Novell Home

Upgrading to IDM 3.5 with Multiple eDirectory Instances

Novell Cool Solutions: Feature
By Aaron Burgemeister

Digg This - Slashdot This

Posted: 1 Aug 2007
 

Problem

A Forum reader recently asked:

"I read through the IDM 3.5 upgrade docs, but did not see anything specifically referring to upgrades on a server with multiple instances of eDirectory, so I have a few questions.

I have four servers, each running SLES 9. There are four trees across the four servers, so four instances of eDirectory per server. IDM synchronizes both between instances on the same server and to external systems.

1. I have four eDir 8.8.1 instances on a server. When I upgrade from IDM 3.0.1 to 3.5, I am thinking I must upgrade all instances at once because there is one copy of the IDM software on the server that is shared by all of the eDir instances. Is that correct?

2. I've seen a few posts about managing a mixed IDM 3.0/3.5 environment saying that I should use two instances of iManager - one with IDM 3.0 plugins and another with 3.5 plugins. Is that the best solution?"

And here's the response from Aaron Burgemeister ...

Solution

Multiple instances makes life interesting but it should really be fine. Some things to keep in mind:

Unless you are using non-root installs of eDirectory (which you probably are not, because IDM isn't supported on them), each eDirectory instance uses the exact same binaries to run the instance (ndsd, dxevent, etc.). So, upgrading one server will upgrade four instances to IDM 3.5 as far as those files are concerned.

When you do the upgrade, though, schema will only be upgraded for the instance you choose during the upgrade. IDM 3.5 adds a lot of schema and will not work without some of it as the policies in the drivers are reworked to be simpler to understand and manage in large environments (small too, but especially large). As a result, you'll need to extend the schema manually for the other three instances. This is no big deal, just keep it in mind.

With that mentioned, once you upgrade a single instance (preferably master) in a tree, that schema should synchronize to the others so upgrading one of your four servers may upgrade schema in all four trees. As a note, I'm assuming you have each tree spread across the four servers instead of having any one server run the entire tree (because that would be silly).

So to your questions:

1. The servers are all going to be upgraded together. iManager does the actual policy upgrade for the driver objects in eDirectory but the engine MUST be on 3.5 for that to happen. Furthermore every server listed in the DriverSet (if there are multiples, which is optional) must be on 3.5 for this upgrade to happen.

2. Yes, use multiple versions of iManager. You could upgrade server-based instances to 3.5 and have a mobile version for 3.0, or vice versa. I only use Mobile any more, because it's easier to blow away and recreate if I do something dumb and break it.

If it were my environment I'd do the following in this order:

1. Have eDirectory backup (ndsrc.pl is a good way to start).

2. Have driver backup for all drivers (and documentation for anything like passwords that I would need in a worst-case scenario.

3. Optionally have associations backed up via LDIF. This is trivial to do and restore. For example, get one like this:

ldapsearch -h ipAddressOfServer -p 389 -D
cn=admin,dc=context,dc=ofYour,dc=adminUser -x -W  dirxml-associations=*
dirxml-associations > /tmp/associationsFile.ldif

Now for the fun part. I assume any driver is only running on one of the four main servers. I guess it's possible you actually have drivers operating currently on all four servers and, if that's the case, just upgrade all four servers. If not, do the following:

1. Make two servers remote from the DriverSet (we're compromising temporarily here).

2. Upgrade/patch (3.5 FP1 is out) the other two servers.

3. Upgrade the drivers' policies with iManager having 3.5 plug-ins.

4. Start the drivers - if they work, great.

5. Upgrade other two servers whenever you want to and then add them back into the DriverSets.

If they don't work you can remove the current servers from the DriverSet, add the two un-upgraded ones back in, import the drivers to them (if needed ... this is not needed if they already had the data copied to them). Then run with the drivers until you can manage to get the upgraded servers working. I doubt this will be something you need to do, as a note.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell