3.4 Post-Staging Tasks

Designer does not move all the configurations to the next stage. Users are expected to manually perform a few tasks to ensure that the configurations work properly.

  • Security Equivalences and Exclude Admin Roles: Check whether all the drivers have appropriate Security Equivalences and Exclude Admin Roles objects, as defined in the previous stage. For more information, see Driver Equivalences.

  • eDir2eDir Driver Certificates: If you have eDir2eDir driver certificates created in the current stage, ensure that these certificates are created in the next stage.

    1. In Designer, right-click the eDir2eDir driver link and select Secure Connection Settings.

    2. Click Enable SSL/TLS, select the required options, then click OK.

    3. Right-click the eDir2eDir driver link, then click Live > Create eDir-to-eDir Certificates.

  • Java Environment Parameters: The Java* environment parameters enable you to configure the Java Virtual Machineā„¢ (JVM) on the Metadirectory server associated with the driver set. You might need to change the Java classpath options if the .jar files your Metadirectory server is looking for reside at a different place in the new stage. To change the location, go to DriverSet > Properties > Java > Classpath additions and provide the correct classpaths. When you enter multiple classpaths, separate them with a semi colon (;) for a Windows JVM and a colon (:) for a UNIX* or Linux* JVM. Deploy the driver set if you make any changes.

  • Indexes: Make sure that all the customized indexes from the previous stage have been copied to the new stage. eDirectory uses these indexes to significantly improve the query performance. Some indexes are shipped with eDirectory. These default indexes are for the following attributes:

    • CN

    • Aliased Object Name

    • dc

    • Obituary

    • Given Name

    • Member

    • Surname

    • Reference

    • uniqueID

    • Equivalent to Me

    • GUID

    • NLS: Common Certificate

    • cn_SS

    • Revision

    • uniqueID_SS

    • extensionInfo

    • ldapAttributeList

    • ldapClassList

    You can visit each Identity Vault server and collect the customized index information by doing the following:

    1. In NetIQ iManager, click the Roles and Tasks tab.

    2. Click eDirectory Maintenance > Indexes.

    3. Select a server from the list of available servers.

      iManager lists all the active and offline indexes on the selected server.

    4. Make a note of all the customized indexes.

      Ensure that you add these indexes to the corresponding servers in the next stage. See Index Manager in the NetIQ eDirectory Administration Guide for more information on creating, adding, or deleting indexes.

  • Password Policies: Ensure that password policies assigned to the containers, users, groups in the previous stage are assigned again in the current stage.

  • Challenge Response Objects: In addition to password policies, ensure that you migrate or recreate any challenge response objects used in the previous stage in the current stage. You can either import your existing challenge response objects into the LDIF container in the first-stage project or note the details of the challenge response objects in the first-stage project and create new objects in the next stage.

    For information importing objects into the LDIF container, see Importing Objects.

  • Restarting All Drivers: Start the drivers after moving the driver configuration to the next stage. In the Modeler, right-click each driver and select Driver > Start Driver.