IBM Tivoli Federated Identity Manager, Version 6.2.2

Upgrading LDAP

Use the LDAP upgrade tool to preserve existing aliases from earlier versions of Tivoli® Federated Identity Manager.

About this task

In the earlier Tivoli Federated Identity Manager versions (before to 6.2.1), the LDAP alias service created aliases only for user accounts that existed in the LDAP server.

In versions 6.2.1 and 6.2.2, the LDAP alias service stores aliases for any user identifier. The LDAP attribute that stores the user identifier differs from earlier versions. You must run the tool to preserve any existing aliases from earlier versions.

The LDAP upgrade tool completes the migration process. It does the following tasks:
  • Moves user aliases to Tivoli Federated Identity Manager Version 6.2.2.
  • Performs a reverse migration to earlier versions.
  • Migrates directly.
  • Produces an LDIF file with the required changes. An LDIF file is manually reviewed and applied to the LDAP server.
The entry parameters for the LDAP upgrade tool resemble the parameters in the ldapsearch command. The parameters include
  • -reverse for performing a reverse migration.
  • -deleteAbandonedEntries for deleting any entries pointing to a DN that no longer exists. This process occurs before the migration step.
  • -Z for enabling the SSL connection to the LDAP server.

Procedure

  1. Open the command prompt.
  2. Run the following command:
    Note: The .jar file for the tool is at FIM_install_directory/tools/ldap/itfim-ldap.jar.
    java -classpath [itfim-ldap.jar] com.tivoli.am.fim.ldap.MigrateLDAP 
   -h [LDAP server] -p [LDAP port, normally 389] -D [bind credential] 
   -w [bind password] -ldif /tmp/fim622-migration.ldif
Parent topic: Upgrading to version 6.2.2

Feedback