The PingDirectory Server supports static LDAP groups with
structural object classes of
groupOfEntries. In general,
static groups may be imported without modification.
A FIFO entry cache can be enabled to cache group-to-user mappings, which improves performance when accessing very large entries, though at the expense of greater memory consumption. The PingDirectory Server provides an out-of-the-box FIFO entry cache object for this purpose. This object must be explicitly enabled using dsconfig as described in Using the Entry Cache to Improve the Performace of Large Static Groups.
To migrate static groups:
- Run the migrate-ldap-schema tool to enumerate any schema differences between the DSEE deployment and the Ping Identity deployment.
- Run the migrate-sun-ds-config tool to enumerate any configuration differences between the DSEE deployment and the Ping Identity deployment.
- Import or configure any necessary schema and/or configuration changes recorded by the above tools.
- Import the existing users and groups using the import-ldif tool.
From the PingDirectory Server root directory, open the
sun-ds-compatibility.dsconfigfile in the docs folder using a text editor.
Find the FIFO Entry Cache section and, after reading the
accompanying comments, enable the corresponding dsconfig command
by removing the comment character ("#").
$ bin/dsconfig set-entry-cache-prop \ --cache-name "Static Group Entry Cache" --set enabled:true
To ensure that references to an entry are updated automatically when the entry is
deleted or renamed, enable the Referential Integrity plugin.
$ bin/dsconfig set-plugin-prop --plugin-name "Referential Integrity" --set enabled:trueIf this Directory Server is part of a replication topology, you should enable the Referential Integrity plugin for each replica.