5.10 Moving to Common Proxy Users After an Upgrade

After you successfully upgrade to OES 11 SP3 from OES 2 SP3, OES 11, OES 11 SP1 or OES 11 SP2, it is recommended to run the move_to_common_proxy.sh script as a post-upgrade activity. This script moves services (CIFS, DNS, DHCP, iFolder, NetStorage, NCS and LUM) that use a service-specific proxy user to common proxy user. A common proxy user helps you avoid the administrative overhead that occurs with multiple proxy users.

NOTE:Two nodes in a tree cannot have the same common proxy user.

  1. After migrating OES 2 SP3, OES 11, OES 11 SP1 or OES 11 SP2 to OES 11 SP3, use the following commands to identify the list of services that use common proxy users and service-specific proxy users:

    cd /opt/novell/proxymgmt/bin ./retrieve_proxy_list.sh. cat /var/opt/novell/log/proxymgmt/pxylist.txt

  2. Use the following command to move the services that are not using the common proxy user:

    ./move_to_common_proxy.sh -d <LDAP Admin FDN> -w <LDAP Admin Password> -i <LDAP server IP address> -p <LDAP port> -s <service name>

    Use a comma to separate multiple services. To move all services, use the keyword 'all' in the service name.

    For example, to move the LUM service, the command would be:

    ./move_to_common_proxy.sh -d cn=admin, o=novell -w novell -i 192.168.1.255 -p 636 -s novell-LUM

    IMPORTANT:If you choose to provide your own password, it should conform to the policy that is in effect for common proxy user. If the password contains single (') or double (") quotes, OES configuration fails. Quotes must be escaped by prefixing them with a backslash \. For example, to add a single quote, escape it as nove\'ll. The system-generated password always conforms to the policy rules.

After moving to common proxy user, verify the value of the field CONFIG_LDAP_PROXY_CONTEXT in the file /etc/sysconfig/novell/oes-ladp. If the value is empty or not in the format cn=OESCommonProxy_<short hostname>, <common proxy context>, you must do the following to avoid any failures during upgrade:

  1. Run the command /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username.

  2. Copy the output received and paste it as the value for the field CONFIG_LDAP_PROXY_CONTEXT in the file /etc/sysconfig/novell/oes-ladp.