As the title implies we would like to migrate our eDirectory to a version running under an application ID and not the root user. We are attempting the approach of building a new machine and using the tar ball deploying eDir per install docs. Issues start with running ndsconfig and trying to join the existing tree. This would be expected as the root version of eDir is running on ncp port 524 and the new instance is configured to use ncp on port 8524.

Has anyone performed this type of migration with success? Ultimately we would like to be running eDir under a different user than eDir but need a way to get from point a to point b.

My first thought was iptables to translate calls to the new replica server port 524 to 8524. then on the existing replica servers redirect calls to 8524 to 524. I was still receiving connection issues.

My second thought was to reconfigure the current replica servers to use port 8524. I changed the n4u.server.interfaces parameter to 8524 and restarted eDir. I left all other nds.conf ports unchanged as this is the only instance on the individual machines. eDirectory now complains of 625 and 626 errors. I ran ndsrepair -N and repaired server addresses on all replica servers and still receiving 625 and 626 errors. I am able to connect the port 8524 from each system to the other. I then noticed was listening on port 524 (see below) and thought this may be the issue. I am unable to find resolution to change this behavior or even if it may be changed.

replicaserver1:/ # netstat -na | grep -i 524 | grep -i listen
tcp 0 0* LISTEN
tcp 0 0* LISTEN

any insight is appreciated.