Environment
Novell SecureLogin
NSL7.0.2.x
Custom IDM driver successfully used to migrate SecureLogin attributes from eDirectory to ADAM
NSL7.0.2.x
Custom IDM driver successfully used to migrate SecureLogin attributes from eDirectory to ADAM
Situation
After migration all applications and settings show as if they were crated on the user object.
Inherited applications and settings no longer show as inherited.
Inherited scripts overwritten with local copies.
Inherited applications and settings no longer show as inherited.
Inherited scripts overwritten with local copies.
Resolution
Use "Stop Walking Here."
Steps:
1. Before exporting data from eDirectory, have IDM set "stop walking here" to "yes" in preferences of each USER object (see the preferences page of the iManager Manage SSO plugin).
2. Have IDM export data from the USER objects in eDir to the user objects in ADAM (or LDS).
3. Have IDM set "stop walking here" to "no" or "default" in preferences of the USER object (putting it back as it was before the export).
The above three steps will result in only data that has been configured on the user being transferred by the IDM driver. Namely, only user credentials and any apps and preferences created specifically for that user will be picked up by the IDM driver. This means that the applications, preferences, etc that have been set on the container will NOT be transferred by the IDM driver. The container based applications and preferences can be transferred as follows:
4. Use SLManager to export the SecureLogin configuraiton from the container to an .xml file
5. Use SLmanager to import the same .xml file into ADAM in the desired container.
6. Repeat for any other containers where SecureLogin has been configured.
Steps:
1. Before exporting data from eDirectory, have IDM set "stop walking here" to "yes" in preferences of each USER object (see the preferences page of the iManager Manage SSO plugin).
2. Have IDM export data from the USER objects in eDir to the user objects in ADAM (or LDS).
3. Have IDM set "stop walking here" to "no" or "default" in preferences of the USER object (putting it back as it was before the export).
The above three steps will result in only data that has been configured on the user being transferred by the IDM driver. Namely, only user credentials and any apps and preferences created specifically for that user will be picked up by the IDM driver. This means that the applications, preferences, etc that have been set on the container will NOT be transferred by the IDM driver. The container based applications and preferences can be transferred as follows:
4. Use SLManager to export the SecureLogin configuraiton from the container to an .xml file
5. Use SLmanager to import the same .xml file into ADAM in the desired container.
6. Repeat for any other containers where SecureLogin has been configured.
Additional Information
IDM (and other utilities that write / restore SecureLogin attributes) cannot tell the source of
inherited applications on the user object. They therefore assume that any
applications showing on the user object "belong" to the user - as opposed to "belonging" to a container and write them accordingly. The key is to only have user based (as opposed to container based) attributes be present when the user data is read by the IDM driver or back up tool. "Stop walking here" accomplishes this objective.
In addition to testing with the IDM driver, this solution can be tested using the workstation backup and restore utilities found by right-clicking the "NSL hand" icon and selecting "advanced." These utilities manifest the same behavior.
In addition to testing with the IDM driver, this solution can be tested using the workstation backup and restore utilities found by right-clicking the "NSL hand" icon and selecting "advanced." These utilities manifest the same behavior.