5.4 Migrating Identities

When you first run the driver, you might have identities in the Identity Vault that you want to provision to the connected system, or vice versa. Identity Manager provides a built-in migration feature to help you accomplish this.

5.4.1 Migrating Identities from the Identity Vault to the Connected System

  1. In iManager, open the Identity Manager Driver Overview for the driver.

  2. Click Migrate from Identity Vault. An empty list of objects to migrate is displayed.

  3. Click Add. A browse and search dialog box that allows you to select objects is displayed.

  4. Select the objects you want to migrate, then click OK.

To view the results of the migration, click View the Driver Status Log. For details about the log, see Section A.1.5, The Status Log.

If a user has a Distribution Password, the Distribution Password is migrated to the connected system as the user’s password. Otherwise, no password is migrated. For information about Universal Passwords and Distribution Passwords, see the Password Management Administration Guide.

5.4.2 Migrating Identities from the Connected System to the Identity Vault

  1. In iManager, open the Identity Manager Driver Overview for the driver.

  2. Click Migrate into Identity Vault to display the Migrate Data into the Identity Vault window.

  3. Specify your search criteria:

    1. To view the list of eDirectory™ classes and attributes, click Edit List.

    2. Select class User or class Group.

      IMPORTANT:Identity Manager imports objects by class in the order specified in the list. Migrate users before you migrate groups so that the users can be added to the newly created groups.

    3. Select the attributes to be used as search criteria for objects of the selected class, then click OK.

      The eDirectory attributes map to Top Secret attributes as specified by the driver schema: CN maps to ACID, etc. For the default mappings, see Table 1-1, Default Filter and Schema Mapping.

    4. Specify values for the selected attributes, then click OK.

      The values can include basic regular expressions. For details about basic regular expressions, use the OMVS man grep command.

  4. Click OK.

To view the results of the migration, click View the Driver Status Log. For details about the log, see Section A.1.5, The Status Log.

Because local passwords cannot be retrieved from Top Secret, they cannot be submitted to the Metadirectory engine until they are changed. The password change exit routine captures password changes.

5.4.3 Synchronizing the Driver

To generate events for associated objects that have changed since the driver’s last processing, open the Identity Manager Driver Overview page for the driver in iManager, then click Synchronize.