Information on migrating provisioning account templates from one environment to another
search cancel

Information on migrating provisioning account templates from one environment to another

book

Article ID: 45042

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Introduction: 

Account templates are not part of the IM object store, so they are not exported in the roles.xml.

Question: 

Can account templates be exported and import to another environment?

Environment:  

12.5, 12.6 and 14.x

Answer: 

The provisioning templates exist at the provisioning layer.

There is no easy way or tool to migrate the Account Templates.

There is an approach that others have tried which you can try as well as listed below.


Environment

Release:
Component: IDMGR

Resolution

Please note that this is provided as-is and you should first test it out.

 

In existing (ie. Development) environment:

  • Dump the account template from the Provisioning Server (port 20389) via Jxplorer
  • Remove the eTID values for each Account Template in the ldif file
  • Adjust the attributes (i.e. endpoint name) as needed

In the new IM environment:

  • Import the role definitions on IM console, this will recreate all the provisioning roles
  • Import the ldif to new IMPS (port 20389) via Jxplorer (the endpoints
  • The endpoint should have already have been acquired/explored

Note: The Account Templates will not be associated to the Provisioning Role.  Manually associate the Provisioning Role and the Account Templates

 

The Role <-> Template and the Template <-> Endpoint mapping are handled via special inclusion objects which is why you don't see it as part of the Template LDIF file you exported. You will need to manually re-link the Role to the Template and the Template to the Endpoint. You could use the etautil tool to help you with this.

 

etautil -u USER -p PWD -f INPUT.txt


where input.txt contains etautil commands (one per line) such as:

 

 add 'eTNamespaceName=ActiveDirectory' eTADSDirectory

eTADSDirectoryName='My_Endpoint' in 'eTADSPolicyContainerName=

Active Directory Policies,eTNamespaceName=CommonObjects'

eTADSPolicy eTADSPolicyName='My_Template';



add 'eTRoleContainerName=Roles,eTNamespaceName=CommonObjects' eTRole

eTRoleName='My_Role' in 'eTADSPolicyContainerName=Active Directory

Policies,eTNamespaceName=CommonObjects' eTADSPolicy

eTADSPolicyName='My_Template';

 

 

 

Powered by Wolken Software