This section provides information on how to use the command line to migrate a file system running on supported source servers to target server.
NOTE:All the migration commands must be run on the target server.
This section covers the following scenarios:
This section describes how to migrate file system data from source server to target server in the same eDirectory tree.
migfiles is command to migrate files and directories. If you need to modify the home directories of the migrated users, you also need to use mls, maptrustees, and migtrustees.
(Conditional) If you need to modify the home directories of the migrated users, run the following command:
mls
Run the migfiles command to copy the data from the source server to the target server.
(Conditional) If you need to modify the home directories of the migrated users, run the following commands in the order specified:
maptrustees
migtrustees
The following examples illustrate ways to use the various options available for the migration commands.
This command migrates all data from the Traditional or NSS volume SRCVOL1 on the source server with the IP address 192.168.1.3 to the target server’s TGTVOL1 volume with verbose output:
migfiles -s 192.168.1.3 -V SRCVOL1 -v TGTVOL1 -i
This command migrates data from the Traditional or NSS path DATA:impstuff on the source server with the IP address 192.168.1.3 to the stuff directory on the NSS volume NSS1 with verbose output:
migfiles -s 192.168.1.3 -V DATA:impstuff -x /media/nss/NSS1/stuff -i
This command migrates data from the Traditional or NSS volume named DATA on the source server with the IP address 192.168.1.3 to the newdir directory on the NCP volume NCP1 located at path /data/ncp1 without verbose output:
migfiles -s 192.168.1.3 -V DATA -x /data/ncp1/newdir
These commands migrate the VOL1 volume on source server 192.168.1.3 to the VOL1 volume on target server 192.168.1.4. The -H option in the maptrustees command is used to remap the home directories of the users to the target server.
Create a list of files and associated rights on the source volume:
mls -s 192.168.1.3 -V VOL1 > mls.yaml
Copy the data from the source volume to the target volume:
migfiles -s 192.168.1.3 -V VOL -x /media/nss/VOL1 -i
Map the trustees and home directories from the source server to the target server:
maptrustees -s 192.168.1.3 -H /media/nss/VOL1/users/--map-homedir-only mls.yaml> maptrustees.yaml
The -H option is a path to the base directory that includes all the home directories.
Migrate the information generated in the previous step:
migtrustees -d 192.168.1.4 -m maptrustees.yaml
If you have user space restrictions set on a source NSS volume, the restrictions are migrated to target NSS volumes if you do a full volume migration.
When the source server and target servers are in different eDirectory trees, your file system user and group trustees must be migrated from the source tree to the target tree, along with their associated data. The maptrustees and migtrustees commands are used to migrate users and groups assigned as trustees in the source tree to the target tree. Alternatively, you can use Novell Identity Manager to migrate the eDirectory users and groups, and then use the migmatchup command to match the user from the source server to the target server. Use the maprights and migrights commands only if the user and the group structure has changed during the migration.
The main command to use is migfiles. To map the trustees (users and groups) from the source tree to the target tree, you need to use mls, maptrustees, and migtrustees. If you are reorganizing the trustees (migrating to a different context), you also need to use mls, maprights, and migrights to map the trustee rights.
To migrate the data from a source NetWare server or OES server in one eDirectory tree to the target Linux server in another tree:
You can either migrate the source server trustees to the target server or map the source server trustees with the target server.
To migrate the trustees, run the following commands in the order shown:
mls maptrustees migtrustees
To map the trustees, run the following commands in the order shown:
mls
migmatchup
Run the migfiles command to copy the data from the source to the target server.
(Conditional) If you are migrating users and groups to a different context or matching the user with different name, run the following commands in the order shown:
maprights migrights
The following example shows how to migrate data from a source NetWare server in one tree to a target server in another tree. In this example, the target volumes are NSS volumes, and the users are to be migrated to the same context in the target tree.
Create a list of files and trustees on volume V1 on the source server with IP address 192.168.1.3:
mls -s 192.168.1.3 -V V1 > mls.yaml
Map the trustees on the source server and output the list to a file:
maptrustees -s 192.168.1.3 -H /media/nss/VOL1/users/ mls.yaml > maptrustees.yaml
The -H option replaces the home directory of the source server user with the new home directory specified by -H option. The -H option is a path to the base directory that includes all the home directories. If the users don’t have home directories, this option doesn’t need to be used.
Migrate the trustees to the target server:
migtrustees -d 192.168.1.67 --specific-password novell maptrustees.yaml
If you want to assign each user a random password, use --random-password option, it stores the passwords in a file. To avoid password theft, dispose of the password file in a secure manner after you have communicated the new passwords to their respective users.
(Conditional) When migrating to an NCP Linux volume, if you want to preserve file ownership in the target tree, you should LUM-enable the migrated users before continuing. For information about LUM-enabling users, see LUM Implementation Suggestions
in the Planning and Implementation Guide.
Migrate the data from source volume V1 to target NSS volume VOL1:
migfiles -s 192.168.1.3 -V V1 -x /media/nss/VOL1/ -i
After the users have been migrated (this only needs to be done once), additional data volumes can be migrated. Repeat Step 1 to Step 5 to migrate other volumes on the source server.
The maptrustees command includes a -k option that allows you to migrate users to a different context in the target tree. When you do this, the container hierarchy is flattened.
For example, suppose your source eDirectory tree looks like the one shown in Figure 16-1.
Figure 16-1 Source eDirectory Tree Structure
When the users are migrated to ou=test.o=novell, the resulting tree structure is shown in Figure 16-2.
Figure 16-2 Target eDirectory Tree Structure
The following example shows how to migrate data from a source server in one tree to a target server in another tree. In this example, the target volumes are NCP Linux volumes and the new user context is ou=new-context.o=company.
Create a list of files and trustees on volume SRCVOL on the source server with IP address 192.168.1.3:
mls -s 192.168.1.3 -V SRCVOL > mls.yaml
Map the trustees on the source server and output the list to a file:
maptrustees -s 192.168.1.3 -H /usr/novell/NCP1/homes/ -k 'ou=new-context,o=company' mls.yaml > maptrustees.yaml
The -H option replaces the home directory of the source server user with the new home directory specified by -H option. The -H option is a path to the base directory that includes all the home directories. If the users don’t have home directories, this option doesn’t need to be used.
Migrate the trustees to the target server:
migtrustees -d 192.168.1.67 --specific-password novell maptrustees.yaml
If you want to assign each user a random password, use --random-password option, it stores the passwords in a file. To avoid password theft, dispose of the password file in a secure manner after you have communicated the new passwords to their respective users.
(Conditional) When migrating to an NCP Linux volume, if you want to preserve file ownership in the target tree, you should LUM-enable the migrated users before continuing. For more information on LUM-enabling users, see LUM Implementation Suggestions
in the Planning and Implementation Guide.
Migrate the data from source volume SRCVOL to target NCP Linux volume NCP1:
migfiles -s 192.168.1.3 -V SRCVOL -x /usr/novell/NCP1/ -i --no-trustees
After the users have been migrated (this only needs to be done once), various data volumes can be migrated. Repeat Step 1 to Step 5 to migrate other volumes on the source server.
Map the trustee rights on the source server:
maprights -V SRCVOL -k ou=new-context,o=company -x /usr/novell/NCP1/ mls.yaml > maprights.yaml
Migrate the trustee rights to the target server:
migrights -i maprights.yaml
Repeat Step 1, Step 6, and Step 7 to migrate trustee rights for each source volume being migrated.
The following example shows how to migrate data from a source NetWare server in one tree to a target server in another tree. In this example, the target volume is an NSS volume, and the users have already been migrated by using tools like NetIQ Identity Manager so that they now reside in different contexts in the target tree. In this example, the migration tool is used only to migrate the data and map the trustees correctly.
Create a list of files and trustees on volume V1 on the source server with IP address 192.168.1.3:
mls -s 192.168.1.3 -V V1 > mls.yaml
Match the users on the source server to the users on the target server:
migmatchup -s 192.168.1.3 -d 192.168.1.67 -k 'ou=re-org,o=company' mls.yaml > migmatchup.yaml
migmatchup searches for the trustees in their source context. If it doesn't find a matching trustee, it searches the container specified with the -k option recursively and matches the first trustee with the same name. If the trustee with the same name is not found, it is not matched.
If the trustee name is changed, then the output of migmatchup can be edited so that each source trustee is mapped to the corresponding user on the target tree.
(Conditional) When you are migrating to a NCP Linux volume, if you want to preserve file ownership in the target tree, you should LUM-enable the migrated users before continuing. For more information on LUM-enabling users, see LUM Implementation Suggestions
in the Planning and Implementation Guide.
Migrate the data from source volume SRCVOL to target NSS volume TGTVOL:
migfiles -s 192.168.1.3 -V SRCVOL -x /media/nss/TGTVOL/ -i --no-trustees
After the users have been migrated (this only needs to be done once), various data volumes can be migrated. Repeat Step 1 to Step 4 migrate other volumes on the source server.
Map the trustee rights on the source server:
maprights -V SRCVOL --matchup-file migmatchup.yaml -x /media/nss/TGTVOL/ mls.yaml > maprights.yaml
Migrate the trustee rights to the target server:
migrights -i maprights.yaml
Repeat Step 5 and Step 6 to migrate trustee rights for each source volume being migrated.
Following are the limitations when performing tree-to-tree migrations:
If users have home directories on a volume that is migrated, the Home Directory attribute is changed only for users who are assigned as trustees or belong to the groups that are assigned as trustees.
If the maptrustees and migtrustees commands are used to migrate the users then the following User Object attributes are migrated:
Common Name (CN)
Country
Description (description)
E-mail Address (mail)
Fax Number (facsimileTelephoneNumber)
Full Name (fullName)
Generational Qualifier (generationQualifier)
Given Name (givenName)
Initials (initials)
Language (Language)
Locality Name (l)
Lockout After Detection (lockedByIntruder)
Login Allowed Time (loginAllowedTimeMap)
Login Disabled (loginDisabled)
Login Expiration Time (loginExpirationTime)
Login Grace Limit (loginGraceLimit)
Login Grace Remaining (loginGraceRemaining)
Login Intruder Limit (loginIntruderAttempts)
Login Maximum Simultaneous (loginMaximumSimultaneous)
Login Script (loginScript)
Network Address Restriction (networkAddressRestriction)
Organizational Name (o)
Organizational Unit Name (ou)
Password Allow Change (passwordAllowChange)
Password Expiration Interval (passwordExpirationInterval)
Password Expiration Time (passwordExpirationTime)
Password Minimum Length (passwordMinimumLength)
Password Required (passwordRequired)
Password Unique Required (passwordUniqueRequired)
Physical Delivery Office Name (physicalDeliveryOfficeName)
Post Office Box (postOfficeBox)
Postal Address (postalAddress)
Postal Code (postalCode)
State or Province Name (st)
Street Address (street)
Surname (sn)
Telephone Number (telephoneNumber)
Title (title)
When LUM-enabled users are migrated to a new tree, they are no longer LUM-enabled.
Data and trustee migration in NSS AD environment is not supported.
This section provides information on migrating data from source NSS volumes to a POSIX file system such as EXT3 or Reiser on a target server.
In this type of migration, eDirectory users and groups are migrated to POSIX. The useradd and groupadd commands are used to create the POSIX users and groups corresponding to their eDirectory equivalents, and the NetWare file attributes are mapped to the POSIX rwx permissions.
Objects in eDirectory with an objectClass of Organization, groupOfNames, or organizationUnit are mapped to POSIX groups. Those with objectClass organizationalPerson are mapped to POSIX users.
Because POSIX user and group names are more restrictive than eDirectory object names, the following conventions are used to map the common name (cn) of the objects to POSIX:
Names with 32 or more characters are truncated to 31 characters in length.
Characters not belonging to the POSIX portable character class ([A-Za-z_] [A-Za-z0-9_-.] * [A-Za-z0-9_-.$]) are replaced by an underscore ( _ ) character.
For more details about POSIX names, see the man page for the useradd command.
NetWare file attributes are mapped as shown in Table 16-2.
Table 16-2 Mapping NetWare Attributes to POSIX Permissions
NetWare Attribute |
POSIX Permissions |
---|---|
No attributes set |
rw_ ___ ___ |
Read Only and Hidden |
___ ___ ___ |
Read Only |
r__ ___ ___ |
Hidden |
_w_ ___ ___ |
For directories, the execute bit for the owner is set.
NOTE:These mappings are based on NetWare attributes, not trustee rights. Administrators should evaluate the post-migration POSIX permissions and make adjustments as necessary to maintain suitable data security for users.
Run the migfiles command to copy the data from the source to the target server.
(Conditional) If you need to modify the home directories of the migrated users, run the following three commands in the order specified:
mls maptrustees migtrustees
Run the following commands in the order shown:
mls maprights migrights
The following example shows how to migrate data to a POSIX file system.
Create a list of files and trustees on volume SRCVOL:
mls -s 192.168.1.3 -V SRCVOL > mls.yaml
Map the trustees on the source server and output the list to a file:
maptrustees -s 192.168.1.3 -p -H /data/home/ mls.yaml > maptrustees.yaml
The -H option replaces the home directory of the source server user with the new home directory specified by -H option. The -H option is a path to the base directory that includes all the home directories. If the users don’t have home directories, this option doesn’t need to be used.
Migrate the trustees to the target server:
migtrustees -p --specific-password novell maptrustees.yaml
If you want to assign users with random password, use the --random-password option, it stores the new passwords in an output file. To avoid password theft, dispose of the password file in a secure manner after you have communicated the new passwords to their respective users.
Migrate the data from the volume SRCVOL on the source server with IP address 192.168.1.3 to the target POSIX path:
migfiles -s 192.168.1.3 -V SRCVOL -x /path/to/copy --no-trustees -pi
Substitute the desired target POSIX path for /path/to/copy.
Users must be migrated before migrating data volumes. Repeat Step 1 to Step 3 for migrating trustees.
Map the trustee rights on the source server:
maprights -p -V SRCVOL1 -x /path/to/copy -m maptrustees.yaml mls.yaml > maprights.yaml
Migrate the trustee rights to the target server:
migrights -p maprights.yaml
Repeat Step 4, Step 5, and Step 6 for each source volume being migrated.
Sparse files are copied as normal files when migrated from NSS to POSIX. This is because of a known limitation from the POSIX perspective. Sparse files are generally supported on restore by restoring the data areas to sparse locations in the file system. The file system then determines whether or not to preserve the sparse nature of the file. POSIX file systems do not preserve the sparse nature of sparse files.
The migration tool include several command line tools for file system migrations. Each tool performs a subtask of the migration by taking the required input and outputting the converted output or results to stdout. Table 16-3 lists the commands that are available for file system migrations.
Table 16-3 File System Migration Commands
Command |
Description |
---|---|
Lists all files in source NSS path, with associated trustees, rights, and quotas. |
|
Matches users and groups from the source server to the target server. |
|
Maps users and groups from the source server to the target server specifications. |
|
Creates users and groups on the target server based on the output generated by the maptrustees command. |
|
Copies files and folders from a source server to a target server. |
|
Maps NetWare NSS/Traditional or OES NSS file system rights to OES 2015 or later file system rights. |
|
Sets file rights on the target server as defined by the output from the maprights command. |
|
Establishes persistent credentials for the migration utilities. |
The sections that follow discuss these commands and their options in greater detail. You can also refer to the respective man page for each command or use the -h (--help) and --usage options.
The mls command lists files and associated trustees, rights, and quotas from source servers. The output from this command is used as input for both maprights and maptrustees.
To gather the required information for NetWare Traditional or NSS volumes, mls copies tcnvlnx.nlm to the NetWare server. To gather this information for OES NSS volumes, it uses the.trustee_database.xml file in the ._NETWARE directory.
mls -s -V|-X [--continue-after-failover] [-e] [-c] [--precheck] [--update-ifnewer] [--progress] [--progress-interval] [--use-casa] [--source-unsecure-ldap] [--source-ldap-port] [--debug] [--modified-after] [--modified-before] [--accessed-after] [--accessed-before] [--no-dirquotas] [--no-userquotas]
Option |
Long Form |
Purpose |
---|---|---|
-s |
--source-server |
Specifies the source server’s IP address. Example: -s 192.168.1.3 |
-V |
--source-path |
Specifies the volume or directory path to use on the source server. Examples: -V NSSVOL -V VOL1:/apps/data |
-X |
--source-full-path |
Indicates the full path of the volume to use on the source server. |
|
--continue-after-failover |
Specifies that mls continues migration after a resource failover. |
-e |
--exclude |
Excludes filter on files to be copied. Use this multiple times for excluding multiple file types (eg. -e "*.mp3" -e "*.tmp"). |
|
[--use-casa] |
Uses OCS to store and retrieve usernames and passwords. |
|
--source-unsecure-ldap |
Uses unsecure LDAP connection for all LDAP calls. By default mls uses secure LDAP. |
|
--source-ldap-port |
Uses the specified port for LDAP calls. By default, it uses port number 389 for unsecure LDAP and 636 for secure LDAP. |
[-c] |
--session-file --progress --progress-interval --debug --precheck |
These options are explained in the Additional Migration Options. |
|
--modified-after |
Scans files which are modified after this date. |
|
--modified-before |
Scans files which are modified before this date. |
|
--accessed-after |
Scans files which are accessed after this date. |
|
--accessed-before |
Scans files which are accessed before this date. |
|
--no-dirquotas |
Directory quota information is not listed. |
|
--no-userquotas |
User quota information is not listed. |
The migmatchup command uses input from the mls command to produce a mapping of users and groups from the source server to those on the target server. It uses ldapsearch to retrieve the user and group data from the source and destination LDAP server.
Objects can be excluded from migration by specifying them in the global /etc/opt/novell/migration/obj-exclude-list.conf file or a custom exclude file can be specified using the -E option. The global exclude file has entries to not migrate NetWare specific user like "cn=admin,ou=Tomcat-Roles,*". If a custom exclude file is specified then the global exclude file is not read.
migmatchup -s -d -k [-E] [-c] [--progress] [--progress-interval] [--debug] [--precheck] [--use-casa] [--source-unsecure-ldap] [--source-ldap-port] [--destination-unsecure-ldap] [--destination-ldap-port] <inputfile>
Option |
Long Form |
Purpose |
---|---|---|
-s |
--source-server |
Specifies the source server's IP address. |
-d |
--destination-server |
Specifies the target server's IP address. |
-k |
--destination-ldap-container |
Options to specify LDAP container to be searched for finding matching users and groups. |
-E |
--obj-exclude-file |
Excludes the objects listed in this file from migration. The entries can contain pattern with wild cards * and ?. Refer to the object exclude file /etc/opt/novell/migration/obj-exclude-list.conf for more details. |
-c |
--session-file --progress --progress-interval --debug --precheck |
These options are explained in the Additional Migration Options. |
|
[--use-casa] |
Uses OCS to store and retrieve usernames and passwords. |
|
--source-unsecure-ldap |
Uses unsecure LDAP connection for all LDAP calls. By default migfiles uses secure LDAP. |
|
--source-ldap-port |
Uses the specified port for LDAP calls. By default, it uses port number 389 for unsecure LDAP and 636 for secure LDAP. |
|
--destination-unsecure-ldap |
Uses unsecure LDAP connection for all LDAP calls. By default migfiles uses secure LDAP. |
|
--destination-ldap-port |
Uses the specified port for LDAP calls. By default, it uses port number 389 for unsecure LDAP and 636 for secure LDAP. |
|
inputfile |
Indicates the output file produced from the mls command from stdin. |
This example illustrates matching users and groups from source server to a target server:
migmatchup -s 192.168.1.3 -d 192.168.1.4 -k o=company mls.yaml
The maptrustees command maps the users and groups from the source server’s tree or domain to the target server’s specifications. It uses input from mls to produce and map user and group data from the source server. You must use maptrustees when migrating data to a different tree or when migrating users and groups to a different context.
By default, maptrustees maps users and groups into a new target tree. The target file server should be in the same tree as the LDAP target server. You can use the -k option to map users and groups into a single target container.
The maptrustees command can also be used to map users and groups to POSIX users and groups in /etc/passwd and /etc/group. It uses ldapsearch to retrieve the user and group data from the source LDAP server. The source LDAP server should be in the same tree as the source file server that produced the mls output.
maptrustees -s [-H] [--map-homedir-only] [-p] [-k] [--matchup-file] [-g] [-E] [--use-casa] [--source-unsecure-ldap] [--source-ldap-port] [--debug] [--precheck] [-c] [--progress] [--progress-interval] <inputfile>
Option |
Long Name |
Purpose |
---|---|---|
-s |
--source-server |
Specifies the source server’s IP address. Example: -s 192.168.1.3 |
[-H] |
--homedir |
Specifies the path to the directory for migrating user’s home directories. This option is used to map users’ home directories to the new path on the target server. Example: -H /media/nss/nssvol1/homedir |
|
[--map-homedir-only] |
This option is used when source and destination servers are in same tree. This option forces maptrustees to generate only home directory information of users, so that migtrustees can just modify home directories of users. You must also pass --homedir(-H) option along with this option. |
[-p] |
[--posix] |
Maps users and groups to /etc/passwd and /etc/group on the OES server. Default is LDAP, if no mapping option is specified. |
[-k] |
[--destination-ldap-container] |
Specifies the container where all users and groups are to be migrated. Example: -k ou=merged,o=company |
|
--matchup-file |
Specify a user matchup file as generated by migmatchup. |
[-g] |
[--primary-group] |
Specifies the primary POSIX group for migrated users. If not specified, the default primary group is “users.” Example: -g migrated-users The specified group must be created before you run the migtrustees command, because migtrustees does not create the group. |
|
[--use-casa] |
Uses OCS to store and retrieve usernames and passwords. |
|
--source-unsecure-ldap |
Uses unsecure LDAP connection for all LDAP calls. By default migfiles uses secure LDAP. |
|
--source-ldap-port |
Uses the specified port for LDAP calls. By default, it uses port number 389 for unsecure LDAP and 636 for secure LDAP. |
[-E] |
[--obj-exclude-file] |
Excludes from migration the objects listed in the specified file. Example: -E excludefile.txt If this option is used, the global exclude file is not read. See Excluding Objects for more information. |
[-c] |
--session-file --progress --progress-interval --debug --precheck |
These options are explained in the Additional Migration Options. |
|
inputfile |
Indicates the output file produced from the mls command or from stdin. |
This first example illustrates mapping users and groups to the same container in the target tree as in the source tree:
maptrustees -s 192.168.1.3 mls.yaml
The example assumes you have the same tree structure in the target tree as in the source tree.
This next example illustrates mapping users and groups to a new container in the target tree, using the output from the mls command:
maptrustees -s 192.168.1.3 -k ou=merged,o=company mls.yaml
A new container named ou=merged,o=company is created in the target tree, and all migrated users and groups are created within that container.
This third example illustrates mapping users to /etc/passwd and /etc/group in a POSIX environment and redirect the output to maptrustess.yaml file:
maptrustees -s 192.168.1.3 -p mls.yaml > maptrustees.yaml
When generating the list of users and groups to be mapped to the target tree, maptrustees reads the obj-exclude-list.conf file in the /etc/opt/novell/migration/ directory and excludes the eDirectory objects listed in that file.
The global exclude file includes entries for NetWare objects, such as cn=admin,ou=Tomcat-Roles.
If you find that objects are being migrated from your source eDirectory tree that you do not want to appear in the target tree, you can add the objects to the obj-exclude-list.conf file. Use fully distinguished object names in LDAP (comma-delimited) format. For example:
cn=testuser,ou=users,o=novell
NOTE:NCP Server objects that are assigned as file system trustees are not migrated in a tree-to-tree migration.
The migtrustees command uses input from maptrustees to create users and groups in the target tree. It uses ldapadd and ldapmodify to make the changes on the target LDAP server.
If the -p (--posix) option has been specified in maptrustees, migtrustees uses useradd and groupadd to create users and groups in /etc/passwd and /etc/group.
If the -g (--primary-group) option was specified in maptrustees, the specified group must already exist or it must be created before running migtrustees.
migtrustees -d [-i] [-A] [-m] [-p] [-r] [--use-casa] [--destination-unsecure-ldap] [--destination-ldap-port] [--debug] [--precheck] [-c] [--progress] [--progress-interval] [--specific-password] [--newusers-password-file] <inputfile>
Option |
Long Form |
Purpose |
---|---|---|
-d |
--destination-server |
Specifies the target server’s IP address (not needed for POSIX migrations). Example: -d 192.168.1.5 |
[-i] |
[--verbose] |
Prints verbose information regarding the user and group migration status. |
[-A] |
[--audit] |
Audits the results of the user and group migration. |
[-m] |
[--modify-existing] |
Modifies or updates users or groups if they already exist. If you do not include the -m option, the migtrustees command displays user exists errors if a User object being migrated is already present in the target eDirectory tree. In this case, no modifications are made to the User object in the target tree. |
[-p] |
[--posix] |
Creates POSIX users and groups on destination server. Default is LDAP. |
|
[--use-casa] |
Uses OCS to store and retrieve usernames and passwords. |
|
--destination-unsecure-ldap |
Uses unsecure LDAP connection for all LDAP calls. By default, migfiles uses secure LDAP. |
|
--destination-ldap-port |
Uses the specified port for LDAP calls. By default, it uses port number 389 for unsecure LDAP and 636 for secure LDAP. |
[-c] |
--session-file --progress --progress-interval --debug --precheck |
These options are explained in the Additional Migration Options. |
[-s] |
--specific-password |
Specify the password for newly created users. You must note the password so that it can be forwarded to individual users. If the specific password or random password option is not specified, then the users are created but locked until you assign a password. |
[-r] |
--random-password |
Generate random passwords for new users created on the target server. When using this option, you must always pass the --newusers-password-file option so that the randomly generated passwords and usernames are stored in the file. |
|
--newusers-password-file |
The newly created usernames along with passwords are stored in the file specified with this option. This option must be passed with the --random-password option. If the specified file exists, migtrustees appends the file else it creates a new file with read-only permission. |
|
inputfile |
Indicates the output file produced from the maptrustees command or from stdin. |
To migrate users and groups to a target tree, using an LDAP server with the IP address of 192.168.1.4 in the target tree:
migtrustees -d 192.168.1.4 -s novell maptrustees.yaml
To audit the outcome of a trustee migration:
migtrustees -d 192.168.1.4 -A -s novell maptrustees.yaml
To migrate users and groups to POSIX with verbose information:
migtrustees -i -p -s novell maptrustees.yaml
The migfiles command copies files from NetWare Traditional or NSS volumes to target NSS, NCP, or POSIX paths. It uses the Storage Management Services (SMS) framework to migrate file data and metadata.
When the migration is between two servers in the same eDirectory tree, migfiles copies the trustees and rights information along with the file data. When migrating data to a server in a different tree, migfiles copies only the file data. You must use other commands such as mls, maptrustees, migtrustees, maprights, and migrights to migrate the trustees and rights information.
migfiles -s [-p] [-i] -v|-x -V|-X [--continue-after-failover] [--disable-login] [-P] [-e] [--exclude-path] [-c] [--no-trustees] [--trustees-only] [--delete-existing-trustees] [--use-casa] [--source-unsecure-ldap] [--source-ldap-port] [--debug] [--precheck] [--progress] [--progress-interval] [--demigrate-files] [--never-overwrite] [--update-ifnewer] [--modified-after] [--modified-before] [--accessed-after] [--accessed-before] [--usecodeset] [--no-dirquotas] [--no-userquotas] [--sync] [--delete] [--delete-file-on-restore-error] [--ignore-quota-checking] [--trustees-dirs-only]
Option |
Long Form |
Purpose |
---|---|---|
-s |
--source-server |
Specifies the source server’s IP address. Example: -s 192.168.1.3 |
[-p] |
[--posix] |
Specifies that the target is a POSIX path. (If not specified, the default target type is NCP over POSIX.). |
[-i] |
[--verbose] |
Prints verbose file migration status. |
-V |
--source-path |
Specifies the source path, in VOLNAME or VOLNAME:/path format. Example: -V NSSVOL -V VOL:apps/data -V winshare |
@srcpathfile |
Specifies the source file that includes multiple source paths and is prefixed with a symbol (@). Example: -V @srcpathfile |
|
-v |
--destination-path |
Specifies the volume on the target server where the files are copied. This option cannot be used with the -x option. Example: -v VOL1 |
-x |
--destination-full-path |
Specifies the target path for copying NSS, NCP, or POSIX data. This option cannot be used with the -v option. Example: -x /media/nss/TEST |
@destpathfile |
Specifies the target file that includes corresponding target paths and is prefixed with a symbol (@). Example: -x @destpathfile |
|
-X |
--source-full-path |
Specifies the source path for copying NSS, NCP, or POSIX data. This option cannot be used with the -V option. Example: -X /media/nss/TEST |
|
--continue-after-failover |
Specifies that migfiles continue migration after a resource failover. |
|
--disable-login |
New logins to source server are disabled during data migration. |
--never-overwrite |
Do not overwrite files that already exist on the target server. |
|
[-e] |
[--exclude] |
Sets an exclude filter on files to be copied. Use this option multiple times to exclude multiple file types. Example: -e "*.mp3" -e "*.tmp" |
|
--exclude-path |
Excludes the directory with the specified source path from migration. Use this multiple times for excluding multiple directories or files. |
|
[--use-casa] |
Uses OCS to store and retrieve usernames and passwords. |
|
--source-unsecure-ldap |
Uses unsecure LDAP connection for all LDAP calls. By default, migfiles uses secure LDAP. |
|
--source-ldap-port |
Uses the specified port for LDAP calls. By default it uses port number 389 for unsecure LDAP and 636 for secure LDAP. |
[-c] |
--session-file --progress --progress-interval --debug --precheck |
These options are explained in the Additional Migration Options. |
|
--no-trustees |
Do not migrate trustees. |
|
--trustees-only |
Migrate only the trustees. New trustees added to the source server are migrated to the target server. |
|
--delete-existing-trustees |
Trustees that do not exist on the source server are deleted from the target server. You must use this option with --trustees-only option. |
|
--demigrate-files |
Migrates the data of HSM migrated files. By default, only stubs are migrated. |
|
--update-ifnewer |
Updates the file on the target server with the new data from the file on the source server. |
-u |
--modified-after |
Migrates files which are modified after this date. |
|
--modified-before |
Migrates files which are modified before this date. |
|
--accessed-after |
Migrates files which are accessed after this date. |
|
--accessed-before |
Migrates files which are accessed before this date. |
|
--usecodeset |
Code page value of the source server. This option is applicable only for NetWare 5.1 server. |
|
--no-dirquotas |
Do not migrate directory quotas. |
|
--no-userquotas |
Do not migrate user quotas. |
|
[--sync] |
Synchronizes source server and target server. Migrates files from the source server that are not available on the target server or is modified after the date given. |
[--delete] |
Synchronizes source server and target server. You must use this option with --sync option. Files that do not exist on the source server are deleted from the target server. |
|
|
[--delete-file-on-restore-error] |
Deletes partially restored or 0 byte files that are created during synchronization. |
|
--ignore-quota-checking |
Disables quota checking on the target server. When migration is completed, migfiles enables quota checking. |
--trustees-dirs-only |
Synchronizes trustees only at the directory level. Trustees for files are not synchronized. This option must be used only with the --trustees-only option or with the sync options. |
The following options can be used only in NetWare-to-Linux migrations.
Option |
Long Form |
Purpose |
---|---|---|
[-c] |
[--session-file] |
Stores the migration’s progress, including the date and time of the migration, the source and target IP addresses, and the source and target volume names, in the specified session file. Example: -c "status.log" This file can be used to resume a previously halted migration job. If an absolute or relative path is not specified with the filename, migfiles searches the current working directory for the file. If the specified file does not exist, all files are migrated. See Multi-Session Migration for more information. |
[-u] |
[--update] |
Migrates files newer than the date specified with this option. See Updating Modified Files for more information. This option supports date/time inputs in the following formats: "%d-%m-%Y %H:%M:%S" "%d-%m-%Y %H:%M" where d, m, Y, H, M, and S are format variables of standard Linux date/time implementations. The supported formats can be extended by using the DATEMSK environment variable. The DATEMSK environment variable must be sent to the file path pointing to the date/time formats to support. See getdate(1) and strptime(3) for more information on using DATEMSK. |
|
[--no-trustees] |
Excludes trustees while migrating file system data. |
|
[--demigrate files] |
Migrates the data of HSM-migrated files. By default, only stubs are migrated. |
|
[--update-ifnewer] |
Updates the file if the file on the source server is newer than the file on the target server. This option is applicable only for data migration. |
This command migrates the source paths listed in the source file srcpathfile to corresponding target paths listed in the target file destpathfile. Pass the srcpathfile with -V and destpathfile with -x option prefixed with a symbol (@). The sample IP address is 192.168.1.3 of the source server.
Source Paths in srcpathfile |
Target Paths in destpathfile |
---|---|
DATA:DEPT/finance |
/media/nss/DATA/finance |
DATA:DEPT/legal |
/media/nss/DATA/legal |
migfiles -s 192.168.1.3 -V @srcpathfile -x @destpathfile -i
While the migfiles command is running (without the -i option), a pound (#) character is displayed for every 100 files migrated.
The -c or --session-file option of the migfiles command allows you to stop the migration partway through and then continue it later from where it left off. This is especially useful when migrating large data volumes that might take several working days to copy and that must remain online during the migration.
For example, the following command stores the migration’s progress and other metadata in a session file named V1-to-V1 090907:
migfiles -s 192.168.1.3 -v VOL1 -V VOL1 -ni -c "V1-to-V1 090907"
To terminate the migration session at any time, press Ctrl+C. You can resume the session later by reentering the migfiles command by passing the same session file V1-to-V1 090907
Another useful option for the migfiles command is the -u or --update option. This option lets you specify a date and time, then migfiles copies only files that have been modified after this date and time. This option must be used after completing a multi-session migration described above to update all the files modified by users during the migration. The session file contains the data and time at which the migration started.
For example, the following command updates all the files on the target volume that have been modified at the source after 9 September 2008 at 12:30:
migfiles -s 192.168.1.3 -v V1 -V V1 -ni -u "9-09-2007 12:30"
The maprights command gleans file system rights information from the mls output and maps the rights to a specified volume or path on the target server. You can specify a mapping to NSS, NCP, or POSIX rights.
If the target server is in a different tree and users and groups are in new containers, you can use the -k option to migrate the users and groups into a specified container in the target eDirectory tree.
maprights -V [-p] -v|-x [-k] [--matchup-file] [-m] [--debug] [--precheck] [-c] [--progress] [--progress-interval] <inputfile>
Option |
Long Form |
Purpose |
---|---|---|
-V |
--source-path |
Specifies the volume or directory path to use on the source server. Examples: -V NSSVOL -V VOL1:/apps/data |
[-p] |
[--posix] |
Maps user rights to POSIX file system access rights. |
-v |
--destination-path |
Specifies the volume on the target server where the rights information is mapped. This option cannot be used with the -x option. Example: -v NSSVOL |
-x |
--destination-full-path |
Specifies the volume path on the target server where the rights information is mapped. You must use -x in maprights if you have used -x in migfiles. |
[-k] |
[--destination-ldap-container] |
Specifies an eDirectory container where all users and groups are to be migrated. You must use -k in maprights, if you have used -k in maptrustees. Example: -k ou=users,o=company |
[--matchup-file] |
Specify a user matchup file as generated by migmatchup. |
|
[-m] |
[--maptrustees-file] |
Specifies the name of the maptrustees file associated with this maprights migration (required for POSIX rights mapping). Example: -m maptrustees.yaml |
inputfile |
Indicates the name of the output file produced from the mls command or from stdin. |
|
[-c] |
--session-file --progress --progress-interval --debug --precheck |
These options are explained in the Additional Migration Options. |
The migrights command uses input from maprights to set file rights on the target server. All details for setting rights are stated in the input file. migrights uses this information to set the rights appropriately on the target file system.
migrights [-i] [-A] [-t] [-p] [--debug] [--precheck] [-c] [--progress] [--progress-interval] <inputfile>
Option |
Long Form |
Purpose |
---|---|---|
[-i] |
[--verbose] |
Prints verbose rights migration status. |
[-A] |
[--audit] |
Audits the results of the file rights migration. |
[-t] |
[--test] |
Performs a test run of the rights migration operation. |
[-p] |
[--posix] |
Indicates that the destination path is POSIX. |
[-c] |
--session-file --progress --progress-interval --debug --precheck |
These options are explained in the Additional Migration Options. |
|
inputfile |
Indicates the output file produced by the maprights or from stdin. |
|
[--debug] |
Prints debug messages to the migrights log file located at /var/opt/novell/log/migration/. |
To set rights on the target file system with verbose output:
migrights -i maprights.yaml
To audit the outcome after setting rights on the target file system:
migrights -i -A maprights.yaml
To perform a test run with the output from maprights and see if the files and users exist in the target tree. The test results are being directed to migrights-t.yaml:
migrights -i maprights.yaml -t > migrights-t.yaml
The migcred command can be used to store and retrieve credentials for the other file system migration commands. It uses --use-casa command to store credential details of an identity. A migcred identity can be a server IP address. With each identity, a type of user name (for example, LDAP, NDS Distinguished Name, or e-mail name) is stored along with an associated password.
migcred -i -l|-n|-N|-c|-o|-e [-w] [-r] [-d] [--debug]
Option |
Long Form |
Purpose |
---|---|---|
-i |
--id |
Specifies the identity or key to identify the credential. Example: -i 192.168.1.3 |
-l |
--ldap-dn |
Specifies credential details in LDAP format. Example: -l cn=admin,o=company |
-n |
--nds-dn |
Specifies credential details in NDS_DN format. Example: -n admin.company |
-N |
--nds-fdn |
Specifies credential details in NDS_FDN format. Example: -N cn=admin.o=company |
-c |
--cn |
Specifies credential details in Common Name (CN) format. Example: -c John Smith |
-o |
--other |
Specifies credential details in a non-specified format. |
-e |
|
Specifies credential details as an e-mail address. Example: -e admin@company.com |
[-w] |
[--password] |
Retrieves a stored password. |
[-r] |
[--retrieve] |
Retrieves credential details of an identity. |
[-d] |
[--delete] |
Deletes the credentials of an identity. |
|
[--debug] |
Print debug messages to the migcred log file. The log file is located at /var/opt/novell/log/migration/ |
This example illustrates storing the credential details of identity 192.168.1.3 in LDAP format. The command prompts for credential details, which should be entered in LDAP format (cn=admin,o=mycompany):
migcred -i 192.168.1.3 -l
This example illustrates retrieving credentials after they have been stored:
migcred -i 192.168.1.3 -l -r
This example illustrates deleting credential details of identity 192.168.1.3:
migcred -i 192.168.1.3 -d
The Migration Tool provides additional options to be executed with file system migration utilities.
You can execute these commands with file system migration utilities. Table 16-4 lists the additional options that are available for file system migrations.
Table 16-4 Additional Migration Options with File System Commands
Option |
Description |
---|---|
Stores migration progress. This file is used to continue migration. |
|
Displays the progress (in terms of percentage) of the command being executed. |
|
Specifies the time interval for displaying the progress of a command. |
|
Executes the command in a debug mode and creates a log file. |
|
Validates the arguments passed in a command. |
A session file stores the status of a command, checkpoint information of a command (the point at which the execution of command was stopped), and parameters for validating the session file. You can create a session file by executing a command with --session-file option.
An example to create a session file for the migfiles command:
migfiles -s 192.168.1.3 -iV src_volume -v dest_volume --session-file /home/migfiles_session.session
This command migrates data from the source NSS volume src_volume to the target NSS volume dest_volume. You can stop the command and re-execute it at a later stage. On executing the command at a later stage, the migfiles_session.session file is taken as an input and the migfiles command starts at the point when it was last stopped.
For example, your source volume contains 50 GB of data and after migrating 40 GB of data, migration was stopped. On re-executing the migfiles command, the remaining 10 GB of data is migrated.
Sample Session File:
src-server: 192.168.1.3 dest-server: 192.65.1.2 src-path: "DFS:" dest-path: "/media/nss/VOL1/" started-on: "18-7-2008 16:8:15" status: stopped stopped-at: "DFS:db/" Bytes Processed: 22
The --progress command can be executed with any command to display the progress of the command being executed.
To view progress on executing the migtrustees command:
migtrustees -d 192.168.1.3 maptrustees.yaml -i --progress
Output of the command:
Created 200 trustees of 500
When you execute the migtrustees command with the --progress option, it displays the progress of trustee creation. You can set the time to display the progress by specifying the --progress-interval option.
The --progress-interval option is used along with --progress option to specify the time interval for displaying the progress of a command. The default time interval is 30 seconds for refreshing the progress of a command.
To view progress every 10 seconds on executing the migtrustees command:
migtrustees -d 192.168.1.3 maptrustees.yaml -i --progress --progress-interval 10
The migtrustees command refreshes the progress every 10 seconds.
The --debug option executes the command in debug mode and creates a log file in /var/opt/novell/log/migration folder.
To execute mls command in debug mode:
mls -s 192.168.1.3 -V src_volume --debug
This command creates an mls.log file that is stored in the /var/opt/novell/log/migration folder.
The --precheck option validates the arguments passed in a command.
To execute the migfiles command:
migfiles -s 192.165.1.1 -iV src_volume -v dest_volume --precheck
On executing this command, the --precheck option validates the existence of the src_volume and dest_volume on the source server and the target server. The command authenticates to the source server and target server and also checks if SMS is running on the target server.