Symantec Access Management

  • 1.  Migrating Provisioning Directory from WinServer to Virtual Appliance

    Broadcom Employee
    Posted Jun 20, 2017 05:54 PM

    Good evening

     

    I am deploying a new instance of IDM that will run on the Virtual Appliance. The User Store data has been remapped to the standardised attributes.  I have managed to use the internal tools (dxdumpdb) to export the ldif file. The file also imports. What is an issue though, is the references to the old WinServer deployment, particularly when it comes to what server(s) it should be referencing when the data is modified using Provisioning Manager.

     

    I have tried the following:

    1) I have tried extracting with JXplorer, which fails soon after attempting to extract the data

    2) I tried to setup a Windows Instance to run in HA with the VApp, but can't get the VApp to register the Windows instance.

    3) I have tried to update the extract from dxdump to eliminate the line wrapping (the -w switch is ineffective). The importer, can't read beyond the preset line wrap point when I managed to edit the file using TextPad to get around the special characters.

     

    Any suggestions are very welcome

     

    Regards

    Muzi



  • 2.  Re: Migrating Provisioning Directory from WinServer to Virtual Appliance
    Best Answer

    Broadcom Employee
    Posted Jun 21, 2017 09:42 AM

    Hi Muzi,

     

    I am guessing by 'importer' in last comment you meant the use of 'dxloaddb' command. If not, please clarify what tool you are using to load the LDIF file that is dumped with 'dxdumpdb' command line tool. Maybe you have attempted to use LDAP browser to import the LDIF file?

     

    As for the problem itself, in order to assist you better, I would like to know:

    - What is the exact error you get when it fails to load the data.

    - What version and service pack of CA Directory is in use.

     

    Depending on the error, I might also ask you to send me the LDIF file to review. I understand if that cannot be shared over communities (as it might have sensitive data), in that case your best option is to open a support case (and as you are part of CA family, it should be easy for you to do) and we can work this further that way.

     

    Thanks,

    Hitesh



  • 3.  Re: Migrating Provisioning Directory from WinServer to Virtual Appliance

    Broadcom Employee
    Posted Jun 22, 2017 04:26 AM

    Hi Hitesh

     

    I cleaned the environment and redeployed everything. I then used one of the secondary Provisioning Servers to extract the data from. Command issued was "dxdumpdb -w -f file_name server_name-co" (as per each Directory). This exported the file in an non-wrapped format. The switch order also seems to play a big part in the export. I updated the available server configuration before importing.

     

    The import was then done using 'su - dsa -c "dxloaddb server_name-co file_name". The data was imported as expected. I then had to log in to the Directory using JXplorer, this was to remove any trace values pointing to legacy servers. The legacy Servers tend to appear as Connectors to the Virtual Appliance which then causes errors when there is an attempt to update Templates or Endpoints in Provisioning Manager. After this step was completed, I was able to manage all the imported Provisioning Data, Endpoints, Templates and Roles.

     

    There are pitfalls to look out for, like the DSA credentials being imported not matching the deployed Credentials(so the Virtual Appliances credentials should be updated to match the old data's credentials. One can also opt to replace with DSA credentials in the old data with the Virtual Appliance's, which also works.

     

    The deployment seems to be properly integrated with the components at this point and I have started testing the functions.  Thank you for the assistance.

     

    Regards

    Muzi