PingDirectory

Migrating static groups

About this task

PingDirectory server supports static LDAP groups with structural object classes of groupOfNames, groupOfUniqueNames, or groupOfEntries. In general, you can import static groups without modification.

You can enable a First-In, First-Out (FIFO) entry cache to cache group-to-user mappings, which improves performance when accessing large entries at the expense of greater memory consumption. PingDirectory server provides an out-of-the-box FIFO entry cache object for this purpose. You must enable this object using dsconfig as described in Using the entry cache to improve the performance of large static groups.

To migrate static groups:

Steps

  1. To enumerate any schema differences between the DSEE deployment and the Ping Identity deployment, use the migrate-ldap-schema tool.

  2. To enumerate any configuration differences between the DSEE deployment and the Ping Identity deployment, use the migrate-sun-ds-config tool.

  3. Import or configure any necessary schema or configuration changes recorded by the tools in steps 1 and 2.

  4. Import the existing users and groups using the import-ldif tool.

  5. From the PingDirectory server root directory, open the docs/sun-ds-compatibility.dsconfig file using a text editor.

  6. Go to the FIFO Entry Cache section.

    1. Read the accompanying comments.

    2. To enable the corresponding dsconfig command, delete the comment character ("#").

      Example:

      $ bin/dsconfig set-entry-cache-prop \
  --cache-name "Static Group Entry Cache" --set enabled:true

  7. To ensure that references to an entry are updated automatically when the entry is deleted or renamed, enable the Referential Integrity plugin.

    Example:

    $ bin/dsconfig set-plugin-prop --plugin-name "Referential Integrity" --set enabled:true

Next steps

If the PingDirectory server is part of a replication topology, enable the Referential Integrity plugin for each replica.