customers have incorporated specialty trees, such as an identity vault on SLES rather than on OES.

In cases where eDirectory or the operating system and services are outdated, it sometimes makes sense to just redo the whole environment (new tree design, partitioning, replication strategies, newer utilities/services) rather than port the existing structure.

The single biggest issue in many organizations is that NetWare and eDirectory haven't been patched, so starting fresh is the easier option. This is true of file and print as well. Most customers who use this strategy are moving to OES from NetWare 5 and NDS 6 (which is limited to 1500 users).

Adding a branch to an existing tree

Some Novell customers transfer objects to a new OES branch and then gradually retire the older NetWare branch. By adding a branch, it's easier to drag and drop users and login scripts, certificates, and PKI so they don't need to be re-created.

Manual Upgrade Using Replicas

If all you want to do is copy the existing eDirectory information from a NetWare server to a new OES server, without the OES server assuming the NetWare server's identity, you can move objects to a new OES branch and then gradually retire the older NetWare branch. When you've added a branch, it's easy to drag and drop users and login scripts, certificates, and PKI so they don't need to be re-created.

  1. Create a new OES server with a new eDirectory 8.8 tree.

  2. Create an eDirectory replica on the target OES server by attaching it to the same replica ring as the source NetWare server.

    This creates two instances of eDirectory in the environment. The OES Migration Tool does a non-destructive move of all services, and it needs both servers with their respective directories up and running.

  3. Allow the OES eDirectory installation to synchronize.

    If necessary, you can rework the layout of your tree structure, remap the location of all user objects in your new tree, and delete any user objects that are no longer needed.

  4. When eDirectory synchronization of the replica is complete, move the impacted services with the OES Migration Tool.

  5. Retire the older NetWare server.

Except where dependencies exist, there is no required order for moving services in the same tree. An example of a dependency would be that the Archive and Versioning service depends on the file system.

3.3.3 Moving, Creating, or Importing eDirectory Users

If you have opted to create a new tree, you need to decide how to move user objects from one tree to another. Several options are available:

Using Novell Identity Manager

One method is setting up a Novell Identity Manager connection between your old tree and your new one. This lets you easily synchronize user objects to the new tree. You can also use Identity Manager to remap the location of all user objects in your new tree.

Creating and Importing an LDIF file

Create an LDIF file containing user objects and use iManager to import it. Configure the LDIF file so it creates a Users' organization container and then places an object for each user in it.

IMPORTANT:Replica and partition information cannot be imported by using an LDIF file.

Using the OES Migration Tool

If you are creating a new tree, the Migration Tool can not only move the data but also create new users in the tree and match them to the data being moved. It can also match up users and trustees in the old tree with those in the new tree.

It is probably easiest to create the new users by using one of the other methods and then match them up through the Migration Tool.