Preparing to Upgrade

Make sure you have reviewed all TIDs and Product Updates for the version of the driver you are using.

The new driver shim is intended to work with your existing driver configuration with no changes, but this assumes that your driver shim and configuration have the latest fixes.

Upgrading the Driver Shim

• You can install the upgraded driver shim at the same time you install the DirXML Engine, or after. To install the driver shim, run the Identity Manager installation program and select the DirXML Driver for eDirectory. Instructions are in "Installation" in Novell Nsure Identity Manager 2 Administration Guide.

  The new driver shim replaces the previous one.

• When you install the driver shim, your driver configuration is preserved, so no post-installation configuration is required until you want to take advantage of the new features included in the Identity Manager sample configuration, such as Identity Manager Password Synchronization features.
• After installing the driver shim, you must restart eDirectory and the driver. To restart the driver in Novell iManager, see "Starting, Stopping, or Restarting a Driver" in Novell Nsure Identity Manager 2 Administration Guide.
• After installing the driver shim, you must activate the driver. See Activating the Driver.

Upgrading the Driver Configuration

Installing the driver shim does not change your existing configuration. Your existing configuration will continue to work with the new driver shim no changes.

However, if you want to take advantage of the new features, you must upgrade your driver configuration, either by replacing your driver configuration with the new sample configuration, or by converting your existing to configuration to Identity Manager format and adding policies to it.

• To replace your existing configuration, import the new sample configuration for your existing driver objects.

  The sample configuration contains all the new features, such as support for Identity Manager Password Synchronization and Role-Based Entitlements.

• To convert an existing driver configuration so you can edit it with the new Identity Manager plug-ins, see "Upgrading a Driver Configuration from DirXML 1.x to Identity Manager Format" in Novell Nsure Identity Manager 2 Administration Guide.
• To add Identity Manager Password Synchronization functionality to an existing driver configuration, see "Upgrading Existing Driver Configurations to Support Identity Manager Password Synchronization" in Novell Nsure Identity Manager 2 Administration Guide.

重要:  Because you are upgrading the driver on two separate eDirectory servers, you must complete the upgrade procedures for each server.

Upgrade Issues for eDirectory Driver

• Expired SSL certificates: If you are upgrading Identity Manager and the eDirectory driver, you might encounter data synchronization errors if your certificates have expired (or if one of the two certificates has expired).

  If you create a user on the server holding a valid certificate, the user will not be synchronized to the server containing the invalid certificate. You might also see the following error in DSTrace:

  SSL handshake failed, X509_V_CERT_HAS_EXPIRED 

  If you create a user on the server holding an expired certificate, the user will still be synchronized to the server containing a valid certificate. You might also see the following error in DSTrace:

  SSL handshake failed, SSL_ERROR_ZERO_RETURN, 

  Error: 14094415: SSL Routines: SSL_READ_BYTES: sslv3 alert certificate expired. 

  To fix this issue, create new certificates.