After you upgrade in place
The DS server upgrade process preserves the existing configuration as much as possible. This maintains compatibility, but there are more steps you must take.
Checklist
Use this checklist to make sure you don’t miss these important post-upgrade tasks:
-
Back up your directory data.1
-
Update your scripts to account for incompatible changes.
-
Plan your move away from deprecated features.
-
Move to dedicated service accounts for your directory applications.2
-
Manually review and purge the DS server configurations for stale references to old servers.3
-
Review what’s new and changed and adopt useful improvements.
-
Optionally activate new features.
1 Backup files are not compatible between versions.
2 You would not run all your applications as the Linux root user or the Windows Administrator.
Stop using superuser accounts like cn=Directory Manager or uid=admin as service accounts.
Many DS setup profiles create service accounts for applications to use when authenticating to DS.
For examples of AM service accounts, refer to the base-entries.ldif files in setup profiles
under the opendj/template/setup-profiles/AM directory.
3 You can read the opendj/config/config.ldif file to find stale references,
but always use the dsconfig command to make changes to the configuration.
Tune settings
Major software releases include significant changes that can render existing tuning settings obsolete. When upgrading to a new major release of DS or Java software, revisit the system configuration, server configuration, and Java settings. As part of the upgrade process, adjust the settings appropriately to align your deployment with the new software version.
Learn more in the release notes and Performance tuning.
Activate new features
The DS upgrade command configures the following new features but doesn’t enable them.
Optionally enable the new features for use in your deployment:
-
Enable the HDAP endpoint:
$ /path/to/opendj/bin/dsconfig \ set-http-endpoint-prop \ --endpoint-name "/hdap" \ --set enabled:true \ --hostname localhost \ --port 4444 \ --bindDN uid=admin \ --bindPassword password \ --no-prompt \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePassword:file /path/to/opendj/config/keystore.pin -
Enable the
ds-pwp-state-jsonvirtual attribute:$ /path/to/opendj/bin/dsconfig \ set-virtual-attribute-prop \ --name "Password Policy State" \ --set enabled:true \ --hostname localhost \ --port 4444 \ --bindDN uid=admin \ --bindPassword password \ --no-prompt \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePassword:file /path/to/opendj/config/keystore.pin -
Enable the
PBKDF2-HMAC-SHA512T256password storage scheme if needed for interoperability with Microsoft Entra ID:$ /path/to/opendj/bin/dsconfig \ set-password-storage-scheme-prop \ --scheme-name "PBKDF2-HMAC-SHA512T256" \ --set enabled:true \ --hostname localhost \ --port 4444 \ --bindDN uid=admin \ --bindPassword password \ --no-prompt \ --usePkcs12TrustStore /path/to/opendj/config/keystore \ --trustStorePassword:file /path/to/opendj/config/keystore.pin
Upgrade complete
-
Perform these steps before you upgrade
-
Upgrade each:
-
Perform these steps after you upgrade