Rich, Thanks for the prompt reply. Ok, I'll not assume that SSL is the problem. My setup is: SSL is enabled in its original configuration on the source. updated autofs and mozilla ldif files. db2ldif to export the userRoot and NetscapeRoot databases. Modified just the source /opt/fedora-ds/admin-serv/config/adm.conf and local.conf to replace cn=Fedora with cn=389 The migration fails during migration of the Administration Server with: check_and_add_entry: Entry not found cn=Tasks, cn=admin-serv-punch, cn=389 Administration Server, cn=Server Group, cn=punch.midwest-tool.com, ou=midwest-tool.com, o=NetscapeRoot error No such object I'll send the debug log directly to you. Craig Swanson Craig Swanson wrote: > I am hoping for guidance in migrating this SSL enabled directory to > 389-ds. > > From: fedora-ds 1.0.4 on fc6 i386 > To: 389-ds 1.1 on fedora 12 i386. The fedora 12 is on a new box > with the same IP address and hostname. > > SSL is enabled on the source directory and source admin server. > > I have read the SSL HowTo, so I understand that the certs are stored > differently under 1.1. > Is it possible to import the existing SSL certs and set up the > configuration so that the migration will succeed? migration is supposed to take care of all of that for you > If not, how do I correctly remove SSL from the source configuration? > I could set up SSL on the target after the migration. > > Thank you, > > Craig Swanson > > ----------Supporting information --------------------- > > So far I have done this 1.0.4 to 1.1 prep: > > I have modified the source schema to use the updated autofs and > mozilla ldif files. > I have run db2ldif to export the userRoot and NetscapeRoot databases. > I have modified the source /opt/fedora-ds/admin-serv/config/adm.conf > and local.conf to replace cn=Fedora with cn=389 adm.conf - ok local.conf - not so good - this is just a read-only copy of information stored in o=NetscapeRoot in the actual database. > Bad outcomes: > I ran the cross platform migration in order to pull from the modified > ldif files. > migrate-ds-admin.pl -d --crossplatform --oldsroot=/opt/fedora-ds.104 > --actualsroot=/opt/fedora-ds -f /opt/migratePunch.inf > > The migration failed because I had not dealt with the SSL. Debug output: > > +[27/Apr/2010:12:44:26 -0400] - 389-Directory/1.2.5 B2010.012.2035 > starting up > +[27/Apr/2010:12:44:26 -0400] - I'm resizing my cache now...cache was > 208736256 and is now 8388608 > +[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap > key for cipher AES > +[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher AES > in attrcrypt_cipher_init > +[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher AES in > attrcrypt_init > +[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap > key for cipher 3DES > +[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher 3DES > in attrcrypt_cipher_init > +[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher 3DES in > attrcrypt_init > +[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap > key for cipher AES > +[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher AES > in attrcrypt_cipher_init > +[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher AES in > attrcrypt_init > +[27/Apr/2010:12:44:27 -0400] - attrcrypt_unwrap_key: failed to unwrap > key for cipher 3DES > +[27/Apr/2010:12:44:27 -0400] - Failed to retrieve key for cipher 3DES > in attrcrypt_cipher_init > +[27/Apr/2010:12:44:27 -0400] - Failed to initialize cipher 3DES in > attrcrypt_init These errors are probably ok if you are not using the attribute encryption feature. You ideally should not have these errors, but this doesn't mean SSL won't work. > > Disabling SSL in the source: > I have tried to disable SSL on the source directory and admin server > via the console. Let's try to figure out what happened initially with migration first.
