Article

(View Disclaimer)

Problem

A Forum reader recently asked:

"How would I upgrade individual driver configurations to the new architecture outlined in section 2 of "Understanding Policies for Identity Manager 3.5.1"? We have done some driver customization in various policies, but we used the existing default names.

If we overlay the policy configuration files to exploit the new architecture, is that where the potential risk arises?"

And here is the response from Aaron Burgemeister ...

Solution

Regarding the transition from IDM 3.0.x to 3.5.x ...

3.0.x uses linkages between policies (linked list-ish). 3.5.x uses a multi-valued attribute on the driver itself, which points to all of the policies. The IDM 3.5.x engine will work with the 3.0.x style; each time you go into the driver it alerts you that you should convert.

The "risk" is negligible (I've really never seen this break myself during the conversion) because the policies themselves are not really touched. Only the linkages to the policies are modified, which doesn't involve
looking at your rule names or logic.

Here's a rough overview of how it works:

Driver30x
~ Output Transform Stuff -> OutTransPolicy0 -> OutTransPolicy1
~ Creation Stuff -> MatchPolicy0 -> MatchPolicy1
~ Matching Stuff -> MatchPolicy0 -> MatchPolicy1

Driver35x
~ Output Transform Stuff
~ OutTransPolicy0
~ OutTransPolicy1
~ Creation Stuff
~ CreatePolicy0
~ CreatePolicy1
~ Matching Stuff
~ MatchPolicy0
~ MatchPolicy1

The contents in the policies and their respective rules don't matter - only how the driver points to the policies is changed. Just have an export beforehand and you'll be fine. This is really simple to convert, so there haven't been any issues that I know of.

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.