This article focuses on the high level steps for migrating your Identity Manager system from a NetWare server to a new OES2 Linux server easily and simply migrating to Identity Manager 4.0.1 at the same time. This document does not focus on converting your drivers to packages in 4.0.1.
In this scenario, the Microsoft Active Directory (MAD) driver, remote loader and password synchronization will be migrated over.
The advantage of this method is that the NetWare 6.5x IDM server will remain available to fall back on should you run into any issues with the IDM 4.0.1 migration to OES2SP3 Linux.
You can use cpio to copy over entire servers to your LAB and P2V to copy over your domain controllers in order to test this all out in the LAB before going to production. Enjoy...
We are starting out with a NetWare 6.5 SP8 server running eDirectory 8.8.5 ftf4 and OES2SP3 Linux, fully patched to the latest maintenance updates. We will be migrating to IDM 4.0.1 Standard Edition in this scenario.
- Check that eDirectory replication and IDM synchronization between eDirectory and MAD are healthy before proceeding.
- Install a new OES2SP3 server into the tree and place all of the required replicas on the server. Install the latest available and supported version of iManager and Designer on the OES2SP3 server as well. Again, make sure that eDirectory is healthy before proceeding.
- Create a project in IDM Designer on the OES2SP3 server and import the driverset from production into the project to work with. This way any changes can be made to the project first before deploying to production. Note, that this entire migration can be done using iManager until you fully convert your drivers to packages in IDM 4.0.1 to simplify things if you prefer.
- Export the driverset from the NetWare 6.5x using iManager as a secondary backup.
- Make a backup of the remote loader on the MAD DC.
- Make sure to have the Identity Manager 4.0.1 ISO available for both Linux and for Windows, and download the latest patches for the 4.0.1 engine on Linux and the MAD driver/shim and the remote loader. Copy the IDM 4.0.1 ISO to the OES2SP3 and Windows servers and mount the ISO. Extract the patches to the MAD DC and go over the readme files to prepare for installation later on.
- Install the Identity Manager 4.0.1 software on the OES2SP3 Linux server using the component installer from the IDM 4.0.1 ISO. Select the installation of the IDM 4.0.1 engine itself.
- At this point, you can either use Designer or iManager to add the IDM 4.0.1 server to the existing IDM 3.5.1 driverset.
- Use the copy data function under edit properties to copy all of the server data from the NetWare 6.5 SP8 IDM 3.5.1 server to the new OES2SP4 IDM 4.0.1 server.
- Create a new MAD driver SSL certificate for use on the new OES2SP3 IDM 4.0.1 server by using the PKI plugins in iManager. The name of this certificate will be added to the host information of the MAD driver in the next step. The exported ROOT certificate on the remote loader will still be useable as long as your eDirectory CA is still valid.
- On the OES2SP3 server, modify the MAD driver properties and modify the IP address, the new certificate name and redo all of the passwords. Start the driver to make sure it starts properly. If not, check the passwords and the KMO as these are likely the culprits for the driver not starting properly. The driver has been migrated to 4.0.1, but is not converted to 4.0.1. It will function exactly the same way as it did on 3.5.1. It should connect to the 3.5.1 remote loader without any issues. Once you know the driver starts properly, stop it while you upgrade the remote loader in the next step.
- It's time to upgrade the remote loader. Run the IDM 4.0.1 component installation software from the Windows IDM 4.0.1 ISO on the MAD DC and install the connected system MAD software on the server. Once the IDM 4.0.1 software is installed on the DC, copy over the MAD remote loader config file from the IDM 3.x installation you saved to a temp folder previously over to the appropriate remote loader subdirectory.
- Edit the properties of the remote loader software to make sure you are pointing to the appropriate config file.
- Now that the remote loader has been upgraded, the password synchronization dll's will also be upgraded on the DC.
- Start the MAD driver and the remote loader and make sure they both connect properly and that there are no errors. If there are errors, setup the java logging to level 3 on the driver and logging on the remote loader to level 3 or higher and check for errors indicating what the issue is.
- Once the driver and remote loader are properly communicating, the password synchronization filters on your remaining DC's should have been upgraded to the latest 4.0.1 software by the DC. Check the event viewer for any errors and resolve as necessary. This is done automatically, so should not be an issue unless there is a problem with communication between the DCs.
- Once you have eliminated any errors between the MAD driver/shim and remote loader, it's time to test your policies to make sure everything is synchronizing properly. Go through your policies on the driver, and test whatever it is that you are synchronizing between eDirectory and MAD. You can make a list of items being synchronized by going through the existing policies. Examples of testing includes but is not limited to user creations from the authoritative source, group creations, user and group modifications, user and group placement, and password changes. Again, if you have any problems, use level 3 logging on the driver/shim and the remote loader to determine where the problem is, but in my own experience, the migration is pretty seamless.
- Don't forget to activate your IDM 4.0.1 SE software before the 3 month evaluation period expires!
That's it! You should have successfully migrated over Identity Manager 3.5.1 from NetWare 6.5 SP8 to Identity Manager 4.0.1 on OES 2 SP3 Linux. Now it's time for you to learn about package management so that you can convert your MAD driver config to package manager on IDM 4.0.1 using Designer... Enjoy... :)
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.