Anonymous_User Absent Member.
Absent Member.
2496 views

Migration

Hi,
I need to retire a server on which iFolder has been installed (i.e
remove the server from the eDirectory tree. I need to migrate the iFolder
to another server in the tree. Data volumes have been migrated to other
servers using the Trustbar.nlm - no issues; How do I migrate iFolder?
Searched the TIDS did not find any documents that laid out the procedure.
All servers in the tree run NW6SP3. Once the iFolder migration is
complete, DS will be removed from the server.

Thanks,

Adrian
Labels (1)
0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Migration

,
> I need to retire a server on which iFolder has been installed (i.e
> remove the server from the eDirectory tree. I need to migrate the iFolder
> to another server in the tree. Data volumes have been migrated to other
> servers using the Trustbar.nlm - no issues; How do I migrate iFolder?
> Searched the TIDS did not find any documents that laid out the procedure.
> All servers in the tree run NW6SP3. Once the iFolder migration is
> complete, DS will be removed from the server.
>

If you migrate a server using the Mig Wizard then there should not be a
problem. I asked Novell about this in the past and they said that you could
just move the entire ifolder structure to another server and change all
references to there physical server in conf files and DS objects, but I have
never tested.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Migration

> ,
> > I need to retire a server on which iFolder has been installed (i.e
> > remove the server from the eDirectory tree. I need to migrate the

iFolder
> > to another server in the tree. Data volumes have been migrated to

other
> > servers using the Trustbar.nlm - no issues; How do I migrate iFolder?
> > Searched the TIDS did not find any documents that laid out the

procedure.
> > All servers in the tree run NW6SP3. Once the iFolder migration is
> > complete, DS will be removed from the server.
> >

> If you migrate a server using the Mig Wizard then there should not be a
> problem. I asked Novell about this in the past and they said that you

could
> just move the entire ifolder structure to another server and change all
> references to there physical server in conf files and DS objects, but I

have
> never tested.
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>

Hi Anders,
Thank you for the reply - I believe that there is one problem with
that - The Root Certificate is on the server (I've checked). The
certificate, I believe embeds the server ID. I am concerned that if we
move the directory structure that subordinate certificates issued from the
Root certificate will fail to work - Data in iFolder is encrypted using
these certificates - the data will then become inaccessible

Regards,
Adrian
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Migration

,
> Data in iFolder is encrypted using
> these certificates - the data will then become inaccessible


I do not think it is, here is what I got as an answer from Novell:

Anders here is the instructions that I am going to put in a tid... I
worked with our is&t guy who has done this 100's of times

If you are moving data to another ifolder server that is configured and
authenticating against the same tree as the old server, then the move
should be transparent. These are the basic steps I use:

Let's assume that the old server is ifolder_5 and the new server is
ifolder_9.

1. I install and configure the new ifolder server first and make it
part of the ifolder system giving it the name ifolder_9 in the iFolder
management pages.

2. I use rsync to copy all the data from ifolder_5 to ifolder_9 while
the users are still active. I usually let this run for about a week,
having rsync run once a day getting the diffs.

3. While rsync is copying the data to ifolder_9, I create an ldif file
to set the iFolderServerName attribute of all the users on ifolder_5 to
ifolder_9-move. This is an invalid value because there is no server
actually knows as ifolder_9-move.

4. When I am ready to make the final move I stop the iFolder service
on both servers and do a final rsync copy to make sure I have all the
changes and that no files were in use on this last copy.

5. I then start up the ifolder service on the the new server. Make
sure that there is a SERVER.FLG file in the iFolder data directory.
This will cause the server to do a data integrity check on all the
moved data. Non of the users accounts will connect because the
iFolderServerName attribute points to an invalid server and the old
server is still down.

6. Once the data check completes you are ready to do the final steps.

7. Use a 2nd LDIF file to set the iFolder servername attribute to the
value of the new server: ifolder_9

8. on iFolder_5 server I rename the ifolderdata directory and create a
new one that is empty before starting up the ifolder_5 server.

9. Start up the ifolder_5 server. All the clients that were waiting
to login will try to connect to ifolder_5 server. The server will look
at it's local accounts, find that there are none, and look at the
ifolderservername attribute of the users. It will see that they are
supposed to be handled by ifolder_9 and will redirect them to connect
to that server. The clients will then connect to the new ifolder_9
server and begin to s yncwiththeirdata.

10. I then change the DNS setting for the ifolder_5 server to point at
the ifolder_9 server to make sure that any users who haven't logged in
for a while will be sent to the new server we eventually the do login.

11. Shutdown the ifolder_5 server and delete it from the iFolder
management pages.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Migration

> ,
> > Data in iFolder is encrypted using
> > these certificates - the data will then become inaccessible

>
> I do not think it is, here is what I got as an answer from Novell:
>
> Anders here is the instructions that I am going to put in a tid... I
> worked with our is&t guy who has done this 100's of times
>
> If you are moving data to another ifolder server that is configured and
> authenticating against the same tree as the old server, then the move
> should be transparent. These are the basic steps I use:
>
> Let's assume that the old server is ifolder_5 and the new server is
> ifolder_9.
>
> 1. I install and configure the new ifolder server first and make it
> part of the ifolder system giving it the name ifolder_9 in the iFolder
> management pages.
>
> 2. I use rsync to copy all the data from ifolder_5 to ifolder_9 while
> the users are still active. I usually let this run for about a week,
> having rsync run once a day getting the diffs.
>
> 3. While rsync is copying the data to ifolder_9, I create an ldif file
> to set the iFolderServerName attribute of all the users on ifolder_5 to
> ifolder_9-move. This is an invalid value because there is no server
> actually knows as ifolder_9-move.
>
> 4. When I am ready to make the final move I stop the iFolder service
> on both servers and do a final rsync copy to make sure I have all the
> changes and that no files were in use on this last copy.
>
> 5. I then start up the ifolder service on the the new server. Make
> sure that there is a SERVER.FLG file in the iFolder data directory.
> This will cause the server to do a data integrity check on all the
> moved data. Non of the users accounts will connect because the
> iFolderServerName attribute points to an invalid server and the old
> server is still down.
>
> 6. Once the data check completes you are ready to do the final steps.
>
> 7. Use a 2nd LDIF file to set the iFolder servername attribute to the
> value of the new server: ifolder_9
>
> 8. on iFolder_5 server I rename the ifolderdata directory and create a
> new one that is empty before starting up the ifolder_5 server.
>
> 9. Start up the ifolder_5 server. All the clients that were waiting
> to login will try to connect to ifolder_5 server. The server will look
> at it's local accounts, find that there are none, and look at the
> ifolderservername attribute of the users. It will see that they are
> supposed to be handled by ifolder_9 and will redirect them to connect
> to that server. The clients will then connect to the new ifolder_9
> server and begin to s yncwiththeirdata.
>
> 10. I then change the DNS setting for the ifolder_5 server to point at
> the ifolder_9 server to make sure that any users who haven't logged in
> for a while will be sent to the new server we eventually the do login.
>
> 11. Shutdown the ifolder_5 server and delete it from the iFolder
> management pages.
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>

Thank you very much for that Anders.

Regards,
Adrian
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Migration

HI Anders,

I have some queries for the instructions.
Step 3....i create an ldif file to set the ifolderServerNa,e attribute of
all the users on ifolder_5 to ifolder_9-move.....
Q: May i know how do you create this ldif file?

Step 7. use a 2nd ldif file to set the iFolder servername attribute to the
value of the new server: ifolder_o
Q: May i know how do you create the ldif file here?

Thank you.

Best rgds
Irene

> ,
> > Data in iFolder is encrypted using
> > these certificates - the data will then become inaccessible

>
> I do not think it is, here is what I got as an answer from Novell:
>
> Anders here is the instructions that I am going to put in a tid... I
> worked with our is&t guy who has done this 100's of times
>
> If you are moving data to another ifolder server that is configured and
> authenticating against the same tree as the old server, then the move
> should be transparent. These are the basic steps I use:
>
> Let's assume that the old server is ifolder_5 and the new server is
> ifolder_9.
>
> 1. I install and configure the new ifolder server first and make it
> part of the ifolder system giving it the name ifolder_9 in the iFolder
> management pages.
>
> 2. I use rsync to copy all the data from ifolder_5 to ifolder_9 while
> the users are still active. I usually let this run for about a week,
> having rsync run once a day getting the diffs.
>
> 3. While rsync is copying the data to ifolder_9, I create an ldif file
> to set the iFolderServerName attribute of all the users on ifolder_5 to
> ifolder_9-move. This is an invalid value because there is no server
> actually knows as ifolder_9-move.
>
> 4. When I am ready to make the final move I stop the iFolder service
> on both servers and do a final rsync copy to make sure I have all the
> changes and that no files were in use on this last copy.
>
> 5. I then start up the ifolder service on the the new server. Make
> sure that there is a SERVER.FLG file in the iFolder data directory.
> This will cause the server to do a data integrity check on all the
> moved data. Non of the users accounts will connect because the
> iFolderServerName attribute points to an invalid server and the old
> server is still down.
>
> 6. Once the data check completes you are ready to do the final steps.
>
> 7. Use a 2nd LDIF file to set the iFolder servername attribute to the
> value of the new server: ifolder_9
>
> 8. on iFolder_5 server I rename the ifolderdata directory and create a
> new one that is empty before starting up the ifolder_5 server.
>
> 9. Start up the ifolder_5 server. All the clients that were waiting
> to login will try to connect to ifolder_5 server. The server will look
> at it's local accounts, find that there are none, and look at the
> ifolderservername attribute of the users. It will see that they are
> supposed to be handled by ifolder_9 and will redirect them to connect
> to that server. The clients will then connect to the new ifolder_9
> server and begin to s yncwiththeirdata.
>
> 10. I then change the DNS setting for the ifolder_5 server to point at
> the ifolder_9 server to make sure that any users who haven't logged in
> for a while will be sent to the new server we eventually the do login.
>
> 11. Shutdown the ifolder_5 server and delete it from the iFolder
> management pages.
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Migration

,
> Q: May i know how do you create this ldif file?


No idea sorry. I have not played much with LDIF, but basically what you
need to do is to create a file containing all affected users. You can
use NLIST or NDSReport from Wolfgang Schreiber, then you need to
massage that into an LDIF file, something along the lines of

version: 1

dn: cn=johndoe, ou=provo, ou=users, o=novell
changetype: modify
replace: ifolderServerName
ifolderServerName: ifolder_9

dn: cn=maryJ, ou=provo, ou=users, o=novell
changetype: modify
replace: ifolderServerName
ifolderServerName: ifolder_9

See:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10052014.htm
http://www.novell.com/coolsolutions/feature/5997.html

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Migration

Hi,

Thank you 🙂

May i know how do you generate and export the LDIF file?

Best Rgds
Irene
> ,
> > Q: May i know how do you create this ldif file?

>
> No idea sorry. I have not played much with LDIF, but basically what you
> need to do is to create a file containing all affected users. You can
> use NLIST or NDSReport from Wolfgang Schreiber, then you need to
> massage that into an LDIF file, something along the lines of
>
> version: 1
>
> dn: cn=johndoe, ou=provo, ou=users, o=novell
> changetype: modify
> replace: ifolderServerName
> ifolderServerName: ifolder_9
>
> dn: cn=maryJ, ou=provo, ou=users, o=novell
> changetype: modify
> replace: ifolderServerName
> ifolderServerName: ifolder_9
>
> See:
>
> http://support.novell.com/cgi-bin/search/searchtid.cgi?/10052014.htm
> http://www.novell.com/coolsolutions/feature/5997.html
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Migration

,
> May i know how do you generate and export the LDIF file?
>

Like I said, you need to use NLIST or NDSReport to create a text file.
Then use your favourite text manipulation tool to create the file. Some
people use AWK, I generally use batchfiles and some old DOS utilities.
Grep is another option.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.