Upgrade from DS 7.4.0
If the deployment includes a DS 7.4.0 server with data encryption using default settings, follow the procedures in this page.
If the deployment has no DS 7.4.0 servers or does not use data encryption, skip this page.
Due to an issue (OPENDJ-10211) in the way DS 7.4.0 encrypts data on disk when using the default
cipher-transformation: AES/GCM/NoPadding setting, the backend or changelog data on disk and encrypted with 7.4.0
is incompatible with all other DS versions.
If the deployment is configured with non-default
that do not use the AES algorithm and GCM mode, the problem doesn’t affect the deployment.
In this case, skip this page.
Otherwise, the directory data on disk uses incompatible encryption.
Any binary backups of the backend data are also affected.
You can’t use the
upgrade command to upgrade a DS server
to 7.4.0 from earlier versions or from 7.4.0 to later versions.
You can upgrade by adding new DS servers; follow these steps:
Upgrade by adding new servers, leaving existing 7.4.0 servers in operation during the upgrade.
Change the bootstrap replication servers for each server to stop using the DS 7.4.0 servers.
If you use backup files, create them from the new servers with compatible encryption.
Stop directing client application traffic to the DS 7.4.0 servers.
Wait until the replication purge delay has elapsed (default: 3 days) and retire the DS 7.4.0 servers.