How to migrate data from Sun ONE directory to CA Directory?

Document ID : KB000025245
Last Modified Date : 14/02/2018
Show Technical Document Details

IMPORTANT: This article contains information about modifying your directory. Before you modify the directory, make sure you have the appropriate knowledge of any or all functionality. If you have any concerns please open up a case with support and reference this tech doc:

This article is offered "as is".


The following procedure will assist you to migrate your data from Sun ONE directory to CA Directory


  1. Connect to Sun ONE Directory server console

    • For Windows

      Click "Start" -> "Programs" > "Sun One Server Products" > "Sun ONE Server Console 5.2"

      For Solaris

      Enter the command /var/Sun/mps/startconsole
    • Enter "User ID" + "password" and connect to the Administration URL by clicking "Ok"

    • Expand the "HOSTNAME" node and then the "Server Group" node (HOSTNAME is the hostname of your machine eg.

    • Click "Directory Server (HOSTNAME)"

    • Click "Open" on the right side window pane

  2. Export LDIF from the Sun ONE Directory Server console

    • Click "Export to LDIF" on the "Tasks" tab

    • Enter location and file name in the LDIF file field . eg "c:\democorp.ldif".

    • Select "Subtree"

    • Click "Browse"

    • Select the node other than "o=NetscapeRoot" (e.g. o=Democorp) and Click "OK"

    • Click "OK"

    • Click "Close" when the dialog box reports "Export finished"

  3. Install the latest CA Directory r12.0 SP1 (or later) version on the machine. If it is a separate machine then you will need to copy the exported LDIF file from Sun ONE to the new host.

    • Open a command prompt and enter the following command to sort the exported LDIF file
      % ldifsort democorp.ldif democorp_sorted.ldif
    • You need to delete the following attributes, which are specific to Sun ONE directory and not required by CA Directory, from the democorp_sorted.ldif file
      nsUniqueID, entryid, entrydn, aci, parentid, subschemasubentry, numsubordinates, hassubordinates
      Alternatively you can run a perl script to remove the above attributes from the democorp_sorted.ldif file. ( file attached)
      % democorp_sorted.ldif democorp_ca.ldif
    • Create a new DSA by using the following command
      % dxnewdsa -s 500 democorp 19389 o=democorp
      This will create a standalone DSA called "democorp", which has a 500MB datastore, and communicates on TCP port of 19389. This DSA is configured to have a prefix of o=democorp (this is also known as the suffix in SunONE).
    • Enter the following command to stop the DSA
      % dxserver stop democorp
    • Open the DXHOME/config/servers/democorp.dxi file and add the following under the schema section

      1. If you are just using standard Sun ONE users
        source "../schema/nsroaming.dxc";
        source "../schema/sunone.dxc";
      2. If you have exported CA SiteMinder data from Sun ONE then add the following
        source "../schema/nsroaming.dxc";
        source "../schema/sunone.dxc";
        source "../schema/netegrity.dxc";
        NOTE: You will need to copy "%NETE_PS_ROOT%/etrust/netegrity.dxc" (Windows) or "$NETE_PS_ROOT/etrust/netegrity.dxc" (Unix) from the machine where Siteminder is installed to the CA Directory machine's "DXHOME/config/schema" folder

      3. If you are using custom schema for your Sun ONE directory, you need to do the following

        1. Run the dxschemaldif tool to extract the schema which was used by your Sun ONE directory instance. On the command prompt enter the following
          % dxschemaldif -v -D "cn=Directory Manager,o=Democorp" -w mypassword myhostname:389 > SunOneSchema.ldif
          NOTE: You will need to replace the "cn=Directory Manager,o=Democorp" with the actual DN you want to bind as and "mypassword" with the password of the userDN.
          Replace myhostname with the machine name of the LDAP server.

        2. Enter the following command to convert the extracted schema from Sun ONE to CA Directory schema.
          % ldif2dxc -v -x "%DXHOME%\config\schema\default.dxg" -f "c:\SunOneSchema.ldif" SunOneSchema.dxc
        3. Copy the SunOneSchema.dxc file to DXHOME/config/schema folder

        4. Add the following to the %DXHOME%/config/servers/democorp.dxi

          source "../schema/SunOneSchema.dxc";

    • Run dxloaddb to load the datastore of the democorp DSA using the democorp_ca.ldif file
      % dxloaddb -v democorp democorp_ca.ldif
    • Restart your DSA
      % dxserver start democorp
    • Connect to the democorp DSA running on port 19389 via a LDAP browser. You should now be able to see the data in CA Directory which previously existed in Sun ONE.
File Attachments: