migrating drivers between driversets

Hi there. So someone created a driverset and now they want to change it´s name (because of reasons). What would be the best approach? It seems to me there´s no way running from create new driverset --> import all drivers from the current driverset (migrate GCVs and stuff) --> deploy the drivers. They are running IDM 4.7.2 eDir 9.1.2.

Thoughts?

Thx!
  • On 4/4/2019 10:04 AM, rafaelrpm wrote:
    >
    > Hi there. So someone created a driverset and now they want to change
    > it�s name (because of reasons). What would be the best approach? It
    > seems to me there�s no way running from create new driverset --> import
    > all drivers from the current driverset (migrate GCVs and stuff) -->
    > deploy the drivers. They are running IDM 4.7.2 eDir 9.1.2.


    A driver set is an eDirectory object. Except maybe User App, all
    refernences in eDir to the Driver set are by DN so a rename woould not
    matter. (OSP config file, and possible User App have string values of
    the driverset DN. But if you moved to a second driverset, same issue).


  • rafaelrpm wrote:

    > Thoughts?


    I'd set up a test system and check if renaming the driverset object directly
    works: stop all drivers, rename the driverset, check all GCVs and includes that
    may have the DN stored as text and restart the drivers one by one.
    Cannot think of any reason why this should not work, but then that's just me.
    The challenge will be to find all places where a driver DN (or the
    role/resource container DN etc. may be referenced in text and correct those
    (regardless of how you rename the driverset). Maybe a good old alias in the
    directory could help avoid trouble in this regard, too.

    --
    http://www.is4it.de/en/solution/identity-access-management/

    (If you find this post helpful, please click on the star below.)
  • rafaelrpm;2497809 wrote:
    Hi there. So someone created a driverset and now they want to change it´s name (because of reasons). What would be the best approach? It seems to me there´s no way running from create new driverset --> import all drivers from the current driverset (migrate GCVs and stuff) --> deploy the drivers. They are running IDM 4.7.2 eDir 9.1.2.

    Thoughts?

    Thx!


    I seem to recall doing this, a long time ago. Just rename the driver set object in eDirectory. Stop all the drivers first. I think, if I recall correctly, that it just works.
  • On 4/4/2019 5:24 PM, dgersic wrote:
    >
    > rafaelrpm;2497809 Wrote:
    >> Hi there. So someone created a driverset and now they want to change
    >> it�s name (because of reasons). What would be the best approach? It
    >> seems to me there�s no way running from create new driverset --> import
    >> all drivers from the current driverset (migrate GCVs and stuff) -->
    >> deploy the drivers. They are running IDM 4.7.2 eDir 9.1.2.
    >>
    >> Thoughts?
    >>
    >> Thx!

    >
    > I seem to recall doing this, a long time ago. Just rename the driver set
    > object in eDirectory. Stop all the drivers first. I think, if I recall
    > correctly, that it just works.


    I am pretty sure you need to at least edit ism-configuration.properties
    since the UA driver is mentioned in LDAP syntax as a string in there.

    Also, you should look at the configuration object in AppData under the
    driver to see if there are any other references.

  • Just for the record: I managed to do it without much effort. Yes, I created a new driverset, migrated all configs, migrated all drivers and deployed everything while disabling the current driverset.
    Things that worked but turned out to be so much more effort: changing the object name in Designer and redeploying it just duplicated the driverset. It seemed a good path but all other references were not changed, requiring manual overwrite. Changing the LDAP object name forcibly also did the same result. Another heads up: YES, you will lose all references related to role and resource provisioning, requiring all of them to be provisioned again once that driver has been migrated to the new driverset and it´s up and running. Plus, synchronizing roles back to Designer and deploying everything back from the new driverset can be very very annoying. Export the whole stuff, replace the names in notepad , import it to the new driver and be happy. Also... remember LDIF? Yeah, go for LDIF. Lots of LDIF, quick and easy.

    I did this in a QA environment as per the customer´s request, so they accepted the impact. For a PRD environment... I wouldn´t do it. :)
    Thx guys.