Manage associations (delete/import/export) with Console2



By: Aleksandar Mujadin

March 15, 2012 12:04 pm

Reads: 285

Comments:1

Rating:0

Manage associations (delete/import/export) with Console2

Console2 v2.5 (C2 for now on) has several new features, among them are abilities to perform more association related operations.

In previous versions of Console2 you could easily initiate “sync” events on a driver. This is what you get when you perform a “Migrate from Identity Vault” operation in iManager. You could start this function by selecting “Migrate from IDV” from the “IDM” menu in Console2.

The “Migrate from IDV” has been renamed to “Association Manager” in v2.5.

Getting started

First, a word of warning, use this software at your own risk. It works fine for me but there are no guarantees that it’s bug free, you better have a backup in case it wipes your eDirectory…

 

  • Download the ZIP-file from the Novell Cool Solutions site and unzip it: Console2 v2.0
  • Run the ldapmu_upc.jar file from the dist directory.
  • C2 requires Java 1.6 build 21 or newer.
  • In Windows you can usually double click on the .jar file and the app will start. You can also load it from a command shell by typing: java -jar ldapmu_upc.jar

The main screen looks like this, fill out the fields that the red arrows point to and then click the Connect button.

After connecting, click on IDM in the menu and then on Associations Manager:

Clicking on “Association Manager” will bring up the following window:

To activate the radio buttons you must select a driver in the “IDM Drivers” list.

After selecting a driver you may click the different radio buttons and depending on which option you select different elements in the interface will be active and available to you.

The functionality has been expanded to include the following operations:

  • Export associations
  • Import associations
  • Delete associations

The GUI has been expanded to include four new radio buttons and one combo box.

The combo box is used to create an LDAP filter when exporting and deleting associations.

The filter is created by combining the LDAP filter that you enter in the text field on the top which is named just that “LDAP Filter”. The next part of the filter is the driver DN that you select.

From the combo box you can select different association states to search for when performing those operations.

The association states you can choose from are:

ANY – means that C2 will search for associations with any state, i.e. 0, 1, 2, 3, 4
DISABLED – search for associations with state 0
PENDING – search for associations with state 2
MANUAL – search for associations with state 3
MIGRATE – search for associations with state 4
PROCESSED – search for associations with state 1

Exporting associations

To export associations select the “Export” radio button first. The label on the button will change to “Export associations”.

Select the driver for which you want to export associations for, you can only select one driver at a time.

Select the association states you want to export.

Enter a valid LDAP filter in the “LDAP Filter” field. If you want all objects you can enter the following filter: (objectClass=*)

If you want, you can enter a base DN and select a search scope if you want to narrow down the search.

Next, click the button and you will have to choose where the exported associations will be stored.

The file produced will be a plain UTF-8 encoded textfile. Each row will contain the object DN, a tab and the driver DN with the association state and association value.

Here is an example:

object DN [tab] driver DN

cn=User1,ou=OU1,O=Acme cn=SAP,cn=DriverSet,ou=System,o=Acme#1#UY872A

You can create your own files if you want to import associations into eDirectory. Just make sure that the format is the same as in the export file.

If you want to use the “Delete associations” functionality I recommend that you first perform an export so that you have a backup.

Deleting associations

You really should have a backup before doing this.

First select the driver for which you want to delete associations for.

Select the association state you want to delete.

Enter a valid LDAP filter in the “LDAP Filter” field. If you want all objects you can enter the following filter: (objectClass=*)

If you want, you can enter a base DN and select a search scope if you want to narrow down the search.

C2 will build a filter by combing all the options selected and perform a search, for each object found it will delete the association for the selected driver from the object found.

Importing associations

As noted in the section about exporting associations you can also import associations into eDirectory. Here no LDAP filter is used, C2 just reads each row from a textfile, parses it and writes the result into eDirectory.

If the object doesn’t exist or if the object already has the same association you will get an error and C2 will continue on to the next row.

Note that if the target already has an association for the same driver but with another association value than the one that you have specified in the file you will get double associations for the same driver on one object.

The import file should be UTF-8 encoded.

The import file must be formatted like this:

target DN [tab (\t)] driverDN with association

Example (you probably don’t see the tab between the target DN and the driver DN but it is there!):

cn=User1,ou=OU1,O=Acme cn=SAP,cn=DriverSet,ou=System,o=Acme#1#UY872A
cn=User2,ou=OU1,O=Acme cn=SAP,cn=DriverSet,ou=System,o=Acme#1#UA864A

Send remove-association

This a special function that sends <remove-association> commands to a custom driver shim, nothing else.

Migrate

This function is covered in this Cool Solutions article: How to resync IDM objects using C2

LDAP Filter

As I wrote before, the LDAP filter is created by combining the driver DN, the association state selected and the filter you manually entered into something like this:

 

(|(&(DirXML-Associations=cn=ADLDS,cn=DriverSet,ou=System,o=Acme#1#\2a)(objectClass=inetOrgPerson))(&(DirXML-Associations=cn=ADLDS,cn=DriverSet,ou=System,o=Acme#1#)(objectClass=inetOrgPerson)))

 

Bugs

You can e-mail me at info@sneakycat.biz and I’ll look into the issue when/if I have time.

[/no-glossary]

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: ConsoleOne, Identity Manager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

1 Comment

  1. By:alekz

    I’ve just uploaded the new version which this article refers to:

    http://www.novell.com/communities/node/12387/console2

Comment