Scenario: You have a legacy ODSEE LDAP server running in DS5 password policy mode and you want to set it up to replicate to OUD.
The first step you need to accomplish is to change the password policy mode from DS5-mode to DS6-mode.
If you try to jump right to it, you’ll see this output:
[oracle@odseeserver bin]$ ./dsconf pwd-compat -h odseeserver -P 1636 to-DS6-modeCertificate “CN=odseeserver, CN=1636, CN=Directory Server, O=Sun Microsystems” presented by the server is not trusted.
Type “Y” to accept, “y” to accept just once, “n” to refuse, “d” for more details: y
Enter “cn=Directory Manager” password:
Directory Server “odseeserver:1636” raised an unexpected error:
“[LDAP: error code 53 – Unwilling To Perform]”.
See the errors log for details.
The “pwd-compat” operation failed on “odseeserver:1636”.
And this error in your logs:
ERROR<5036> – Tasks – conn=-1 op=-1 msgId=-1 – Password Compatibility task and Password Policy state are incompatible. Can not change Password Policy state.
SOLUTION:
Turns out you can’t just jump right to DS6-mode. You need to go to DS6-migration-mode first. So issue these commands in order:
[oracle@odseeserver bin]$ ./dsconf pwd-compat -h odseeserver -P 1636 to-DS6-migration-modeCertificate “CN=odseeserver, CN=1636, CN=Directory Server, O=Sun Microsystems” presented by the server is not trusted.
Type “Y” to accept, “y” to accept just once, “n” to refuse, “d” for more details: y
Enter “cn=Directory Manager” password:
## Beginning password policy compatibility changes.
## Password policy compatibility changes finished.
Task completed (slapd exit code: 0).
[oracle@odseeserver bin]$ ./dsconf pwd-compat -h odseeserver -P 1636 to-DS6-mode
Certificate “CN=odseeserver, CN=1636, CN=Directory Server, O=Sun Microsystems” presented by the server is not trusted.
Type “Y” to accept, “y” to accept just once, “n” to refuse, “d” for more details: y
Enter “cn=Directory Manager” password:
## Beginning password policy compatibility changes.
## Password policy compatibility changes finished.
Task completed (slapd exit code: 0).
Now you can continue your ODSEE replication setup!