You can create the default instance if you are not migrating a
directory server instance from a previous version and you want to
create a new directory server instance with default settings. (This
option is not available if you have already created a default directory
server instance; you can create only one default instance.) The default
directory server instance has the following settings, which you cannot
change:
On Windows systems
Name: dsrdbm01
Instance location: c:\idsslapd-dsrdbm01
Group name: Administrators
Administrator DN: cn=root
Database name: dsrdbm01
On AIX®, Linux, and Solaris systems:
Name: dsrdbm01
Instance location: /home/dsrdbm01. (On Solaris
systems, this directory is /export/home/dsrdbm01.)
Group name: grrdbm01
Administrator DN: cn=root
Database name: dsrdbm01
The DB2® tablespaces for the
default instance are Database Managed Storage (DMS).
In addition, the o=sample suffix is created for the default directory
server instance. You can add other suffixes later with the Configuration
Tool or the idscfgsuf command. See Managing suffixes for information.
If these settings are too restrictive, choose another option.
On the Create new directory server instance window:
Click Create default instance.
Click Next.
On the Default instance details window, complete the following
fields:
User password
Type the password for the system user, dsrdbm01, that will own
the directory server instance.
Confirm password
Type the password again for confirmation.
Encryption seed
Type a string of characters that will be used as an encryption
seed.
The encryption seed must contain only printable ISO-8859-1
ASCII characters with values in the range of 33 to 126, and must be
a minimum of 12 and a maximum of 1016 characters in length. For information
about what characters can be used, see Appendix K. ASCII characters from 33 to 126.
This
encryption seed is used to generate a set of Advanced Encryption Standard
(AES) secret key values. These values are stored in the directory
server instance's directory key stash file and used to encrypt and
decrypt directory stored password and secretkey attributes.
Record
the encryption seed in a secure location; you might need it if you
export data to an LDIF file (the idsdb2ldif command)
or regenerate the key stash file (the idsgendirksf command.)
Confirm encryption seed
Type the encryption seed again for confirmation.
Administrator DN password
The administrator DN for the default instance is cn=root.
Type the password for the administrator DN. You must define a password.
Passwords are case-sensitive. Double byte character set (DBCS) characters
in the password are not valid.
Note:
Record the password
in a secure location for future reference.
Confirm password
Type the password again for confirmation.
Click Next.
In the Verify settings window, information is displayed about
the options you specified. To return to an earlier window and change
information, click Back. To begin creating the
directory server instance, click Finish.
The Results window is displayed, and messages are displayed while
the directory server instance is being created. A completion message
is displayed when instance creation is complete. Click OK to
remove the message.
Click Close to close the window and return
to the main window of the Instance Administration Tool.
If you have finished using the Instance Administration Tool, click Close to exit the tool.
On the Create a new directory server instance window, click Create a new directory server instance.
If you want the new directory server instance to be a proxy server
instance, select the Set up as proxy check box.
A proxy server does not have an associated database instance.
Click Next.
On the Instance details window, complete the following fields:
User name
Do one of the following:
If the user you want to own the directory server instance is an
existing user on the system, select the system user ID of the user
from the list. This name will also be the name of the directory server
instance.
If you want to change properties for the user, click Edit user. On the window that displays:
If you want to change the user's password, type the new password
in the Password field.
Type the password again for confirmation in the Confirm password field.
If you are on an AIX, Linux, or Solaris system and you
want to change the home directory for the user, type the new home
directory in the Home directory field. You can
click Browse to locate the home directory.
If you are on an AIX, Linux, or Solaris system and you
want to change the user's primary group, type the new primary
group in the Primary group field.
Click Edit to save your changes.
If you want to create a new system user ID for the owner of the
directory server instance, click Create user.
On the window that displays:
Type a name for the user in the User Name field.
This name becomes the directory server instance name.
Type the password for the user in the Password field.
Type the password again for confirmation in the Confirm password field.
If you are on an AIX, Linux, or Solaris system:
Type the home directory for the user in the Home
directory field. You can click Browse to
locate the home directory.
Type the name of the user's primary group in the Primary
group field.
Click Create to create the user.
Instance location
Type the location where the directory server instance files
will be stored. Be sure that you have at least 30 MB of free disk
space in this location.
On Windows systems,
this location is a drive, such as C:. The directory
instance files will be stored on the drive you specify in the \idsslapd-instance_name directory. (instance_name is
the name of the directory server instance.)
On AIX, Linux,
and Solaris systems, the default location for the instance files is
in the directory instance owner's home directory, but you can specify
a different path. Click Browse if you want to
select a location.
Encryption seed string
Type a string of characters that will be used as an encryption
seed.
The encryption seed must contain only printable ISO-8859-1
ASCII characters with values in the range of 33 to 126 inclusive,
and must be a minimum of 12 and a maximum of 1016 characters in length.
For information about what characters can be used, see Appendix K. ASCII characters from 33 to 126.
This encryption seed is used to generate a
set of Advanced Encryption Standard (AES) secret key values. These
values are stored in the directory server instance's directory key
stash file and used to encrypt and decrypt directory stored password
and secretkey attributes.
Record the encryption seed in a secure
location; you might need it if you export data to an LDIF file (the idsdb2ldif command) or regenerate the key stash
file (the idsgendirksf command.)
Confirm encryption seed
Type the encryption seed string again for confirmation.
Use encryption salt value
Select this check box if you want to provide an encryption salt
value.
If you are migrating and you want the directory server instance
to be cryptographically synchronized with the same directory server
instances as the instance you are migrating, check this box and then
complete the Encryption salt string and Confirm encryption salt string fields.
If you are creating a new directory server instance and you want
the new directory server instance to be cryptographically synchronized
with other directory server instances, check this box and then specify
the same encryption salt string that the other directory server instances
have.
If you clear the check box, the Instance Administration Tool
generates an encryption salt string value randomly.
Encryption salt string
If you want to provide an encryption salt string, type the value.
The
encryption salt is used, along with the encryption seed, to generate
two-way Advanced Encryption Standard (AES) encryption keys that are
stored in key stash files. These values are used to encrypt and decrypt
directory stored password and secretkey attributes.
If you want
to use replication, use a distributed directory, or import and export
LDIF data between server instances, you can obtain better performance
if the directory server instances have the same encryption salt value.
Therefore, if the directory server instance you are creating or migrating
will be used in one of these ways, set the encryption salt value to
the encryption salt value of the directory server instances with which
it will be involved in these activities.
You can obtain a server's
salt value by searching (using the ldapsearch utility) the server's
'cn=crypto,cn=localhost' entry. The attribute type is ibm-slapdCryptoSalt.
For example:
The
part of the string after the equal to sign (=) is the encryption salt.
In this example, the encryption salt is :SxaQ+.qdKor.
The
encryption salt must contain only printable ISO-8859-1 ASCII characters
with values in the range of 33 to 126, and must be exactly 12 characters
in length. For information about characters that can be used, see Appendix K. ASCII characters from 33 to 126.
Confirm encryption salt
Type the encryption salt string again for confirmation.
Instance description
Optionally, type a description of the directory server instance.
This description is displayed in other windows to help identify the
instance.
Click Next.
If the DB2 instance details
window is displayed, either accept the name that is displayed in the DB2 instance name field,
or type or select a different name for the DB2 instance, and then click Next.
By
default, the DB2 instance name
is the same as the name of the directory server instance, but you
can specify a different name for the DB2 instance.
If you specify a different name, there must be a system user ID by
the same name. This name cannot be already associated with another
directory server instance.
Note:
Be sure that the DB2 instance used by Tivoli Directory Server is a
dedicated instance and that no other programs or products are configured
to use this instance.
In the TCP/IP settings for multihomed hosts window, do one of
the following:
If you want the directory server instance to listen on all IP
addresses, select the Listen on all configured IP
addresses check box.
If you want the directory server instance to listen on a particular
set of IP addresses that are configured on the computer, clear the Listen on all configured IP addresses check box.
Then select the IP address or addresses in the list that you want
the directory server instance to listen on.
Click Next.
In the TCP/IP port settings window, complete the following fields:
Server port
Type the number of the port you want the server to use as its
contact port. The number must be between 1 and 65535.
Server secure port
Type the number of the port you want the server to use as its
secure port. The number must be between 1 and 65535.
Administration server port
Type the number of the port you want the administration server
to use as its port. The number must be between 1 and 65535.
Administration server secure port
Type the number of the port you want the administration server
to use as its secure port. The number must be between 1 and 65535.
Notes:
If you have two or more directory server instances listening on
the same IP address (or set of IP addresses), be sure that those directory
server instances do not use any of the same port numbers.
ON AIX, Linux, and Solaris systems, port numbers below 1000
can be used only by root.
Click Next.
If the Optional steps window is displayed:
Select Configure administrator DN and password if
you want to configure the administrator DN and password for the directory
server instance now. (The administrator DN and password are required
for both proxy servers and full directory servers.)
Select Configure database if you want to
configure the database for the directory server instance now. (A proxy
server instance does not require a database.)
When you configure
the database, the Instance Administration Tool adds information about
the database that will be used to store directory data to the configuration
file (ibmslapd.conf) for the directory server instance. In addition,
if the database does not already exist, the Instance Administration
Tool creates the database.
In some cases (for example, if you are migrating from a previous
release), these options might not be available.
Click Next.
Note:
You can use the Configuration
Tool or the command line later if you do not want to set the administrator
DN or configure the database now, but you cannot use the directory
server instance until you have done these steps.
If the Configure administrator DN and password window is displayed:
In the Administrator DN field, type a valid
DN (or accept the default DN, cn=root).
The
administrator DN is the DN used by the administrator of the directory
server instance. This administrator is the one user who has full access
to all data in the directory.
The default DN is cn=root.
DNs are not case sensitive. If you are unfamiliar with LDAP DN format,
or if for any other reason you do not want to define a new DN, accept
the default DN.
Type
the password for the administrator DN in the Administrator
Password field. You must define a password. Passwords are case-sensitive.
Double byte character set (DBCS) characters in the password are not
valid.
Record the password in a secure location for future reference.
Retype the password in the Confirm password field.
Click Next.
If the Configure database window is displayed:
Type a valid DB2 administrator
ID in the Database user name field. This ID
must already exist and must have the proper authority before you can
configure the database.
Note:
Before server startup, this user must have the locale set
to the correct locale for the language in which you want server messages
to be displayed. If necessary, log in as the user and change the locale
to the correct one.
Type the password for the user in the Password field.
Passwords are case-sensitive.
Type the name you want to give the DB2 database
in the Database name field. The name can be
from 1 to 8 characters long.
Select the Show advanced tablespace
options check box if either of the following is true:
You want this database to use System Managed Storage (SMS) data
storage for the DB2 tablespaces.
You want this database to use Database Managed Storage (DMS) data
storage for the DB2 tablespaces
and you want to configure the sizes and locations for the USERSPACE1
and LDAPSPACE tablespaces for the database.
If you clear the check box, the USERSPACE1 and LDAPSPACE tablespaces
will be created using DMS with default sizes and locations.
DB2 can use one of two types of
data storage when it creates table spaces. These are System Managed
Storage (SMS) and Database Managed Storage (DMS).
When SMS is
used, the operating system's file system manager allocates and manages
the space where DB2 tables are
stored (the tablespace).
When DMS is used, the tablespaces
are managed by the database manager. The database administrator decides
which devices and files to use, and DB2 manages
the space on those devices and files.
The default for Tivoli Directory Server 6.3
is DMS. Versions of Tivoli Directory Server earlier than 6.2 use SMS for all databases.
Note:
The default minimum disk space requirement for a DMS database
is 1 GB. If you have limited disk space and do not plan to have a
large directory, configure an SMS database. An SMS database requires
a minimum of 150 MB of disk space. These requirements are for an
empty database. When you store data in the database, more disk space
is required.
Click Next.
If the Database options window is displayed:
Type the location for the database in the Database
install location field. For Windows platforms,
this must be a drive letter. For non-Windows platforms, the location
must be a directory name, such as /home/ldapdb. (You can click Browse to locate a directory.)
Be sure that you
have at least 1 GB (for a DMS database) or 150 MB (for an SMS database)
of free hard disk space in the location you specify and that additional
disk space is available to accommodate growth as new entries are added
to the directory.
If you
want to configure the database for online backup:
Select the Configure for online backup check
box.
In the Database backup location field,
type the location where you want the backed-up information
to be stored. Click Browse to search
for the location.
If you configure the database for online backup, when database
configuration is complete: the initial, offline backup of the database
will be performed, and then the Administration Server will be restarted.
Notes:
Do not exit the Instance Administration Tool while the backup
operation is running.
You can also configure online backup
for a directory server instance using the command line. However, if
you do this, you cannot unconfigure online backup through the command
line (using the idscfgdb command with the -c flag).
If you configure online backup for
a directory server instance using either the Instance Administration
Tool or the Configuration Tool, you can unconfigure it through the
Configuration Tool or the command line.
For the most reliable
results, use the Instance Administration Tool or the Configuration
Tool to administer online backup.
In the Character-set option box:
Click the type of database you want to create. Click one of the
following:
Create a universal DB2 database
(UTF-8/UCS-2) to create a UCS Transformation Format (UTF-8) database,
in which LDAP clients can store UTF-8 character data.
Create a local codepage DB2 database to create a database in the local
code page.
Create a universal database if you plan to store data in multiple
languages in the directory. A universal database is also most efficient
because less data translation is needed. If you want to use language
tags, the database must be a UTF-8 database. For more information
about UTF-8, see Appendix O. UTF-8 support.
Click Next.
If you selected the Show advanced tablespace
options check box in the Configure database window, the Select
database tablespace type window is displayed. In the window:
Under Select database tablespace type, DMS is selected. DMS tablespace support
is used only for the USERSPACE1 and LDAPSPACE tablespaces. All other
tablespaces, such as catalog and temporary tablespaces, are of type
SMS.
If you select SMS instead, all
other fields are disabled.
In the USERSPACE1 tablespace details section
of the window:
In the Tablespace container field,
click File if you want the USERSPACE1
tablespace to be located in a file system or Raw
device if you want the USERSPACE1 tablespace created in a raw
device. (A raw device is a device where no file system is installed,
such as a hard disk that has no file system.)
If the database tablespace
container location is in a file system, a DMS cooked tablespace
will be created. In this case, you can specify the initial size for
the tablespace and an extendable unit size, and the tablespace will
be automatically expanded if needed.
If the database tablespace
container location is in a raw device, a DMS raw tablespace
will be created. In this case, the size of the database tablespace
container is fixed and cannot be expanded. If you do this, specify
the size along with the container location instead of accepting the
default values.
Do one of the following:
If you selected File in the Tablespace container field:
In the Directory path field, specify
the path where you want the USERSPACE1 tablespace created. You can
click Browse to select the path.
In the File field, type the file
name where you want the tablespace created or accept the default file
name, USPACE. (By default, the path
and file name is: database_location/instance name/NODE0000/SQL00001/USPACE on AIX, Linux,
and Solaris systems, or database_location\instance name\NODE0000\SQL00001\USPACE on Windows systems.)
If you selected Raw device in the Tablespace container field, type the location
of the raw device in the Device path field.
On Windows systems, this
path must start with \\.\ (for example,
\\.\device_name); on AIX, Linux,
and Solaris systems, this must be a valid path.
Note:
in the Tablespace
container field:
If you select File, the USERSPACE1
tablespace container will be the auto-incremental type, where
you can provide the initial size (in the Initial
size (Pages) field) and an extendable unit size (in the Extendable size (Pages) field). If you
do not change these fields, the initial size defaults to 16K pages,
and the extendable unit size defaults to 8K pages. (The page size
for the USERSPACE1
tablespace container is 4 KB per page.)
If you select Raw Device, the size
of the USERSPACE1 tablespace container is fixed. The default size
is 16K pages, but for best results, specify the size you want.
In the Initial size (Pages) field,
type the initial size for the USERSPACE1 tablespace or accept the
default.
In the LDAPSPACE tablespace details section
of the window:
In the Tablespace container field,
click File if you want the LDAPSPACE
tablespace to be located in a file system or Raw
device if you want the LDAPSPACE tablespace created in a raw
device. (A raw device is a device where no file system is installed,
such as a hard disk having no file system.)
Do one of the following:
If you selected File in the Tablespace container field:
In the Directory path field, specify
the path where you want the LDAPSPACE tablespace created. You can
click Browse to select the path.
In the File field, type the file
name where you want the tablespace created or accept the default file
name, which is database location/ldap32kcont_instance name/ldapspace.
If you selected Raw device in the Tablespace container field, type the location
of the raw device in the Device path field.
On Windows systems, this
path must start with \\.\ (for example,
\\.\device_name); on AIX, Linux,
and Solaris systems, this must be a valid path.
Note:
in the Tablespace
container field:
If you select File, the LDAPSPACE
tablespace container will be the auto-incremental type, where
you can provide the initial size (in the Initial
size (Pages) field) and an extendable unit size (in the Extendable size (Pages) field). If you
do not change these fields, the initial size defaults to 16K pages,
and the extendable unit size defaults to 8K pages. (The page size
for the LDAPSPACE tablespace is 32 KB per page.)
If you select Raw Device, the size
of the LDAPSPACE tablespace container is fixed. The default size is
16K pages, but for best results, specify the size you want.
In the Initial size (Pages) field,
type the initial size for the LDAPSPACE tablespace or accept the default.
In the Other properties section of the window,
if you selected File in one or both
of the Tablespace container fields,
use the Extendable size (Pages) field
to specify the number of pages by which the tablespace containers
that are of type File will be expanded
if needed.
Click Next.
In the Verify settings window, information is displayed about
the options you specified. To return to an earlier window and change
information, click Back. To begin creating the
directory server instance, click Finish.
The Results window is displayed, and messages are displayed while
the instance is being created. A completion message is displayed when
instance creation is complete. Click OK to remove
the message.
Click Close to close the window and return
to the main window of the Instance Administration Tool.
If you have finished using the Instance Administration Tool, click Close to exit the tool.
Note:
After you set the administrator DN and password and,
for a full directory server, configure the database, see After you install and configure for information about:
Starting the server
Starting the Embedded WebSphere Application Server service if you have installed and configured
the Web Administration Tool.
You can find information about using the Web Administration Tool
in the IBM Tivoli Directory Server Version 6.3 Administration Guide.
Migrating an instance
You can migrate a directory server instance from a previous version
of Tivoli Directory Server to a 6.3 directory server instance.
If you are performing remote migration of a Tivoli Directory Server version 6.0,
6.1, or 6.2, you must have already backed up the configuration and
schema files. See Before you upgrade.
To migrate a Tivoli Directory Server version 6.0, 6.1, or 6.2 directory server instance:
Select the 6.0, 6.1, or 6.2 directory server instance you want
to migrate in the list, and click Migrate.
In the Migrate directory server instance window, click Migrate.
Messages are displayed while the directory
server instance is being migrated. A completion message is displayed
when migration is complete. Click OK to remove
the message.
Click Close to close the
window and return to the main window of the Instance Administration
Tool.
If you have finished using the Instance Administration
Tool, click Close to exit the tool.
For remote migration of a directory server instance:
Click Migrate from a previous version of directory
server. Then type the path where you backed up the configuration
and schema files from the previous version. (Click Browse to select the path.)
Click Next.
In the Instance details window, complete the following fields:
User name
Do one of the following:
If the user you want to own the directory server instance is an
existing user on the system, select the system user ID of the user
from the list. This name will also be the name of the directory server
instance. (You cannot edit user information
for an existing user when you are migrating an instance.)
If you want to create a new system user ID for the owner of the
directory server instance, click Create user.
On the window that displays:
Type a name for the user in the User Name field.
This name becomes the directory server instance name.
Type the password for the user in the Password field.
Type the password again for confirmation in the Confirm password field.
If you are on an AIX, Linux, or Solaris system:
Type the home directory for the user in the Home
directory field. You can click Browse to
locate the home directory.
Type the name of the user's primary group in the Primary
group field.
Click Create to create the user.
Instance location
Type the location where the directory server instance files
will be stored. Be sure that you have at least 30 MB of free disk
space in this location.
On Windows systems,
this location is a drive, such as C:. The directory
instance files will be stored on the drive you specify in the \idsslapd-instance_name directory. (instance_name is
the name of the directory server instance.)
On AIX, Linux,
and Solaris systems, the default location for the instance files is
in the directory instance owner's home directory, but you can specify
a different path. Click Browse if you want to
select a location.
Instance description
Optionally, type a description of the directory server instance.
This description is displayed in other windows to help identify the
instance.
Click Next.
Note:
When
performing remote migration from a previous release to Tivoli® Directory Server 6.3,
the following will be disabled: Encryption seed string, Confirm encryption
seed, Use encryption salt value, Encryption salt string, and Confirm
encryption salt. Tivoli Directory
Server 6.3 determines the values for these fields from the appropriate
backed up configuration files.
In the DB2 instance details
window, verify that the DB2 instance
name is correct, and then click Next.
In the TCP/IP port settings window, complete the following fields:
Server port
Type the number of the port you want the server to use as its
contact port. The number must be between 1 and 65535.
Server secure port
Type the number of the port you want the server to use as its
secure port. The number must be between 1 and 65535.
Administration server port
Type the number of the port you want the administration server
to use as its port. The number must be between 1 and 65535.
Administration server secure port
Type the number of the port you want the administration server
to use as its secure port. The number must be between 1 and 65535.
Notes:
If you have two or more directory server instances listening on
the same IP address (or set of IP addresses), be sure that those directory
server instances do not use any of the same port numbers.
ON AIX, Linux, and Solaris systems, port numbers below 1000
can be used only by root.
Click Next.
In the Verify settings window, information is displayed about
the options you specified. To return to an earlier window and change
information, click Back. To begin creating the
directory server instance, click Finish.
The Results window is displayed, and messages are displayed while
the instance is being migrated. A completion message is displayed
when migration is complete. Click OK to remove
the message.
Click Close to close the window and return
to the main window of the Instance Administration Tool.
If you have
finished using the Instance Administration Tool, click Close to
exit the tool.
After you start the server for the first
time, be sure to run a backup. (Database internal data migration occurs
when the Tivoli Directory Server 6.3 directory server instance is started for the first
time.) For information about backing up the directory server instance,
see Backing up the directory server instance.
Starting the Embedded WebSphere Application Server service if you have installed and configured
the Web Administration Tool.
You can find information about using the Web Administration Tool
in the IBM Tivoli Directory Server Version 6.3 Administration Guide.
Creating an instance that is a copy of another instance
You can use the Instance Administration Tool to create a directory
server instance that uses an existing directory server instance (on
the local computer or on another computer) as a template. When you
do this, the configuration settings and schema files from the source
directory server instance are duplicated and the directory key stash
files are also synchronized. The new directory server instance can
be configured as a replica or a peer to the source directory server
instance if it is in an existing replication deployment, as a full
directory server instance that is not participating in replication,
or as an additional proxy server. Requirements are:
The source directory server instance must be running Tivoli Directory Server version
6.3; it cannot be running an earlier version of Tivoli Directory Server, and it cannot
be running another version of LDAP.
The source directory server instance must be running, and it cannot
be running in configuration only mode.
The source directory server instance must be accessible from the
computer where you are running the Instance Administration Tool.
If the directory server instance you are creating will be a peer
or replica, there must be a replication context defined on the source
directory server instance. (You cannot use the Instance Administration
Tool to set up the first replica or peer in a replication topology.)
The source directory server instance must already have at least one
replication context, replication group, and replication subentry defined.
If a replica is being configured, the source directory server instance
must already have the initial replication topology defined, including
an agreement to at least one other server. If a peer is being configured,
the source server must be defined as a master for one or more of the
subentries in the replication configuration.
If the directory server instance
you are creating will be a peer or replica, a new replication subentry
will be created under ibm-replicaGroup=default,replContextDN.
If this DN is not present, the instance cannot be copied.
The new directory server instance will be created on the computer
where the Instance Administration Tool is running. If the source directory
server is on a different computer, the operating systems of the two
computers need not be the same. For example, on a Windows system, you can make a copy of a directory
server instance that is running on a Linux system.
The Instance Administration Tool will also copy the key database
files if the source directory server is running under SSL mode and
the Instance Administration Tool is connected to the source directory
server using SSL communication.
If the directory server instance you are copying is a proxy server,
the new directory server instance will also be a proxy. If the directory
server instance you are copying is a full directory server, the new
directory server instance will also be a full directory server, and
you can choose whether or not you want to copy the data from the existing
directory server instance.
Note:
If you want to copy the data from the existing directory
server instance while creating the new directory server instance,
the following requirements must be met:
The version of DB2 need
not be the same for both directory server instances. A database backup
from one operating system family can be restored on any system within
the same operating system family. For example, on Windows operating systems, you can restore a database
created on DB2 UDB V8 to a DB2 Version 9 database system. For AIX, Linux,
and Solaris operating systems, as long as the endianness (big endian
or little endian) of the backup and restore operating systems is the
same, you can restore backups that were produced on DB2 UDB V8 to DB2 Version
9.
The source directory server instance must be configured to allow
for online backups. You can configure for online backup during initial
database configuration (through the Instance Administration Tool or the Configuration Tool), or
using the Backup database task in the Configuration Tool.
An initial offline backup must have been taken on the source directory
server instance at some time before you use the Instance Administration
Tool to copy the directory server instance. The path you specify must
contain only one backup image.
The path where the backup images are stored must be accessible
to both the source directory server instance and the new directory
server instance.
To create an instance that is a copy of another instance:
On the Tivoli Directory Server Instance Administration Tool window, do one of the
following:
If you want to make a copy of a directory server instance that
is on the computer, select the directory server instance in the list
and then click Copy local instance.
If you want to make a copy of a directory server instance that
is on another computer, click Copy remote instance.
The Source information window is displayed.
Complete the following fields, and then click Next:
Host
If the directory server instance you want to copy is not on
the local computer, type the host name or IP address. If the directory
server instance is on the local computer, this field is completed
automatically and you cannot edit it.
Port
If the port displayed for the directory server instance you
want to copy is not correct, type the number of the port on which
the directory server instance is running.
Administrator DN
If the directory server instance you want to copy is not on
the local computer, type the administrator DN for the directory server
instance you want to copy. If the directory server instance is on
the local computer, this field is completed automatically and you
cannot edit it.
Password
Type the administrator DN password for the directory server
instance you want to copy.
Encryption seed
Type the encryption seed for the directory server instance you
want to copy. You must provide the correct encryption seed or the
directory server instance will not be copied.
Use SSL connection
If the source directory server instance is using Secure Sockets
Layer (SSL) security and you want the new directory server instance
to use the same SSL configuration settings, select this check box,
and then complete the following fields:
Key file
Type the path and file name of the SSL key database file on
the source directory server instance. You can use the Browse button
to locate this file.
Key name
Type the private key name to use in the key file on the source
directory server instance.
Key password
Type the key database password on the source directory server
instance.
If you do not want the new directory server instance to use SSL,
clear the Use SSL connection check box.
Click Next.
In the Instance setup - step 1 window:
Verify that the information provided about the source directory
server instance in the Source URL and Source instance type fields is correct.
The Source instance type can be Directory server (a
server that has an associated database) or Proxy server (an
LDAP server that is not associated with a database, but acts as a
front-end to the directory and routes requests to certain other directory
servers).
If these fields are not correct, click Back to
return to a panel where you can specify information about the source
directory server instance again.
If you want the new directory server instance to participate in
replication as a peer or replica server, select the Configure
as Peer or Replica server check box, and then click either Replica or Peer to specify
the replication role of the directory server instance.
The Configure as Peer or Replica server check box is
enabled only if the following requirements are met:
The Source instance type is Directory
server.
There is a replication context defined on the source directory
server instance. (You cannot use the Instance Administration Tool
to set up the first replica or peer in a replication topology. The
source directory server instance must already have at least one replication
context, replication group, and replication subentry defined. If a
replica is being configured, the source directory server instance
must already have the initial replication topology defined, including
an agreement to at least one other server. If a peer is being configured,
the source server must be defined as a master for one or more of the
subentries in the replication configuration.
For more information about replication, see the IBM® Tivoli Directory Server Version
6.3 Administration Guide.
In the User name field, specify the system
user ID that will own the new directory server instance. This will
also be the name of the directory server instance, the DB2 administrator ID, the database
instance name, and the database name. The user ID must exist on the
system and must not be the name of any other directory server instance
on the computer. The name cannot be longer than 8 characters. See Appendix D. Setting up users and groups: directory server instance owner,
database instance owner, and database owner for detailed information about the user ID.
In the Password field, specify the system
password for the user ID.
In the Install location field, specify the
location where the directory server instance files will be stored.
This will also be the location of the database. Be sure that you have
at least 30 MB of free disk space in this location.
On Windows systems, this location
is a drive, such as C:. The directory instance files will be stored
on the drive you specify in the \idsslapd-instance_name directory.
(instance_name is the name of the directory
server instance.)
On AIX, Linux, and Solaris systems, the
default location for the instance files is in the directory instance
owner's home directory, but you can specify a different path.
Click Browse if you want to select a location.
Click Next.
In the Instance setup - step 2 window, complete the following
fields and then click Next.
Administrator DN
Type the administrator DN for the new directory server instance.
Password
Type the administrator DN password for the new directory server
instance.
Confirm password
Type the administrator DN password again for confirmation.
Copy data from source instance to new instance
If you want to copy the data from the database of the source
directory server instance during the copy directory server instance
operation, select this check box and then type the path where the
backup images are stored in the Path for backup images field.
(You can use the Browse button to help you locate
the path.) This check box is selected by default and cannot be cleared
if you are creating a replica or peer server.
If you want to copy
the data while creating the new directory server instance, the following
requirements must be met:
The source directory server instance must be configured to allow
for online backups. You can configure for online backup during initial
database configuration (through the Instance Administration Tool or the Configuration Tool), or
using the Backup database task in the Configuration Tool.
An initial offline backup must have been taken on the source directory
server instance at some time before you use the Instance Administration
Tool to copy the directory server instance. The path you specify must
contain only one backup image.
The path where the backup images are stored must be accessible
to both the source directory server instance and the new directory
server instance.
If the source directory
server instance is a remote instance, be sure that the backup path
is a shared path that is accessible from both the systems (for example,
a read-write NFS file system).
See the IBM Tivoli Directory Server Administration
Guide for information about the backup procedures.
In the Verify settings window, information is displayed about
the options you specified. To return to an earlier window and change
information, click Back. To begin creating the
directory server instance, click Finish.
The Results window is displayed, and messages are displayed while
the instance is being created. A completion message is displayed when
instance creation is complete. Click Close to
close the window.
Note:
After you create the instance, set the administrator
DN and password and, for a full directory server, configure the database,
see After you install and configure for information about:
Starting the server
Starting the Embedded WebSphere Application Server service if you have installed and configured
the Web Administration Tool.
You can find information about using the Web Administration Tool
in the IBM Tivoli Directory Server Version 6.3 Administration Guide.