7.4 Upgrading Identity Manager Engine

Ensure that you upgrade Identity Vault before upgrading the Identity Manager engine. The Identity Manager engine upgrade process updates the driver shim files that are stored in the file system on the host computer.

7.4.1 Upgrading the Identity Vault

  1. Download the Identity_Manager_4.7_Linux.iso as instructed in Where to Get Identity Manager in the NetIQ Identity Manager Overview and Planning Guide.

  2. Mount the downloaded.iso.

  3. From the root directory of the .iso file, navigate to the IDVault/setup directory.

  4. Run the following command:

    ./nds-install

  5. Accept the license agreement and proceed with the installation.

  6. Specify adminDN. For example, cn=admin.ou=sa.o=system.

  7. Specify y when prompted for stopping eDirectory instances and upgrading NICI.

  8. Specify if you want to configure Enhanced Background Authentication.

NOTE:Run ndsconfig upgrade after nds-install, if DIB upgrade fails and the nds-install command prompts to do so. If eDirectory services are not starting after an upgrade, run the ndsconfig upgrade command. For more information, see the NetIQ eDirectory Installation Guide.

7.4.2 Upgrading the Identity Manager Engine

Verify that the drivers are stopped. For more information, see Stopping the Drivers.

Perform the following steps to upgrade the Identity Manager Engine:

  1. Download the Identity_Manager_4.7_Linux.iso from the NetIQ Downloads website.

  2. Mount the downloaded .iso.

  3. Run the following command:

    ./install.sh

  4. Read through the license agreement.

  5. Enter y to accept the license agreement.

  6. Specify whether you want upgrade the Identity Manager components. The available options are y and n.

  7. Select Identity Manager Engine.

  8. Specify the following details:

    Identity Vault Administrator: Specify the Identity Vault administrator name.

    Identity Vault Administrator Password: Specify the Identity Vault Administrator password.

The engine upgrade process retains some of the existing MapDB cache files (dx*) in the Identity Vault’s DIB directory. You must manually remove these files for a driver using MapDB after upgrading the driver. For more information, see Working with MapDB 3.0.5.

Working with MapDB 3.0.5

Identity Manager 4.7 adds support for MapDB 3.0.5. In addition to Identity Manager Engine, MapDB is used by the following Identity Manager drivers:

  • Data Collection Services

  • JDBC

  • LDAP

  • Managed System Gateway

  • Office 365 and Azure Active Directory

  • Salesforce

If you are using any of these drivers, you must review the following sections before upgrading the driver:

Understanding Identity Manager 4.7 Engine Support for Driver Versions

Review the following considerations before upgrading an Identity Manager driver that uses MapDB:

  • Drivers shipped with Identity Manager 4.7 are compatible with Identity Manager 4.7 Engine or Remote Loader. You must follow the driver upgrade steps from the specific driver implementation guide.

  • Drivers shipped before Identity Manager 4.7 are not compatible with Identity Manager 4.7 Engine or Remote Loader.

  • Drivers shipped with Identity Manager 4.7 are not backward compatible with Identity Manager 4.6.x Engine or Remote Loader.

  • Drivers shipped with Identity Manager 4.7 are not backward compatible with Identity Manager 4.5.x Engine or Remote Loader.

Manually Removing the MapDB Cache Files

The Identity Manager Engine upgrade process leaves some of the existing MapDB cache files (dx*) in the Identity Vault’s DIB directory (/var/opt/novell/eDirectory/data/dib). You must manually remove these files for your driver after upgrading the driver. This action ensures that your driver works correctly with Identity Manager 4.7 engine.

The following table lists the MapDB cache files that must be removed:

Identity Manager Driver

MapDB State Cache File To Remove

Data Collection Services

DCSDriver_<driver instance guid>-*

<driver instance guid>-*

JDBC

jdbc_<driver instance guid>_*

LDAP

ldap_<driver instance guid>*

Managed System Gateway

MSGW-<driver-instance-guid>.*

Office 365 and Azure Active Directory

<Azure driver name>_obj.db.*

Salesforce

<Salesforce driver name>.*

<Salesforce driver name>

where * represents the name of the MapDB state cache file. In case of a Salesforce driver, the MapDB state cache files are also represented by the driver name. Below are some examples of these files.

  • DCSDriver_<driver instance guid>-0.t, <driver instance guid>-1.p

  • jdbc_<driver instance guid>_0.t, jdbc_<driver instance guid>_1

  • ldap_<driver instance guid>b, ldap_<driver instance guid>b.p

  • MSGW-<driver instance guid>.p, MSGW-<driver instance guid>.t

  • <Azure driver name>_obj.db.t, <Azure driver name>_obj.db.p

  • <Salesforce driver name>.p, <Salesforce driver name>.t, Salesforce driver1

7.4.3 Upgrading the Identity Manager Engine as a Non-root User

Perform this action only if you have installed Identity Manager engine as a non-root user.

  1. Download the Identity_Manager_4.7_Linux.iso from the NetIQ Downloads website.

  2. Mount the downloaded .iso.

  3. Run the following command:

    ./install.sh

  4. Select Identity Manager Engine and press Enter.

  5. Specify the non-root install location for Identity Manager engine. For example, /home/user/eDirectory/.

  6. Specify y to complete the upgrade.

  7. Apply the 4.7.1 or later patch from the NetIQ Downloads website.

  8. Extend the eDirectory schema. Navigate to the <non-root engine installed location>/opt/novell/eDirectory/bin directory and run the ./idm-install-schema command.

7.4.4 Upgrading the Remote Loader

If you are running the Remote Loader, you need to upgrade the Remote Loader files.

  1. Create a backup of the Remote Loader configuration files.

  2. Verify that the drivers are stopped. For more information, see Stopping the Drivers.

  3. Stop the Remote Loader service or daemon for each driver.

    rdxml -config path_to_configfile -u

  4. Download the Identity_Manager_4.7_Linux.iso from the NetIQ Downloads website.

  5. Mount the downloaded .iso.

  6. Run the following command:

    ./install.sh

  7. Read through the license agreement.

  8. Enter y to accept the license agreement.

  9. Specify whether you want upgrade the Identity Manager components. The available options are y and n.

  10. Select Remote Loader.

  11. After the installation finishes, verify that your configuration files contain your environment’s information.

  12. (Conditional) If there is a problem with the configuration file, copy the backup file that you created in step 1. Otherwise, continue with the next step.

  13. Start the Remote Loader service or daemon for each driver.

    rdxml -config path_to_config_file

IMPORTANT:If your driver uses MapDB, manually remove the existing MapDB state cache files for the driver after upgrading the driver. This is required because Identity Manager engine upgrade process does not remove all of these files from the Identity Vault’s DIB directory. For more information, see Working with MapDB 3.0.5.

7.4.5 Upgrading the Java Remote Loader

  1. Create a backup of the Java Remote Loader configuration files.

  2. Verify that the drivers are stopped. For more information, see Stopping the Drivers.

  3. Stop the Remote Loader service or daemon for each driver.

    dirxml_jremote -config path_to_configfile -u

  4. Download the Identity_Manager_4.7_Linux.iso from the NetIQ Downloads website.

  5. Mount the downloaded .iso.

  6. Navigate to the /IDM/packages/java_remoteloader directory.

  7. Copy and replace the dirxml_jremote_dev.tar.gz file in your existing Java Remote Loader installed directory.

  8. Based on the file present in your existing setup, copy and replace one of the following files in your existing Java Remote Loader installed directory:

    • dirxml_jremote.tar.gz

    • dirxml_jremote_mvs.tar

  9. Extract the files that you have copied in step 7 and step 8.

    For example, tar -zxvf dirxml_jremote.tar.gz

  10. (Conditional) If there is a problem with the configuration file, copy the backup file that you created in step 1. Otherwise, continue with the next step.

    NOTE:Use the version.txt file to ensure that you have the latest version of Java Remote Loader.

  11. Start the Remote Loader service or daemon for each driver.

    dirxml_jremote -config path_to_config_file

7.4.6 Upgrading iManager

The upgrade process for iManager uses the existing configuration values in the configiman.properties file, such as port values and authorized users. Before upgrading iManager to the 3.1 version, NetIQ recommends that you:

  • Upgrade eDirectory to the 9.1 version.

  • Back up the server.xml and context.xml configuration files.

The upgrade process includes the following activities:

Upgrading iManager

Before upgrading iManager, ensure that the computer meets the prerequisites and system requirements.

NOTE:The upgrade process uses the HTTP port and SSL port values that were configured in the previous version of iManager.

  1. Download the Identity_Manager_4.7_Linux.iso from the NetIQ Downloads Website.

  2. Mount the downloaded.iso.

  3. Run the following command:

    ./install.sh

  4. Read through the license agreement.

  5. Enter y to accept the license agreement.

  6. Specify iManager to proceed with the upgrade.

Updating Role-Based Services

NetIQ recommends that you update your RBS modules to the latest version so that you can see and use all of the available functionality in iManager.

NOTE:

  • When updating or re-installing iManager, the installation program does not update existing plug-ins. To update plug-ins manually, launch iManager and navigate to Configure > Plug-in Installation > Available Novell Plug-in Modules.

  • Different installations of iManager might have a different number of plug-ins locally installed. As a result, you might see discrepancies in the module report for any given collection from the Role Based Services > RBS Configuration page. For the numbers to match between iManager installations, ensure that you install the same subset of plug-ins on each iManager instance in the tree.

To check for and update outdated RBS objects:

  1. Log in to iManager.

  2. In the Configure view, select Role Based Services > RBS Configuration.

    Review the table in the 2.x Collections tabbed page for any out-of-date modules.

  3. To update a module, complete the following steps:

    1. For the Collection that you want to update, select the number in the Out-Of-Date column.

      iManager displays the list of outdated modules.

    2. Select the module you that want to update.

    3. Click Update at the top of the table.

Re-installing or Migrating Plug-ins for Plug-in Studio

You can migrate or replicate Plug-in Studio plug-ins to another iManager instance, as well as to a new or updated version of iManager.

  1. Log in to iManager.

  2. In the iManager Configure view, select Role Based Services > Plug-in Studio.

    The Content frame displays the Installed Custom Plug-ins list, including the location of the RBS collection to which the plug-ins belong.

  3. Select the plug-in that you want to re-install or migrate, then click Edit.

    NOTE:You can edit only one plug-in at a time.

  4. Click Install.

  5. Repeat these steps for every plug-in that you need to re-install or migrate.

Updating iManager Plug-ins after an Upgrade or Re-installation

When you upgrade or re-install your iManager, the installation process does not update the existing plug-ins. Ensure that the plug-ins match the correct iManager version.

NOTE:This is the only method for updating Identity Manager plug-ins from iManager on Open Enterprise Server 2018.

  1. Open iManager.

  2. Navigate to Configure > Plug-in Installation > Available Novell Plug-in Modules.

  3. Update the plug-ins.