The conversion program that imports DCE authorization information into LDAP is called
hpss_ldap_import.
Usage: hpss_ldap_import <input dir> -realmname <realm>
% hpss_ldap_import /var/hpss/convert/6.2 -realmname
"cn=hpss.acme.com"
Where the realmname option should use the name of the realm desired in LDAP.
The program requires a path to the directory where expected input files reside (the same path used
when running hpss_dce_export). The program also allows some options for specifying what should
be imported. Executing the program with no optional commands will result in a full import of group,
principal, and cell information into LDAP. Sites are only recommended to use options if previous
steps fail and only part of the import should take place.
The program may output warnings like "WARNING: this group has no members". The groups are
still properly imported exactly as they existed in DCE (i.e. with no members), but the warning may
help the site determine if the group really is necessary or not in HPSS 6.2.
The hpss_ldap_admin utility must be run following the hpss_ldap_import utility
.
Create Local Site Information using hpss_ldap_admin
There is no utility provided to convert the local site information from the Location Server Policy (LS
Policy) into LDAP. However, the Location Server needs to be able to lookup the local site entry in
LDAP to register endpoints with the RPC group to successfully initialize and start in HPSS 6.2. Use
the new LDAP administration tool, hpss_ldap_admin, to create a new site entry using the correct
local site name from the Location Server Policy in HPSS 4.5 or 5.1. For example, if the local site
name was “hpss.acme.com”:
% hpss_ldap_admin
LDAP: connected to hpss.acme.com:389
realm: cn=hpss.acme.com
hla> site create -name hpss.acme.com
dn: cn=hpss.acme.com,cn=hpssSite,cn=hpss.acme.com
return code: 0 (HPSS_E_NOERROR)
In the example above, the hpss_ldap_admin program created a new site entry called “hpss.acme.com”
to match the local site name in HPSS 4.5 or 5.1 from the LS Policy metadata.
Import DCE Information into Kerberos
There is not utility provided to convert DCE principals and their passwords and UIDs into Kerberos.
Instead, sites should consider creating new Kerberos accounts for each DCE principal that requires
access to HPSS 6.2 that will have new Kerberos passwords. A site could create a Kerberos keytab file
in the event that users aren’t required to know a password to access HPSS.
6.3.19. Prepare the 6.2 System
The following steps should be performed only if the metadata conversion completed
successfully and no errors were reported by the conversion verification utilities. If there is a
possibility that the HPSS system will be reverted back to the 4.5 or 5.1 level, do not attempt
to continue with the remaining conversion steps.
HPSS Installation Guide
July 2008
Release 6.2 (Revision 2.0)
217
Summary of Contents for High Performance Storage System HPSS
Page 34: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 34...
Page 50: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 50...
Page 118: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 118...
Page 134: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 134...
Page 156: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 156...
Page 178: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 178...
Page 244: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 244...
Page 255: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 255...
Page 292: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 292...