Environment
Novell DirXML Nsure Identity Manager 2.0
Situation
Resolution
1) Export the current driver set using iManager or Designer prior to making any changes to the driver.
2) Install the Meta-directory server
software on to the new hardware after making sure that the server
is in the same tree and holds the same replicas as does the current
production server being replaced. (Make sure that the patch levels
are the same on the servers. Schedule to update the new server with
the latest patches where possible)
4) Do not start the drivers on the
new hardware at this point. The drivers will be dissabled
initially.
6) The driver(s) have server
specific attributes that do not replicate to the other servers in
the replica ring. So, adding a new server to the driver set will
not move all configuration information over to the new server when
using DirXML or Identity Manager 2.0. Identity Manager 3 has the
option to copy the configuration from one server to the
other.
7) Go to the properties of the driver for the new server assigned to the driver set. Add the driver configuration properties to the driver for the new server. (Authentication ID, Authentication context, Remote loader Password, Driver object password, Application password, Driver Parameters, etc)
8) The above step can be confusing, when you go to the properties of the driver, you can choose which server you want to change the settings for. Double-check that the new server is selected when changing the properties.
9) Disable your new driver under the startup options. Double check that your settings match the driver for the production server currently running. Once you have confirmed that they are the same, enable the new driver under the startup options, prior to choosing apply, make sure to check the box to not auto-synchronize the driver. The check box appears once you set the driver to manual or auto-start.
The above step of enabling the new server and the below step of stopping the driver on the old server should be performed one after another, allowing for little time to pass. This will help prevent duplicate events from processing as the new server is now logging events and once the new server starts the driver, it will process the events that have been cached to the TAO file.
10) Go to the production driver and stop the driver. All changes will still be written to the TAO file for this server. So, if the new server has problems, you can revert back to the original server. (once the new server is up and working, feel free to disable the old server's driver so the tao file does not grow in size)
11) Start the driver on the new server, and test the driver thoroughly.
12) If some changes appear to not have come over during the change over, you can choose to auto-resynchronize the driver. In large environments, you will want to make sure that you do this during non-business hours. Or schedule a possible down time as a lot of network traffic can take place. The above steps should prevent an auto-resync
13) The eDirectory driver needs to
have certificates created. To do this, re-run the nds2nds
certificate wizard. It will re-issue the certificates and auto
configure the drivers with the certificates for the three servers.
The two servers in the current tree running the engine and the
server in the apposing tree.