P2V: Upgrading your Tivoli Directory Server to 6.3
So my IT Administrator came up to us (Systems team) the other day asking if we could virtualise two old LDAP servers to free up some rack space in our server room. This is a popular trend in businesses today to consolidate hardware, not only for maintenance costs but to increase utilisation of existing applications.
I thought it might be helpful and handy to write a guide on how we do it here.
In this scenario, our old server is an AIX box running DB2 and TDS 6.0. Our new barebones VM (nothing special) is on CentOS-6 x64.
*DISCLAIIMER* As always, follow backup procedures incase anything happens. We’re ballsy so I won’t cover it here, if you need info, google TDS backup and check the infocenter.
The first step is to prepare the new server, install DB2 (which I won’t cover here) and install TDS v6.3. I installed it using an rpm we had on our repo.
rpm -Uvh tdsV6.3/*/*.rpm
given you extracted the files to your working directory
I modify the group of our db2 user db2inst1 and root
usermod -a -G idsldap db2inst1
usermod -a -G db2iadm1 root
and then create a new instance in the LDAP
${IDS_PATH}/sbin/idsicrt -I db2inst1 -e password1234 -g password1234 -p 389 -s 636 -t db2inst1 -l /home/db2inst1
Use idsicrt —help to figure out what does what. The value of -e and -g, the encrypt seed and encrypt salt respectively. We’ll use later when we export the old LDAP’s ldif.
Next, set the instance password.
${IDS_PATH}/sbin/idsdnpw -u cn=root -p password
Configure the database.
${IDS_PATH}/sbin/idscfgdb -I db2inst1 -w password -a db2inst1 -t ldap -l /home/db2inst1 -q
Now comes the fun part. Using an LDAP viewer, I used Apache Studio. Connect to the old LDAP and search for the base DN’s.
In this instance, I have four non-default DN’s. dc=test, dc=support, dc=development and dc=ilwwcm,dc=ibm,dc=com
Create these on your new LDAP using the idscfgsuf command in the sbin folder.
${IDS_PATH}/sbin/idscfgsuf -s dc=test
${IDS_PATH}/sbin/idscfgsuf -s dc=support
${IDS_PATH}/sbin/idscfgsuf -s dc=development
${IDS_PATH}/sbin/idscfgsuf -s dc=ilwwcm,dc=ibm,dc=com
Ok, now go back to the old LDAP server and export the ldif using the db2ldif script in the sbin folder. We need to specify the the encrypt key seed and the encrypt key salt of the new LDAP, in this case password1234. Use db2ldif —help to find the usage.
./db2ldif -o kirra.ldif -I idsldap -t password1234 -k password1234
scp the ldif file to your new server
scp kirra.ldif root@kirra2.wcm.lab:/opt/ibm/ldap/V6.3/kirra.ldif
and import it using the opposite script, ldifdb2.
${IDS_PATH}/sbin/ldif2db2 -i kirra.ldif -I db2inst1
given your instance name is db2inst1, and kirra.ldif is in your working directory.
and presto!
