Migrating few users from 5.2 schema I to 6.2 schema II DS
Hi All,
1.We have LDAP schema I with all users working for iMS 5.2x server for mail service.
The population here is approx 1 million mailbox and are assumed that all are in active state.
The locations are distributed geographically in three places and connected w/ each other via 100MBPS link
2.Out of these 1 million users, we want to extract 650,000 users onto a new infrastructure(special user case in ISP). The new infra will be identical to current 5.2 as follows
. JES 6.2 (JES 2005Q4) Messaging Server
. LDAP running in schema II mode.
3.All the migrated users will have their previous mail, PAB data resided onto new LDAP server schema II mode
4.The new infra will have MMP, MTA in and MTA out along with Message Stores in clustered mode.
After extraction, the old users will still use 5.2 in schema I DS w/ MMP and new users will have 6.2 along with new DS in schema II w/ new MMP
What is best feasible solution for this?
[997 byte] By [
deepak_k] at [2007-11-26 8:44:07]
# 1
I don't know if you've read my long discussion about doing exactly this, but . . .
While your planned migration will "work", unless you have some provision for keeping ALL users in both ldap schemas, and maintaining them up to date, including the value of "mailhost", you will have to figure out how to route mails for both servers.
Messaging Server has always routed mail based on "mailhost" in ldap.
If a message arrives as one of your servers, and there's no ldap entry, that message will be rejected, assuming normal processing. Not what you want.
Yes, you can have the "first" server accept all mails, and use a "domain smarthost" to let any user not in ldap fall through to the next server. In this day, when 80% of the incoming mail is spam, and addressed, in many cases, to unknown addresses, that's a "BAD" idea.
I continue to suggest:
1. Use Schema 1 or 1.5, and MMR both LDAP servers together. This makes YOUR job much easier, as migration involved much fewer steps, can be done one user at a time, or in batches.
Routing becomes a trivial exercise, as it's handled automatically.
# 2
> I don't know if you've read my long discussion about
> doing exactly this, but . . .
>
> While your planned migration will "work", unless you
> have some provision for keeping ALL users in both
> ldap schemas, and maintaining them up to date,
why up to date? As my LDAP one in schema I has the old users and
the new LDAP two in schema II mode will have set of users migrated from old with a new value of mailHost attribute, right?
> including the value of "mailhost", you will have to
> figure out how to route mails for both servers.
You mean send n recv activity between both the user types?
>
> Messaging Server has always routed mail based on
> "mailhost" in ldap.
YES.
>
> If a message arrives as one of your servers, and
> there's no ldap entry,
But, schema I users will have mailHost as 5.2 server and schema II users will have mailHost value as 6.2 server, right?
that message will be rejected,
> assuming normal processing. Not what you want.
>
> Yes, you can have the "first" server accept all
> mails, and use a "domain smarthost" to let any user
> not in ldap fall through to the next server. In this
> day, when 80% of the incoming mail is spam, and
> addressed, in many cases, to unknown addresses,
> that's a "BAD" idea.
YES
>
> I continue to suggest:
>
> 1. Use Schema 1 or 1.5, and MMR both LDAP servers
> together. This makes YOUR job much easier, as
> migration involved much fewer steps, can be done one
> user at a time, or in batches.
Customer is stressing for schema II only for a new setup now.
Will appreciate your help.
Thanks Jay!
>
> Routing becomes a trivial exercise, as it's handled
> automatically.
# 3
Here's the problem I think you may want to avoid:.
1. Old ldap server has only old users in it (or are you keeping the migrated users, and changing the mailhost for each one?)
2. New schema 2 ldap server has only the "local" users in it (or are you duplicating all the users from the old schema 1 ldap?)
Assuming that you do not duplicate ALL entries, if you do:
1. Mail from a user on the old system to a user on the new system. That mail will get rejected as "unknown", because the user is not in ldap.
2. Mail from a user on the new system to a user on the old system. That mail will be rejected as "unknown".
3. Incoming mail. What system knows authoratatively which server handles what users?
As far as I can tell, your projected implementation does not have either of your servers know all of the users' location, OR you have to manually make every change, add every user to both ldap servers. This sounds to me like a recipe for certain problems, problems you will have to solve on a near daily basis. I would surely re-think your setup.
# 4
Thanks for the reply Jay
> Here's the problem I think you may want to avoid:.
>
> 1. Old ldap server has only old users in it (or are
> you keeping the migrated users, and changing the
> mailhost for each one?)
NO.
>
> 2. New schema 2 ldap server has only the "local"
> users in it (or are you duplicating all the users
> from the old schema 1 ldap?)
The new LDAP will have only migrated users from earlier schema I server. No, we are not duplicating all the users except the indentified new users.
>
> Assuming that you do not duplicate ALL entries, if
> you do:
>
> 1. Mail from a user on the old system to a user on
> the new system. That mail will get rejected as
> "unknown", because the user is not in ldap.
YES.
>
> 2. Mail from a user on the new system to a user on
> the old system. That mail will be rejected as
> "unknown".
YES
>
> 3. Incoming mail. What system knows authoratatively
> which server handles what users?
Agreed!
>
> As far as I can tell, your projected implementation
> does not have either of your servers know all of the
> users' location, OR you have to manually make every
> change, add every user to both ldap servers. This
> sounds to me like a recipe for certain problems,
> problems you will have to solve on a near daily
> basis. I would surely re-think your setup.
What is the best possible way to carry out then?
How about having a seperate domain for users under schema II?
Regards,
D
# 5
Please do go back, and re-read what I have been suggesting all along.
Schema 1.5 is EXACTLY what you should be doing. Sharing/replicating LDAP between your servers is what you should be doing.
This will make your life so much easier, and work so much better, truly.
Please actually look at schema 1.5. Basically, it's BOTH schema 1 and schema 2, at the same time.
