Migrating from ODSEE, ISW To OUD, DIP. OUD Multi-Master And Replication Gateway Configuration – Part 2

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Below is a continuation on how to migrate ODSEE, ISW To OUD and DIP. you can access Part 1 here.

Since the migration is quite complex, I am splitting the configuration into separate parts.

This is part 2, Configuring OUD, Install and configure OUD Gateway.

Creating an OUD instance and configuration

To install and configure and OUD instance, just run the below.

Select: ldap and http for the new reset API interface.
Select: Certificate key create in Part 1 (with key name ldap-cert if asked)
On the first OUD instance configure replication user/port and create a replication password.
Select: Check Enable DIP (not EUS)
Set memory for your configuration. (I used 4Gb)
Completed the configuration.
Screen captures are below.





If Joining an existing replication configuration





Tip: On all additional OUD instance(s), select to join the existing replication, specify any other existing instance to join then accept the certificate.

Note: Do not configure any additional OUD instances yet, we first need to configure the replication gateway as outlined below.

Configuring OUD instance

Set the below configuration, this might be required for your ODSEE instances.

Run on all OUD instances (after installed).
Note: This settings are not replicated and need to be set on each instance separately.

Next, copy your costume schema files (if you have)

Migrate all other roles/indexes (pre final stage) from ODSEE

Below is a list of items you might need to change while running the above script

  1. Change global index-entry-limit value from 4000 > 8000
  2. Remove approximate from index matching rule 1.3.6.1.4.1.42.2.27.9.4.150 – (ds-cfg-attribute=objectclass,cn=Index,cn=userRoot,cn=Workflow elements,cn=config)
  3. Remove the two attributes below for this plugin to work
    Entry cn=Referential Integrity,cn=Plugins
    seeAlso: Equality
    owner: Equality

OUD replication gateway configuration

We are now ready to start configuring the OUD replication gateway, you do so by running the below.

Leave all the defaults.
Select > ODSEE => OUD
and
OUD => ODSEE (if you like two way updates.

Note: I had issues using/setting SSL from OUD => ODSEE as it wasn’t working with any certificates I tested.

OUD Gateway setup screen captures are below.




Next, get a one time export from your ODSEE instance.

Exclude the passwordObject objectclass (you might have other things to exclude)
cat /oud/certs/dsee_export.ldif-org |egrep -v “passwordObject” >/oud/certs/dsee_export.ldif

Also, exclude users:

  1. uid=PSWConnector
  2. cn=nsManagedDisabledRole
  3. cn=nsDisabledRole

Note: You OUD instance path’s are asinst_1/.. and asinst_2 is the OUD reapplication gateway instance.

Run the pre-external-initialization configuration

Next, we need a one time import of all data from ODSEE => OUD, you do so by running the below.
Note: Use the odsee dsee_export.ldif export file from above.

Next, run the post-external-initialization on the gateway.

Lastly, (optional)you might wont to rebuild index(s), do so by running the below.

Additional OUD configuration changes.
Enable un-index search’s with dsconfig.
Run dsconfig

  1. General Configuration > Global Configuration > View and edit the Global
  2. Configuration > disabled-privilege
  3. Select > unindexed-search and proxy-authid.

To fix the error issue / below – make sure to edit ACI in OUDSM (or by commend line).

Note: Fix the above error/issue by changing on each directory as ACI’s are not reduplicated.

  • Authenticated users control access > from userdn = “ldap:///all” to userdn = “ldap:///anyone”
  • And add to target control, the 1.3.6.1.4.1.42.2.27.9.5.8 control

Complete OUD Multi Master configuration

After the First OUD instance is working and populated with all ODSEE data, and OUD replication gateway is up and working.

Next, complete the installation of all other OUD instances, by running the same steps outlined above for the OUD instance.

Note: Only install/run the OUD instance and join the first instance with replication. there is no need to configure another replication gateway unless you would like to have another instance for HA.

Also, on all other OUD instances you might need to create manually the VLV Index(s) and regular index’s, you can do so by running the below.
Note: This is usually only needed if you have native LDAP (solaris/linux).
Examples:

You can get the full index and VLV-index script from here.

Tip: To uninstall an instance run the below.

In the article we have completed the OUD configuration. In Part 3 I am going to show you – how to Install, Configure WLS, OID, OUD required for DIP Instance.
To continue reading Part 3 click here.

Like what you’re reading? please provide feedback, any feedback is appreciated.

Leave a Reply

avatar
  Subscribe  
Notify of