What steps did you use for the ldap migration. Can you share ? 

This is the most useful guide I found from PTC:
https://support.ptc.com/help/wnc/r12.0.2.0/en/index.html#page/Windchill_Help_Center/WCUpgrade_UpdatingtootherLDAP.html

Install Java, then you can install OpenDJ.

After installation, manually build out the LDAP tree prior to running PSI.

Upgrade Manager moves groups and organizations from LDAP to the database and then deletes them from LDAP; so a WindchillDS instance should be installed also. Refresh your WindchillDS instance from your Windchill 11.2 system and that will be your source LDAP.

Some more resources can be found here. Great that you have a success story. 

We are looking for some kind of migrator which will easily migrate from Windchill DS to OpenDJ.

Thanks!!

I have tried export source (11.2 WCDS) and imported to OpenDJ v4, no luck. followed the ptc document with modified ldif, no luck. what is the version of OpenDJ you had successful story?

the reason of using OpenDJ is the java, I don't like the idea to have java 8 and java 11 both in WC12 instance.

With my experience, WCDS11.2 will work and support the upgrade processes, however my groups and org are existing in both ldap and db, not sure how it happens. 

I used OpenDJ 4.4.11.

Did you migrate to OpenDJ first, or upgrade 10 12 using the 11.2 DS and then move to OpenDJ? Thanks in advance!

I've done a migration from 11.0 to 12.0.2 We took a clone of 11.0 and migrated from WindchillDS 11.0 to OpenDJ.

In another migration went from WC10.2 to WC12.0.2. Since it is a double upgrade path, we went from 10.2 to 11.1 (with WindchillDS) and then from 11.1 to 12.0.2 with OpenDJ.

Thanks! And you said you manually built the tree in OpenDJ. We have thousands of entries in our DS and was wondering if there is migrator tool to move them from DS to OpenDJ.

I mean manually built the Base DN. I think this should help:
https://www.ptc.com/en/support/article/CS337415

I've done several of these upgrades/migrations and it always depends on how your existing WindchillDS (WDS) is structured AND how you want the target LDAP to be structured.

First, the upgrade process as explained and documented by PTC requires the use of WindchillDS 11.2 to get through the upgrade to 12.x.  The upgrade manager migrates Organizations and Groups into the database and Info*Engine (configuration node) into JSON files in %wt_home%\IEConf.  If the "cn=configuration,cn=Windchill_##.#,o=ptc" node still exists  in WindchillDS 11.2 after upgrade to 12.x, just delete it.  Only user accounts should be left in WDS.

Use Apache Directory Studio to make DN structure changes like migrating all accounts from EnterpriseLdap to AdministrativeLdap.  It is easy to use and can move multiple user accounts in one operation.  I am also getting rid of the Windchill version number from the DNs (e.g. ...,cn=Windchill,o=ptc).  We don't structure Active Directory by Windchill versions so why should we do it in OpenDJ?

Install OpenDJ Community Edition if you are OK running Java 1.8.  I believe the paid ForgeRock version of OpenDJ supports Java 11.  Go with OpenLDAP or Active Directory if you don't want Java at all.

For the OpenDJ Community Edition installation, I build a folder structure like this...

Java: D:\PTC\OpenDJ-4.4.14\Java

OpenDJ: D:\PTC\OpenDJ-4.4.14\OpenDJ

The following will set it up without installing Java with the OS and with the baseDN o=ptc.

set opendj_home=D:\PTC\OpenDJ-4.4.14\OpenDJ

set java_home=D:\PTC\OpenDJ-4.4.14\Java

pushd %opendj_home%

setup.bat -h localhost -p 389 --ldapsPort 636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword P@ssw0rd --baseDN o=ptc --addBaseEntry --cli --acceptLicense --no-prompt

There are other tweaks you can do like naming the OpenDJ Java process, installing as a Windows service, and changing the Windows service name.

Migration is an export/import process.

1. From WindchillDS Control Panel, export the remaining LDAP structure and EXCLUDE attributes entryUUID, createTimestamp, and creatorsName as these are read-only in OpenDJ and will not import.

2. If all on one machine, shut down WindchillDS and start up OpenDJ.

3. Edit the exported LDIF in your favorite text editor.  Search and replace "ptcSubtree" with "organizationalRole" and save the file.  OpenDJ does not have a class named "ptcSubtree" and it will prevent import.

Always create a backup of the userRoot of OpenDJ before attempting the import.  Import can corrupt the userRoot and the only way to recover is to restore from backup or re-install OpenDJ.

4. Import the updated LDIF file into OpenDJ using the OpenDJ Control Panel.

Note: If the DNs match between WindchillDS and OpenDJ, we do not need to heal disconnected participants post LDAP migration.

If your LDAP DNs and/or Repositories have changed, then use the (Bulk) Principal Reconnect Utility available in 12.0.2.0 and later.

https://support.ptc.com/help/wnc/r12.0.2.0/en/index.html#page/Windchill_Help_Center/ParticipantAdminParticipantMigration.html

@mmeadows-3  Thanks for the details here, they are great. I cant wait to try this out and get it working. Only update I would add to this is that OpenDJ version you are using does also support Java 11. 

Have a great weekend.

@AndyHermanson Thanks for the insight.  I couldn't find a statement saying Java 11 was supported.  Following your reply, I just swapped out my Corretto Java 1.8 with Corretto Java 11.0 and OpenDJ started up no problem.  Thank you!

I can confirm that Java 11 will work, as I have OpenDJ 4.4.11 setup currently with it.

Last comment...  I hate trying to figure out which java.exe process belongs to which application.  It isn't quick and is error prone even with the Command line column in the Task Manager.  So, I name the Java process https://www.ptc.com/en/support/article/cs126218 for Windchill (java_sm.exe, java_ms.exe, java_bgms.exe), SOLR (java_solr.exe), and OpenDJ (java_ldap.exe).  Now that WindchillDS is gone, to name the OpenDJ process...

From the elevated cmd shell:

if not exist %JAVA_HOME%\bin\java_ldap.exe copy /y %JAVA_HOME%\bin\java.exe %JAVA_HOME%\bin\java_ldap.exe

Edit: %opendj_home%\config\java.properties

Add ~line 56: default.java-home=D:\PTC\OpenDJ-4.4.14\Java

Edit: %opendj_home%\lib\_script-util.bat

Search and Replace: java.exe

With: java_ldap.exe

(10 occurrences)

Restart OpenDJ

So I ran through this now and the issue I was having was that the cn=Configuration node was still in there and that was causing the import failure. Was this in the documentation and I missed it somewhere?

Thanks again for the help this gets me past my holdup. 

The configuration node in Windchill DS can be deleted once the upgrade finishes.  All of that information gets moved to JSON files and is no longer needed, the upgrade manager just doesn't bother to clean it up.  I had a case open on this quite a while back.  Let me see if it ever turned into an article...

Found it.

https://www.ptc.com/en/support/article/CS335696

Also here.

https://www.ptc.com/en/support/article/CS337554