Migrating from one DS to another for use with iMS
Hello all. We are looking at implementing the latest version of Messaging Server as part of implementing the Campus Pipeline Luminis product. Luminis use iPlanet DS 5.1 as it's directory server. In this DS is stored everything that Messaging Server needs in a DS.
However, my boss doesn't want to be tied to Luminis for mail services, which means if we chuck Luminis but decide to keep running iMS for our mail, he wants to be able to easily get it to work. Also, as a side project, we are impleming central directory services here using iDS 5.1 SP1. What I need to know is what infro from the Luminis DS I would need to extract and what I would need to do to configure the central ds so that this would work.
Suggestions are appreciated.
Thanks
Bob Jones
bob.jones@usg.edu
[819 byte] By [
OneTrueBob] at [2007-11-25 8:48:28]
Bob,
Take a look at the Iplanet Directory Server Resource Kit (iDSRK). There is a tool called ldifxform that allows you to manipulate ldif files at the attribute level.This will allow you to remove/add Luminis attributes/classes from an ldif file.There are also a few other tools that may give you alternative ideas.
What does Luminis do? One of the options I was looking at was using our iMS5.2 LDAP for Unix user authentication and another LDAP (called beta) for group and machine names. I added the POSIX classes to a couple test accounts and used DB chaining to "link" the user part of the iMS tree into the beta tree. This worked for authenticating a Mac. Would adding the Luminis classes to the iMS users be an option?
Hope this Helps.
Roger S.
Luminis is a portal solution specialized for higher education. The problem is that in order for us to be supported, Luminis has to run it's own directory server. The mail server is integrated with Luminis and thus keeps the ds info it needs kept in the Luminis ds.
I am wanting to be able to rip just the parts that deal with messaging server out of the Luminis version and put them in our central directory, then point the messaging server to our central directory and it work. That is why I'm asking about just which objectclasses and attributes messaging server keeps in the ds it uses.
Bob,
Probably the easiest way to start this is to create a new directory server instance, take a snapshot (ldif dump), run the ims_dssetup.pl utility against it and take another snapshot.The difference between the two is what you want. The objectclasses themselves are defined in the schema directory. The real trick is in the ACIs that control user and Delegated Admin access. "Folding-in" the iMS classes and attributes shouldn't be difficult. Unless of course, there is a objectclass/attribute name colilision, good luck resolving that. Getting the ACIs modified is the real trick.Keep in mind, just blindly adding the iMS ACIs could kill Luminis access.
Now then let's talk configuration trees. During the installation, I think you can specify a separate user/group DS. That's probably what you want. Leave the config tree in its own DS. It'll make things simpler.
Also, keep in mind, user management. You will need to modifiy the iDA or develop some Perl or shell scripts to add/delete/modify users. Standard tools from either side will only do part of the job.
HTH,
Roger S.
