Solaris Upgrades and the NICI Migration Utility
Novell Cool Solutions: Tip
Digg This -
Posted: 4 Feb 2002
One of our readers got themselves in a pinch when they didn't read the readme. While we're sure the rest of our readers are committed readme readers, we thought we would throw this over the wall just in case.
I just upgraded my Solaris eDirectory install to 8.6.1. AFTER the install was finished I read the readme.txt which indicates that I was supposed to run the NICI Migration utility BEFORE I did the upgrade.
Now, just as the readme.txt indicated, all of my security objects are disabled. How do I recreate these objects or enable them? I tried to run the NICI Migration utility after the upgrade but it did not work. This is just my home test system.... Is it better for me to reinstall eDirectory?The advice:
Be happy this is not a production tree. Skipping NICI upgrade is one of those BIG BAD THINGS. In earlier versions of eDirectory, NICI was part of the directory and stored the 'secrets' to use the Tree Key and CA in /var/nds/nici. Now NICI is a separate package and stores its secrets in /var/novell/nici. If you don't upgrade the older secrets into the newer location, then the server will no longer be able to use the Tree Key and CA produced using the older secrets in /var/nds/nici. Hence the need to upgrade NICI before upgrading eDirectory. The security engineers have an emergency recipe that you can try if you still have your old nici/ sub-directory around (i.e. /var/nds/nici by default) and the "o=security" container hasn't been touched since the upgrade. You need to run this first on the master server that contains the "ou=security" object.
- Shutdown the server daemon
- Remove new NICI package (You may have to do a forceful remove if the package manager complains about dependencies).
- rm -rf /var/novell/nici
- run NICI upgrade utility. This will bake the old files in /var/nds/nici and put them into /var/novell/nici
- Install new NICI package.
- Start server daemon.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com