Symantec Access Management

  • 1.  XPSImport vs dxloaddb to import the store ?

    Posted Dec 20, 2017 03:14 PM

    Hello Folks , 

     

    We are planning to upgrade the PS to 12.7 SP1 . While doing , as a part of it , tried to do XPSImport . Unfortunately all the objects are not getting loaded , i can see the count was very less .

     

    Then i tried dxloaddb , i am successful which make sense as i loaded whole store.

     

    Now if you can help me understand below, that would be helpful .

     

    1. why the XPSImport couldn`t do the job ? 

    2. And why only few objects were loaded.

     

    i haven`t added any special conditions to export or import. 



  • 2.  Re: XPSImport vs dxloaddb to import the store ?

    Posted Dec 20, 2017 03:19 PM

    Did you try xpsexport -xb ?

    This is for dump/full export 



  • 3.  Re: XPSImport vs dxloaddb to import the store ?

    Posted Dec 20, 2017 03:34 PM

    Hello Ujwol , 

     

    yes i used below command

     

    ./XPSExport /tmp/policyafter.xml -xb -npass -vT 

     

    ./XPSImport /tmp/policyafter.xml -npass -vT



  • 4.  Re: XPSImport vs dxloaddb to import the store ?

    Broadcom Employee
    Posted Dec 20, 2017 05:18 PM

    If you have export/import logs, check to see if there are any errors related to specific objects.

     

    Cross check the exported XML file by feeding this XML file to Siteminder Policy Reader tool and verify whether the object count from export matches original count.



  • 5.  Re: XPSImport vs dxloaddb to import the store ?

    Posted Dec 29, 2017 11:56 AM

    We use these modifiers when doing an XPSExport in our environment: -xe -xi -xp. So our command is looks like this: 

    XPSExport <file.xml> -xe -xi -xp -npass -vT This should bring all the objects minus the security details. We also use the -xs and -xb flags also depending on our need at the time. However we mainly use the -xe -xi -xp flags when we are migrating data between environments. 



  • 6.  Re: XPSImport vs dxloaddb to import the store ?
    Best Answer

    Posted Dec 20, 2017 03:29 PM

    The advantage of using DXLOADDB is that we may be able to move the data as is, even if we have corrupt data within. It is nothing but a dump snapshot load of the LDAP / Directory data. So it is easier. I'd use DXLOADDB for non SiteMinder Data Use Cases.

     

    The advantage of using XPSTools is that it will not allow corrupt data to be migrated. Hence we have to go through the process of cleansing the data before migrating. I would use XPSTools for SiteMinder Policy Data Use Cases.

     

    As to the reasons why data was not migrated using XPSTools. Did you receive any error? OR did you use the correct command to export with the correct flags.

     

    Added Info :

    https://docops.ca.com/ca-single-sign-on/12-7/en/upgrading/in-place-upgrade/correct-policy-store-integrity-errors-before-migrating

    https://docops.ca.com/ca-single-sign-on/12-7/en/administrating/remove-stale-policy-objects-using-the-xpssweeper-tool

    https://docops.ca.com/ca-single-sign-on/12-7/en/administrating/policy-server-tools/xpssweeper

     

    Regards

    Hubert



  • 7.  Re: XPSImport vs dxloaddb to import the store ?

    Broadcom Employee
    Posted Dec 29, 2017 04:46 PM

    Good answers.  Just FYI. We recommend using -vT, -l and -e switches to XPS export/ import commands to get more traces and details of errors, if any.

    best wishes. Vijay