*** Introduction:
This document is a feedback and applies to NetWare 5.0 tree only.
No upgrade neither direct migration to Linux OES is possible in this scenario.
I have to provide one of our customers with a document 'How to migrate to
Novell OES Linux'. They will probably do it.
So I have to test almost everything, especially how to insert in the
existing tree, how to migrate data with trustees and how to manage all this
stuff after migration.
So I created a test platform (VMware) and went on.

*** Existing Context:
A tree with four NetWare 5.0 servers ONLY, NDS v 7.51, SP6A, same LAN
All servers has IP activated, some - IPX
SLP configuration : yes
Server with Master replica of Root partition (SRV1)is SLP DA, all other
servers point to it, via sys:etc/slp.cfg file
One of four is LDAP server (SRV-LDAP), v3.08, ports 389 and 636, but no SSL
certificate associated. That means secure connections are not accepted.
SAS and PKI are installed on LDAP server, there is no CA in the tree (no need)
LDAP server has R/W replica of Root partition
LDAP configuration has 'Allow Clear Text Passwords' option unchecked
A server hosting NDPS broker/manager/PAs has no replicas
No NSS volumes
SRV1 is timesync single, all others secondary

*** Preparation

- make sure all NW5.0 servers have SP6A, NDS v7.51, SLP configured and time
- run NW Deploy Manager (NetWare 6.5 OS CD) and perform 'Search tree for
NDS versions' and 'Prepare for new eDirectory' steps
This will update NDS on each concerned server to v7.62b (June 19,2003)
and extend the existing scheme.
Make sure that NDS was updated by typing 'm ds.nlm' on each server's
system console

*** Installation

- Start the installation
Up to 'eDirectory Configuration - New or Existing Tree' window, it runs
- The pattern 'Novell OES' is choosen by default. Go to detailed selection
and check which kernel package is selected. If kernel-smp is selected you
may have problems later with NSS modules loading (see Aaron's tip
Also, I decided to install NSS component after the installation has finished.
- Choose 'Configure OES now'
- Give an existing tree name. I used name, not IP, and it was found. I
think SLP helped
- Give IP address of a server with M or R/W replica, secure port number,
FDN with context of Admin user and password.
I gave my LDAP server information.
Here I had the first problem because the following error message appeared
'User credentials failed to validate using Server : XXXX user : YYYY LDAP
port : ZZZ Do you want to continue anyway ?'
That's because connection to existing LDAP server must be done through
secure port. As SRV-LDAP doesn't accept secure SSL connections, this error
pops up. So what are your options at this moment ??
** FIRST Option: create a CA in the tree, create SSL certificate,
associate it with LDAP server, restart NLDAP.NLM and then try to validate
credentials again. You will see that they are verified and no error appears
this time. But unfortunately, later, at 'Perform eDirectory Configuration'
window progress bar stays ages and ages (!) at 'Wait for eDirectory to
respond to LDAP requests' point, and then famous error 'UNABLE TO BIND TO
eDIRECTORY THROUGH LDAP' pops up. You will NOT be able to finish
installation. I tried to do something similar to what Muzza did on his
NW6.5 server : re-create CA, re-create SSL certificate, re-associate it
with LDAP server. But result was the same : unable to bind...
Novell TID 10097220 says that this issue has been resolved with
eDirectory 8.7.3 IR6 or later
** SECOND Option : just ignore the error and click on YES. Install will
go to the end, you will see a message about successfull installation of
OES, but some components will fail to configure during install (in my case
it were LUM, eGuide, QuickFinder and Novell Samba)
I took second option
- 'Joining tree with older version of eDir' window : click 'Continue'
- Give a context for new server
- NTP : I tried both external source and existing NW5.0 server, both were OK
- SLP : normally you should take option three and give IP of existing SLP
DA and scope name or just UNSCOPED
New OES Linux server should be probably converted later to the main SLP
DA of the tree, but I did not finish testing yet.
- 'Perform eDirectory Configuration' window appears, wait
- After installation server reboots and you can do post-install tasks

*** Post-Installation

- I checked immediately (with C1 or NWAdmin32 or iManager)that following
objects were created in eDirectory : new server, it's volume SYS, LDAP
Group and LDAP Server, CA, IP and DNS SSL certificates, SAS Service, http
server, new-server-PS, SNMP Group and some objects in Security context
- Were verified : existing servers 'know' now the new one (dsrepair shows
it up), http server on port 80, Remote Manager on port 8009,iManager, NCP
volume SYS, connexion to server and map to volume SYS from Windows station,
ssh access, LDAP requests on ports 389 and 636
- namcd takes ages to start
- when I tried to re-configure failed components, I did not succeed
For exemple, LUM Config showed the same error message as during install :
'Unable to connect to LDAP Server XX.YY.ZZ.WW or the specified user does
not have enough privileges to configure LUM. Please correct the problem and
re-run namconfig after the install'. With running namconfig in the shell I
had no more luck.
eGuide, Samba and quickFinder also produced errors.
Solution was simple : using iManager or NDSMgr32 put a R/W replica of
Root partition on new OES Linux server
After that I could, without particular problems, configure and test LUM
(wow, good stuff !), eGuide, Samba and QF as well
And namcd (very important element !) comes up quickly !

I noticed that four users novlxregd, novlxsrvd, wwwrun, novlwww were
created locally on OES server (they appear in /etc/passwd file). Is it
normal or not ? Services (Http, Tomcat, apache) work. I ask because on
another OES Linux test plateform (separate tree with only one server, OES
Linux) these users show up in eDirectory, and not in /etc/passwd.
In one case I join a tree, in another one I create a new one. Can this
difference explain why these four users are created in different places ?

Now I am going to re-install OES once again and focus on data migration
from NW5.0 to OES Linux.
As direct migration is not possible, I'll try to migrate data to a
temporary OES NetWare server (separate tree) and then, from NetWare to OES

If something is not clear to you in the post, let me know.
Hope my feedback will help.