Oracle® Access Manager Configuration Manager Installation and Administration Guide 10g (10.1.4.0.1) Part Number B32392-01 |
|
|
View PDF |
This chapter provides the information that you need to prepare for and migrate configuration data from a source LDAP directory (environment) to a target. Topics in this chapter include:
After completing activities in Chapter 2, Oracle Access Manager Configuration Manager is ready to use for migration activities.
Figure 3-1 provides an overview of the procedures involved in preparing for and migrating data using the Oracle Access Manager Configuration Manager. Additional information follows the figure.
Figure 3-1 Preparing for and Migrating Data using Configuration Manager
Task overview: Migrating data includes
Notifying Other Administrators: Recommended both before and after any data migration and described.
Adding Environment Details to the Configuration Manager: Required before you can form an association, and described.
Creating a Directory Association: Required before migration, and described.
Adding and Managing Optional Transformation Rules: Optional and applied automatically during migration, as described.
Creating a Snapshot: Recommended before any data migration, as described.
Migrating Data from the Source to the Target is described.
Restarting Servers After Migration: Required after data migration, and described .
Validating Migration Success: Recommended to ensure that everything in the target deployment works as expected, and described in Chapter 4.
You may not use the Oracle Access Manager Configuration Manager to migrate data from a release 7.0.4 deployment to a release 10g (10.1.4.0.1) deployment nor vice versa. For more information, see "Deployment Support and Interoperability".
The procedure in this discussion explains how to access Oracle Access Manager Configuration Manager.
You must log in with appropriate rights for the tasks that you want to perform using the Configuration Manager. There are two types of OC4J roles for the Configuration Manager, which must be defined by the OC4J administrator:
HMAdmin
role is required to perform System Configuration activities, including testing the connection with the repository.
HMUser
role enables you to perform all activities except System Configuration.
Before you start this procedure, confirm that all prerequisites described in Table 3-1 have been performed.
Table 3-1 Oracle Access Manager Configuration Manager Access Prerequisites
Confirm | Prerequisite Task | Look In |
---|---|---|
Set up a repository for Oracle Access Manager Configuration Manager and install OC4J. |
Setting Up a Repository and Installing OC4J |
|
Deploy Oracle Access Manager Configuration Manager as an OC4J application. |
Deploying the Configuration Manager |
|
Assign OC4J roles to individuals to provide access privileges to the Configuration Manager. Check with your OC4J administrator to learn your login ID and password for the Configuration Manager. |
Assigning Configuration Manager Administrator and User Roles |
|
Add repository details to the Configuration Manager. |
Adding Repository Details in the Configuration Manager |
To access the Configuration Manager
Access the Configuration Manager home page as usual. For example:
https://hostname:port/ocm/faces/index.jsp
where hostname refers to computer that hosts the Configuration Manager; port refers to the HTTP port number on which the Configuration Manager host listens; /ocm refers to Web Module Context Root specified on the Application Attributes page while deploying the Oracle Access Manager Configuration Manager application; and faces/index.jsp connects to the Configuration Manager application's Login page.
The Login page appears.
Log in as an individual with HMUser
privileges (defined in OC4J) for the activities you intend to perform. For example:
HMUser_Name Passwword
Proceed with activities in this chapter.
Oracle recommends that you schedule specific migration windows for promoting changes and restarting servers. Further, Oracle recommends that you notify other administrators both before and after migrating data in a deployment for which they have responsibility.
Note:
Notifying other administrators is a manual task that must be performed without the aid of the Configuration Manager.Your migration team can collect and confirm details regarding the logical object types (or logical objects) that will be migrated, the source and target directories, when backups (snapshots) will be made. The migration team can send this information to others to ensure solid coordination. When the migration is complete, you can notify the same administrators so they can assist in restarting servers and validation procedures.
To notify other administrators
Create a list of all administrators in any deployment that will be impacted by the change.
Create an email that includes all relevant details for the administrator, deployment, and situation. For example:
ANNOUNCING DATA MIGRATION THAT MAY IMPACT YOUR DEPLOYMENT: CONFIGURATION DATA WILL BE MIGRATED FOR: Oracle Access Manager 10g (10.1.4.0.1) (OR Oracle COREid Release 7.0.4, if this is your deployment) WHEN: Date and time SOURCE DIRECTORY: DNS hostname TARGET DIRECTORY: DNS hostname A SNAPSHOT OF THE TARGET DIRECTORY WILL BE MADE: Date and time MIGRATED CHANGES MUST BE PROPOGATED TO ANY REPLICAS. IDENTITY AND ACCESS SERVERS MUST BE RESTARTED AFTER DATA MIGRATION TO ENSURE DATA SYNCHRONIZATION.
Send the email to all administrators who may impacted before the migration.
Send a follow up email to all administrators after the migration to announce what was done.
This discussion provides step-by-step procedures to add and manage environment details in the Configuration Manager. The Configuration Manager repository must be online for these activities. Oracle recommends that the source and target environments are also online.
Note:
Any environment that is involved when making a directory snapshot, migrating data, or rolling back a transaction must be live and online. To ensure that an environment is available to the Configuration Manager, see "Testing the Environment Connection".Table 3-2 shows the prerequisite tasks that must be completed before you can complete activities to add and manage directory details in the Configuration Manager. The task overview that follows outlines details about managing environments using the Configuration Manager.
Table 3-2 Environment Prerequisites
Confirm | Prerequisite Task | Look In |
---|---|---|
Install and setup the repository, OC4J, Oracle Access Manager Configuration Manager, and administrators and user roles. |
|
Task overview: Managing environment details for existing deployments includes
Adding Environment Details to the Configuration Manager: Required before you can form an association and migrate data
The procedure in this discussion explains how you view environment details that were added to the Configuration Manager. This activity can be performed by any individual with HMUser
privileges.
The Environments List page appears as shown in Figure 3-2 when you select the Migrate tab, then select the Environments secondary tab. If there are no environment details in the Configuration Manager, the table is empty. In this case, skip to "Adding Environment Details to the Configuration Manager".
When you click a name in the Environment Name column, the View Environment page appears as shown in Figure 3-3. Details about this page follow the figure.
The View Environment page includes the following details:
Environment Name: The unique name that was entered when details about this directory server were added to the Configuration Manager.
Environment Type: The release for which this directory server is installed (Oracle Access Manager 10g (10.1.4.0.1) or Oracle COREid Release 7.0.4).
Environment Description: An optional statement that further identifies this directory and its deployment.
Host Name: The DNS hostname of the computer where this directory is installed (either full DNS hostname or IP address).
Port: The port number on which this directory server communicates.
Configuration DN: The bind DN for configuration data for Oracle Access Manager 10g (10.1.4.0.1), or Oracle COREid Release 7.0.4. For example: o=oblix,o=company,c=us.
Similar to the searchbase for user data. The configuration DN must be specified to identify the node in the DIT under which the Oracle Access Manager schema and configuration data are stored. For more information about its use and location within Oracle Access Manager 10g (10.1.4.0.1), or Oracle COREid Release 7.0.4, deployments, see the corresponding Installation Guide as described in "Related Documents".
User DN: The administrator ID, also known as a bind DN or root DN, for the Oracle Access Manager 10g (10.1.4.0.1), or Oracle COREid Release 7.0.4, directory.
This directory account should have Read, Write, Add, Delete, Search, Compare, and Self-write permissions. The method to create a user with these privileges varies among directory vendors. See your directory documentation for details. For more information about its use and location within Oracle Access Manager 10g (10.1.4.0.1), or Oracle COREid Release 7.0.4, deployments see the corresponding Installation Guide as described in "Related Documents".
Password: The User DN directory administrator password.
To view environment details that were added to the Configuration Manager
From Oracle Access Manager Configuration Manager, select the Migration tab, then select Environments to display the Manage Environment page. For example:
Migration, Environments
Click the desired Environment Name to view details about the selected directory. For example:
From the View Environment page you can perform any of the following activities:
Click the Test Environment button to ensure that this directory is live and online.
Click the Back button to return to the Manage Environment page.
Click the Edit button to modify details for the selected directory. In this case, proceed to "Modifying Environment Details in the Configuration Manager".
The procedure in this discussion explains how to add environment details to the Configuration Manager. Any individual with HMUser
privileges can add environment details. The Oracle Access Manager Configuration Manager repository must be online. Oracle recommends that the environment (LDAP directory) is also online.
Note:
After adding details for at least two LDAP directory environments, you can form an association that specifies a source and target for data migration.Failover and Load Balancing: Oracle Access Manager Configuration Manager does not support directory failover or load balancing. For each existing deployment, the Configuration Manager writes to only a single master LDAP directory and reads from only a single master or replica server.
In a replicated directory environment, you must add details for only the master directory (the one on which write operations take place) as the target environment. Otherwise, the objects that you select for migration cannot be written into the target and migration will fail. After migrating configuration data to the master LDAP directory you must ensure that the changes have fully propagated to the replicas before restarting Identity and Access Servers.
When you select the Create New button from the Environment List page, the Add Environment page appears. A filled in sample is shown in Figure 3-4. Your environment will differ.
Lists are provided from which you can select the environment type (OAM 1014 or COREid704) and directory type. In this example the environment type is OAM1014.
Fields are provided where you enter other information for the environment. When defining an environment name and description, you may use any combination of upper and lower case alpha/numeric characters, as well as spaces and punctuation.
If the environment is SSL-enabled, be sure to specify that on the Add environment page. For more information, see the following procedure.
To add details about an existing environment
From Oracle Access Manager Configuration Manager, select the Migration tab, then select Environments.
Migration, Environments
On the Environment List page, click the Create New button.
Create New
On the Add Environment page, provide the information for this specific directory server using the guidelines in this procedure overview. For example:
Environment Name: Enter a unique and descriptive name for this directory server. You may want to include details about the environment, hostname, port, or other identifying characteristics. For example:
10104DEV
Environment Type: Select the type of environment for which this directory server is installed (either release (10g (10.1.4.0.1) or release 7.0.4).
OAM1014
Environment Description: Enter a brief optional statement that further identifies this directory and its environment. For example:
dev
Directory Type: Select the type of directory server from those listed. For example:
Active Directory
Host Name: Enter the complete DNS hostname (DNS_hostname.domain.com) or IP Address of the computer where this directory is installed. For example:
141.144.68.137
Port: Enter the port number on which this directory server communicates.
389
Configuration DN: Enter the configuration DN for Oracle Access Manager 10g (10.1.4.0.1), or Oracle COREid Release 7.0.4, data. For example:
OU=oblix,OU=company1,DC=obps0737,DC=persistent,DC=co,DC=in
User DN: Enter the directory administrator ID for this environment (LDAP directory). For example:
cn=administrator,cn=users,dc=obps0737,dc=persistent,dc=co,dc=in
Password: Enter the directory administrator password: For example:
Your_password
Environment URL: The URL to the LDAP directory. For example:
http://141.144.74.35:3333/access/oblix/
For more information, see "Viewing Environment Details in the Configuration Manager".
Enable SSL: If SSL is enabled for this directory, click Enable SSL at the bottom of the page, then load a certificate for this directory using the following steps. For example:
Check the box beside Enable SSL.
Click the add Certificate link (beside the Enable SSL check box) to display the Upload Certificate dialog box then fill in requested details. For example:
CA Certificate File: Enter (or browse and select) the absolute path to the CA Certificate file for this directory.
Keystore Password: Enter the password for the keystore file.
Click the Upload button to obtain the certificate (or Cancel to dismiss the dialog box without uploading the certificate).
Certificate Upload Successful: You are returned to the page where you started. In this case, proceed to step 5.
Certificate Upload Not Successful: An error message appears to help you solve the problem. In this case, click the Cancel button on the error window, verify the location of the files and password, and complete the certificate steps again.
Click Save when you have finished filling in the details for this directory server.
Save
Repeat the steps in this procedure to add environment details for at least one other LDAP directory in another deployment of the same release.
Modifying environment details can be performed by any individual with HMUser
privileges. The Oracle Access Manager Configuration Manager repository must be online. Oracle recommends that the environment (LDAP directory) is also online.
You may alter most environment details in the Configuration Manager as described in the following procedure, which means all details except Environment Name and Environment Type. For example, you may want to re-enter something that was stated incorrectly. For this operation you use the option in the Select column to choose the desired name; do not click the name itself.
For information and guidelines about each entry, see "Adding Environment Details to the Configuration Manager".
Note:
When modifying details, the environment name and environment type cannot be modified.To modify details about a directory environment
From Oracle Access Manager Configuration Manager, select the Migration tab, then select Environments. For example:
Migration, Environments
In the Select column, click the option beside the desired environment name, then click the Modify button. For example:
Modify
On the Modify Environment page, edit any details about this directory that you want to change.
Click Save when you have finished editing the details (or Cancel to terminate the operation before completion).
Save
You may delete environment details in the Configuration Manager as described in the following procedure. Any individual with HMUser
privileges can delete an environment. The Oracle Access Manager Configuration Manager repository must be online. Oracle recommends that the LDAP directory is also online.
A deleted environment is no longer available to use when forming associations or migrating data. You cannot delete an environment that is defined as part of an association.
Note:
If an environment is a part of an association, you must first delete the association and then delete the environment.For this operation you use the option in the Select column to choose the desired name; do not click the name itself. During this operation, you are asked to verify that this is what you want to do. When the operation is completed, you are returned to the Manage Environments page where an informational message notifies you that the selected items were deleted.
To delete environment details from the Configuration Manager
From Oracle Access Manager Configuration Manager, select the Migration tab, then select Manage Environments. For example:
Migration, Environments
Click the option beside the desired Environment Name, then click the Delete button. For example:
Delete
A message asks you to verify this is what you want to do before the operation is performed, as shown here.
Verify the removal by clicking OK in the message window (or Cancel to terminate the operation without completing it).
OK
On the Manage Environments page, review the informational message to validate that the operation was successful and confirm that the environment details are no longer listed.
The environment must be live and online during snapshot, migration, and transaction operations. Any individual with HMUser
privileges can test an environment connection.
If there is any problem with the connection, notify the directory administrator.
To ensure the environment is live and online
From Oracle Access Manager Configuration Manager select the Migration tab, then click Environments. For example:
Migration, Environments
Click the desired name in the Environment Name column to view details. For example:
On the View Environment page, click the Test Environment button.
Test Environment
Read the informational message to ensure that the environment connection is successful.
Connection Successful: Continue with activities that involve this directory.
Connection Not Successful: Notify the directory administrator. The directory must be live and online during snapshot, migration, and transaction operations.
Discussions here explain how to view, create, enable, disable, and delete a directory association using Oracle Access Manager Configuration Manager. Before proceeding, confirm that prerequisite activities outlined inTable 3-3 are completed.
Table 3-3 Association Prerequisites
Confirm | Prerequisite Task | Look In |
---|---|---|
Add details for at least two environments (LDAP directories) to be used during data migration. |
Adding Environment Details to the Configuration Manager |
Any individual with HMUser
privileges can perform activities in the following task overview. The Oracle Access Manager Configuration Manager repository must be online. Oracle recommends that the LDAP directory environments involved are also online.
Task overview: Creating and managing directory associations
Creating a Directory Associationis required before you can migrate data
You can view association settings as described in the following procedure. If you have not yet created an association, see "Creating a Directory Association".
Any individual with HMUser
privileges can view association settings. The Oracle Access Manager Configuration Manager repository must be online. Oracle recommends that the environments involved are also online.
When you select the Associations secondary tab under the Migrate tab, the Association List page appears. A sample is shown in Figure 3-5. The table is empty when no associations exist in the Configuration Manager.
Association details include:
Association Name: The unique name entered to identify this associated directory pair.
Association Description: A brief optional statement entered for this association.
Source Environment: The name of the source environment (the LDAP directory that contains the data you will migrate).
Target Environment: The name of the target environment (the LDAP directory to which data will be migrated).
Status: Enabled or Disabled. Each association is enabled automatically when created.
When you click a name in the table, the Association Details page appears as shown in Figure 3-6.
From the Oracle Access Manager Configuration Manager, select the Migration tab, then select Associations. For example:
Migration, Associations
On the Association List page, click a name in the Association Name column. For example:
On the Association Details page, view the settings for this directory pair. For example:
Click the Back button to return to the Association List page.
Proceed to the following discussions, if desired:
Data migration requires a directory association that specifies the migration path between a source and target environment. Any individual with HMUser
privileges can create an association. The Oracle Access Manager Configuration Manager repository must be online. Oracle recommends that the LDAP directories involved are also online.
When you select the Associations secondary tab under the Migrate tab, the Association List page appears. You click the Create New button to display the Add Association page, which is shown in Figure 3-7.
When you enter an association name and optional description, you may use any combination of upper and lower case alpha/numeric characters, as well as spaces and punctuation. Lists are provided from which you can select the source and target environments from those that have been defined in the Configuration Manager.
After selecting a source environment, a list of possible target environments is established based on the release of your chosen source. For example, if the selected source environment is release 7.0.4, the Target Environment list is populated only with other release 7.0.4 environments defined in the Configuration Manager. The association is enabled automatically when you create it.
If the desired environment is not listed, you may need to add it. For more information, see "Adding Environment Details to the Configuration Manager".
Note:
Once an association is created, you cannot modify the details. You may remove an association, as described in "Deleting a Directory Association".From the Oracle Access Manager Configuration Manager, select the Migration tab, then select Associations. For example:
Migration, Associations
On the Association List page, click the Create New button. For example:
Create New
On the Add Association page, enter the following details to identify the source and target directories in this associated pair. For example:
Association Name: Enter a unique name that identifies this associated directory pair at a glance. For example:
1014Dev-QA
Association Description: Enter a brief optional statement that further identifies this associated pair. For example:
Password Policy
Source Environment: Select the name of the desired source directory from the list of existing environments. For example:
10104DEV
Target Environment: Select the name of the desired target directory from those listed. For example:
10104QA
Select Save to create the association (otherwise, select Cancel to terminate the operation).
Save
The Associations List page appears. The association is enabled for use automatically.
This discussion explains how to disable or enable a directory association. Any individual with HMUser
privileges can enable or disable an association. The Oracle Access Manager Configuration Manager repository, and the associated LDAP directories, must be online.
The association must be enabled for data migration. When you create a new association it is enabled for use automatically. When an association is disabled, you cannot migrate data nor view a transaction record for the association.
You do not need to disable an association before you delete it. However, Oracle recommends that you first disable then delete the association.
To enable (or disable) a directory association
From the Oracle Access Manager Configuration Manager, select the Migration tab, then select Associations. For example:
Migration, Associations
On the Association List page, select the option beside the desired association name. For example:
Enable the Association: On the Association List page, click the Enable button. For example:
Enable
A message informs you that the association is Enabled and the Status column states "enabled".
Disable the Association: On the Association List page, click the Disable button. For example:
Disable
A message informs you that the association is Disabled and the Status column states "disabled".
Proceed to the following discussions, if needed:
This discussion explains how to delete a directory association. Any individual with HMUser
privileges can delete an association. The Oracle Access Manager Configuration Manager repository, and the associated LDAP directories, must be online.
Oracle recommends that you disable the association before deleting it. When you delete an association, all migration transactions related to this association are also removed. However, snapshots for a deleted association remain until you explicitly delete the snapshot.
Note:
You cannot delete an environment that is part of an association. You must first delete the association and then delete the environment.During the delete operation, you are asked to confirm that this is the action you want to take. When the association is deleted, you are returned to the Association List page where an informational message notifies you that the removal was a success.
From the Oracle Access Manager Configuration Manager, select the Migration tab, then select Associations. For example:
Migration, Associations
On the Association List page Select column, select the option beside the desired association name then click the Delete button. For example:
Delete
A message asks you to verify that this is what you want to do, as shown here.
Verify the removal by clicking OK (or click Cancel to terminate the operation without completing it).
OK
On the Association List, review the informational message that confirms that the item was deleted.
Proceed to following discussions as needed:
As discussed in Chapter 1, you have the following options for applying changes to logical object attributes:
After creating an association, you may create optional transformation rules that will be applied during the migration operation using the procedure in this discussion.
During the migration operation, transformation rules are applied and then you may customize attributes manually as described in "Migrating Data".
After migration, you can change attribute values as follows:
On the Rollback Transaction, Customization page. For more information, see "Rolling Back Changes Made During a Specific Transaction".
Directly in the target Oracle Access Manager 10g (10.1.4.0.1), or Oracle COREid Release 7.0.4, deployment.
A transformation rule is one that you define for a specific directory association before you start migrating data. Transformation rules are applied during the customization phase of the migration operation. Each transformation rule converts existing logical object attribute values and system specific settings to a value that you specify when you define the rule. On the Customize page, you can see the logical object as it is before the rule is applied (Before Migration) and as it is after the rule is applied (After Migration).
For example, suppose you are migrating 20 password policies and you want to change the Number of login tries allowed
attribute value from 2
to 3
(or you want to change Hostname
variations while migrating Host identifiers). You can create a transformation rule before data migration that be applied and perform these activities during data migration.
Any individual with HMUser
privileges can perform tasks related to transformation rules. While performing these tasks, the Oracle Access Manager Configuration Manager repository and the associated LDAP directories must be online.
Confirm that the prerequisite tasks outlined in Table 3-4 are completed before you start defining optional transformation rules
Table 3-4 Transformation Rule Prerequisites
Confirm | Prerequisite Task | Look In |
---|---|---|
Add environment details for at least two LDAP directories within deployments of the same release. |
Adding Environment Details to the Configuration Manager |
|
Create at least one directory association to specify the source and target environments for your transformation rule |
Creating a Directory Association |
Task overview: Adding and managing transformation rules includes
You use the procedure in this discussion to view an existing transformation rule for a directory association. Any individual with HMUser
privileges can perform this task. The Oracle Access Manager Configuration Manager repository and associated LDAP directories must be online.
When you select the Associations secondary tab under the Migrate tab, the Association List page appears. After selecting a name in the Association Name column to display the Association Details page, you click the Transformation Rules subtab. Details about existing transformation rules for the association appear in a table as shown in Figure 3-8. Initially, the Transformation Rule table displays only the logical object types on the target for which a transformation rule exists. If no rule exists, a message states "No Transformation Rules were found".
Figure 3-8 Transformation Rules Page and Table
You click the Show arrow beside the desired logical object type to expand details. Figure 3-9 shows the types of details outlined for the transformation rule, which include Attribute, Operator, Old Value, and New Value. The Edit, Delete, and Add Transformation Rule buttons are also available.
Figure 3-9 Rule Details with Edit, Delete, and Add Transformation Rule Buttons
From the Oracle Access Manager Configuration Manager, select the Migration tab, then select Associations. For example:
Migration, Associations
In the Association Name column, click the desired name. For example:
The Association Details page appears.
On the Association Details page, click the Transformation Rule subtab. For example:
Click the Show arrow beside the desired logical object type to display the corresponding rules and attributes. For example:
Proceed to the following discussions if desired:
You use the procedure in this discussion to add an optional transformation rule for a directory association that will automatically change an attribute value on the target during data migration. Any individual with HMUser
privileges can perform this task. The Oracle Access Manager Configuration Manager repository and associated LDAP directories must be online.
You start this operation much the same as you would when viewing a transformation rule. For example, you select an existing association name and then select the Transformation Rule subtab. If the desired association is not listed, ensure that it was formed as described in "Creating a Directory Association".
From the Transformation Rule subtab, you select the Add Transformation Rule button. On the Add Transformation Rule page, lists are initially empty and fields are blank. The available attributes depend on the logical object type you select. The available operators depend upon the attribute you select. In the Attribute list, system-specific attributes are shown with an asterisk, *.
You select a logical object type and a related attribute to which the rule will be applied. You then select an operator. To finish, you enter the old parameter value and a new parameter value as described in the following procedure. A completed transformation rule will look like the example in Figure 3-10.
To add a transformation rule to a directory association
From Oracle Access Manager Configuration Manager, select the Migration tab, then select Associations. For example:
Migration, Associations
In the Association Name column, click the desired name. For example:
The Association Details page appears.
Click the Transformation Rules subtab. For example:
Transformation Rules
The Transformation Rules page appears with the Add Transformation Rule button. Included is a table of logical object types for which rules are defined within this association. The table is empty if no rules are defined for this association.
Click the Add Transformation Rule button to display the page where you can create a new rule.
Add Transformation Rule
The Add Transformation Rules page provides lists from which you select specific elements of the rule and a field where you enter a specific parameter for this rule.
On the Add Transformation Rules page, select from the lists to define this rule. For example:
Logical Object Type: Select the appropriate logical object type from the list. For example:
Password Policy
Attribute: Select the desired attribute from the list, which varies depending upon the selected logical object type. For example:
Number of Login Tries Allowed
Operator: Select the appropriate operator for this attribute and rule. For example:
Replace
Old Value: Enter the old value of the parameter. For example:
2
New Value: Enter the new value of the parameter. For example:
3
Click the Save button to complete the operation (or Cancel to terminate without saving this rule).
Save
The Association Details page appears with a message announcing that your transformation rule has been saved.
Click the Transformation Rule subtab to add other transformation rules or to modify or delete a transformation rule.
Any individual with HMUser
privileges can perform this task. The Oracle Access Manager Configuration Manager repository and associated LDAP directories must be online.
You use the procedure here to edit an existing transformation rule for an association. For example, you can use this procedure to make a correction using the page shown in Figure 3-11.
Figure 3-11 Edit Transformation Rule Page
This procedure is similar to creating a transformation rule. However when you edit a rule, the Logical Object Type and Attribute are fixed and cannot be changed. Only the operator list, and the old and new value fields are active and may be used to modify current information.
From Oracle Access Manager Configuration Manager, select the Migration tab, then select Associations. For example:
Migration, Associations
In the Association Name column, click the desired name. For example:
The Association Details page appears.
Click the Transformation Rules subtab to display the Transformation Rules page. For example:
Transformation Rules
The Transformation Rules page organizes logical object types for which rules have been created in a table.
Click the Show arrow beside the desired logical object type to display details about this rule. For example:
Show
Select the attribute option to edit. For example:
Click the Edit button to display the page where you can modify this rule.
Edit
Modify the details for this transformation rule using the guidelines in "Adding an Optional Transformation Rule".
Click Save to retain this change (or Cancel to terminate the operation).
Save
Repeat this procedure to modify other transformation rules or proceed to following discussions as needed:
You use the procedure in this discussion to remove an existing transformation rule from the association. Any individual with HMUser
privileges can perform this task. The Oracle Access Manager Configuration Manager repository and associated LDAP directories must be online.
The delete operation cannot be undone. Before the rule is deleted, a message asks you to verify that this is the action you want to take. After the transformation rule is deleted, an informational message notifies you that operation was a success. You cannot restore a deleted transformation rule; instead, it must be re-created.
To delete a transformation rule
From Oracle Access Manager Configuration Manager, select the Migration tab, then select Associations. For example:
Migration, Associations
In the Association Name column, click the desired name. For example:
The Association Details page appears containing both the current Association Settings and the Transformation Rules subtab.
On the Association Details page, click the Transformation Rules subtab.
Transformation Rules
Click the Show arrow to display the desired rule. For example:
Show
On the Transformation Rules page, select the option beside the desired attribute to delete. For example:
Click the Delete button to remove this rule. For example:
Delete
A message asks you to verify this operation.
Verify by clicking OK in the message window (or click Cancel to terminate the operation without completing it). For example:
OK
Review the informational message and confirm that the item no longer appears in the rules table.
Repeat as needed to remove other rules.
Proceed to the following discussions before migrating data:
Oracle Access Manager Configuration Manager provides a SnapShot function that enables you to create a backup copy of the entire oblix
tree in a selected environment (LDAP directory defined in the Configuration Manager). You may restore a snapshot to restore the entire oblix
tree to the directory.
Making a snapshot does not significantly impact performance of the directory nor Oracle Access Manager Configuration Manager performance.
Confirm that all prerequisite tasks in Table 3-5 have been performed before making a snapshot.
Table 3-5 Snapshot Prerequisites
Confirm | Prerequisite Task | Look In |
---|---|---|
Add environment details in the Configuration Manager |
Adding Environment Details to the Configuration Manager |
|
Notify administrators of the snapshot window in advance |
Notifying Other Administrators |
|
Confirm that the appropriate environment is accessible to the Configuration Manager |
Testing the Environment Connection |
Any individual with HMUser
privileges can perform the tasks outlined in the following overview. The Oracle Access Manager Configuration Manager repository and associated LDAP directories must be online.
Task overview: Making and managing snapshots
You may view some information about a snapshot made using Oracle Access Manager Configuration Manager. However, you cannot view the actual content of a snapshot. Any individual with HMUser
privileges can perform this task. The Oracle Access Manager Configuration Manager repository and environment must be online.
You start from the SnapShots tab and select an environment name from the Select Environment list. The table is empty until you select an environment. If snapshots exist for this environment, details are organized in a table as shown in Figure 3-12. Details that you can view include the snapshot name, an optional description, the date the snapshot was created, and the individual who created the snapshot. The table is empty if no snapshots exist for this environment.
Figure 3-12 SnapShot List Page with Details
You may view snapshot details using the following procedure However, you cannot view the content of a snapshot.
From Oracle Access Manager Configuration Manager, select the SnapShots tab. For example:
SnapShots
The SnapShots List page appears. At this point, you may either select an environment or create a new snapshot.
From the Select Environments list, choose an environment. For example:
If snapshots exist for the selected environment, details are organized in a table. Otherwise, a message in the table informs you that no items were found.
Proceed to the following discussions, as needed:
You use the following procedure to create a snapshot of an existing environment. Any individual with HMUser
privileges can perform this task. The Oracle Access Manager Configuration Manager repository and the environment must be online.
The snapshot may be used only by Oracle Access Manager Configuration Manager. If you are migrating configuration data using the Configuration Manager, Oracle recommends that make a snapshot of the target just before migrating data. If you are using the Configuration Manager to export configuration data to an LDIF file, Oracle recommends that you create a snapshot of the target just before importing the LDIF file.
There is no significant impact on LDAP directory nor Configuration Manager performance during the snapshot process. The duration of the snapshot process depends on the amount of configuration data in the oblix
tree in the selected environment.
Note:
Oracle recommends that you schedule a window of time for this operation and notify other administrators before starting. For more information, see "Notifying Other Administrators".From the SnapShots tab you select an environment from the list, and then click the Create New button to display the Add SnapShot page. You enter the snapshot name and optional description in the fields provided.
When naming a snapshot or adding a description, you may use any combination of upper and lower case alpha/numeric characters, as well as spaces and punctuation. You then select an environment from the Select Environment list. A completed Add SnapShot page is shown in Figure 3-13.
When you click the Save button, the snapshot is created. When the process completes, an informational message confirms that the operation was successful. The new snapshot name and details appear in the table on the SnapShot List page. You cannot view the actual content of a snapshot.
From Oracle Access Manager Configuration Manager, select the Snapshots tab. For example:
SnapShots
Select an environment from the Select Environments list. For example:
Click the Create New button to display the Add Snapshot page.
Create New
Fill in the Add SnapShot page with information appropriate to your environment, as follows:
SnapShot Name: Enter a unique name that will identify this specific snapshot in the list. For example:
10104QA - Dec 14
Description: Enter an optional description to further distinguish this from other snapshots in the list. For example:
Before migrating Manager Workflow
Select Environment: From the list, select the specific directory for which you want to capture a snapshot. For example:
10104QA
Select Save to assign this information and create the snapshot (otherwise select Cancel to terminate the operation without creating the snapshot).
Save
When the operation completes, you are returned to the Snapshot List page where you should see a message confirming that the Snapshot was saved.
Check the message and the table to confirm that the snapshot is available for possible restoration later.
Snapshot Successful: Proceed with migration.
Snapshot Not Successful: If you receive an error message, test the connection to the environment and the repository to ensure that these are live and online.
You may use the following procedure to delete a snapshot. Any individual with HMUser
privileges can perform this task. The Oracle Access Manager Configuration Manager repository and associated LDAP directories must be online.
Note:
Once a snapshot is deleted, you cannot use this snapshot for any restoration operation in the Configuration Manager.Deleting a snapshot cannot be undone. During this procedure, a message asks you to verify that you do want to delete the snapshot. When you confirm, the operation completes and you are returned to the SnapShots List page. An informational message notifies you that the snapshot was deleted; related details are removed from the table.
From Oracle Access Manager Configuration Manager, select the SnapShots tab. For example:
SnapShots
Select an environment from the Select Environments list. For example:
In the Select column, click the option beside the name of the snapshot you want to delete. For example:
Click the Delete button.
Delete
A message asks you to verify that you want to delete the snapshot.
Click OK in the message window to verify removing the snapshot (otherwise, click Cancel to terminate the operation).
OK
On the SnapShots List page, review the informational message and validate that the selected item was deleted.
You may want to restore a snapshot if configuration data in the oblix
tree of the environment becomes inconsistent or is corrupted as a result of changes that are external to Oracle Access Manager Configuration Manager. Any individual with HMUser
privileges can perform this task. The Oracle Access Manager Configuration Manager repository and the appropriate environment must be online.
When you restore a snapshot that was made using Oracle Access Manager Configuration Manager, the entire oblix
tree is restored to the directory. Revoked changes include both migration changes made using the Configuration Manager, as well as changes made outside the Configuration Manager.
Caution:
Restoring a snapshot reverts all changes made after the snapshot was taken and returns the directory to the state it was in at the time the snapshot was made.Before the restoration commences, you are asked to verify that you want to restore the selected snapshot. After your verification a new snapshot is created to capture the current state of the directory, and then the selected earlier snapshot is restored. If you believe that too many changes were reverted during the restoration, you can restore the snapshot that was made during the restoration.
Note:
If you created a directory backup using any application other than Oracle Access Manager Configuration Manager, you cannot use Configuration Manager to restore the backup.To restore the content of a snapshot
From Oracle Access Manager Configuration Manager, select the SnapShots tab. For example:
SnapShots
Select an environment from the Select Environments list. For example:
In the Select column, click the option beside the name of the snapshot you want to restore. For example:
Click the Restore button. For example:
Restore
A message asks you to verify that you want to complete the Restore operation, which reverts the oblix
tree in the environment to its previous condition.
Click OK to complete the restoration (or Cancel to terminate the operation).
OK
After you verify the operation a new snapshot is made of the environment in its current state, and then the content of the selected snapshot is restored.
On the SnapShots List, review the informational message to confirm success; you should see the new snapshot details in the table.
Topics in this discussion include migration overviews that explain the migration process and all activities you will perform. Following the overviews is a step-by-step procedure to guide you. Any individual with HMUser
privileges can perform this task. The Oracle Access Manager Configuration Manager repository and associated LDAP directories must be online during all migration activities.
Note:
Oracle recommends that you schedule a migration window and notify administrators before migrating data. For more information, see "Notifying Other Administrators".Figure 3-14 illustrates the migration process and tasks that you will perform using the Configuration Manager. Additional details follow the figure.
The following task overview presumes that you have completed all prerequisite tasks in Table 3-6.
Task overview: Migrating data after selecting the Migration tab, and Migrate subtab
Select a directory association to specify the migration path: Required and described in "About Selecting an Association".
Select logical object (logical object types) to migrate: Required and introduced in "About Selecting Logical Objects to Migrate".
Compare the logical objects that you selected in a navigation tree:
To review the differences on the source and the target
To see related objects that you can select and migrate as well as dependents that will be migrated automatically
For more information, see "About Comparing Data Before Migration", .
Customize the selected logical objects:
Automated: To automatically apply any optional transformation rules that were defined for this association. For more information, see "Adding and Managing Optional Transformation Rules".
Optional: Edit logical object attributes manually to assign new values that will be applied to the target during migration. For more information, see "About Customizing the Target"
Preview the target system to review the selected logical objects as they are now and as they will be when migration completes. For more information, see "About Previewing Before Migration".
Enter a unique transaction description to identity the record of this migration, which is created automatically, then Migrate the data. For more information, see "Migrating Data".
Alternative: Export data to an LDIF file then import the data offline (using an external tool to import the data). For more information, see "About Exporting Data to an LDIF File (Optional)".
Restart all Identity Servers and Access Servers in the target environment, as described in "Restarting Servers After Migration".
Caution:
You may not use the Oracle Access Manager Configuration Manager to migrate data from a release 7.0.4 environment to a release 10g (10.1.4.0.1) environment nor vice versa. For more information, see "Deployment Support and Interoperability".The LDAP directory environments that you will use during the migration must be online and accessible to the Configuration Manager.
You start data migration by selecting the Migration tab, then the Migrate secondary tab. The Select Logical Objects to Compare page appears. A progress indicator appears at the top of the page: Select is highlighted. From here, you must select an association to specify the migration path from a source environment to a target environment.
Figure 3-15 Association Name, Select Logical Objects to Compare Page
You are ready to select logical object types, as described next.
After selecting an association, a folder appears representing the source environment. You can select the expansion icon to the left of the icon to display logical object types on the source. A scroll bar beside the list enables you to scroll up and down as needed.
When you click the expansion icon beside the folder, all supported logical object types in the environment are displayed as shown in Figure 3-16. A check box beside each logical object type enables you to select (or clear) items to compare. No defaults are selected.
Figure 3-16 Partial Logical Object Types List
Each logical object folder includes an expansion icon. When you expand a logical object type, you can see the logical objects grouped under that type. You can select as many logical object types (or logical objects) as needed:
Select the check box beside a logical object type to compare all logical objects of a particular type.
Click the expansion icon beside a folder to expand the type and display logical objects.
After selecting logical object types (or logical objects), your next activity is to compare the selected logical object types as described next.
You have the opportunity to view and compare differences between logical objects on the source and target at one time.
After selecting items on the Select Logical Object Types to Compare page and clicking the Compare button, the Compare and Migrate page appears. Both the source and target environments are shown. In the progress indicator, Compare is highlighted. Scroll bars are available on both the page and browser window.
When you click either title, Source Environment or Target Environment, details about both environments expand in to a navigation tree. Expanded information is based on the logical object types (or logical objects) that you selected.
Expanding Objects to Compare: Initially, folders for the source and target environment are collapsed. You click the icon to the left of a folder to expand or collapse the navigation tree for the object.
Expanding an object in one view results in an expansion of the object in both views. Expanded objects show attributes, related objects, and dependents. For more information about related objects and dependents, see "Physical Entries and Logical Objects". A sample Compare and Migrate page is shown in Figure 3-17.
Figure 3-17 Partial Compare and Migrate Page
Only Differences are Displayed: Whether you select logical object types or specific logical objects, the Compare and Migrate page shows only the differences between the source and target. For example, suppose that you have five workflows: WF1, WF2, WF3, WF4, and WF5 in the source environment and suppose that:
WF1 is also present in the target with a different Description attribute
WF2 and WF3 are not in the target environment
WF4 and WF5 are the same in the source and the target environments
If you selected only the logical object type User Manager Workflow Definition, the Compare and Migrate page will display WF1 because it has a different Description attribute, as well as WF2 and WF3 which are not yet on the target.
However, if you selected logical objects WF1, WF2, WF4, the Compare and Migrate page shows WF1 because it has a different attribute value, and WF2 because it does not exist on the target at this time. However, WF4 is not shown because it is the same in both the source and target environments.
Symbols Highlight Differences When Comparing Objects to Migrate: The following symbols may appear between an object name and its check box to alert you to differences as shown in Figure 3-17. For example, the:
+: Add Icon appears only when the object is present in one directory but not both.
!: Diff Icon (!) appears when the logical object has differing attribute values or dependents, or both.
The example in Figure 3-17 shows the following differences (among others):
Policy1
(displayed with the Add + icon) is present only in the source.
Policy2
(displayed with the Diff ! icon) is the same logical object in the source and target but has different attribute values for the Number of Login tries Allowed
and Password Minimum Age
on the source and target.
Steps to compare data are included in the procedure under Migrating Data.
Selecting Objects to Customize and Migrate: After comparing the differences between the source and target, you select the check box beside objects in the source tree that you want to migrate. When all desired objects are selected on the source, you click the Next button to display the Customize page. If you click Cancel, you are returned to the Select Logical Objects to Compare page.
The next step is to customize data on the target before migration, as described next.
You can resolve differences in attribute values by creating optional transformation rules or by manually customizing attributes during migration.
After selecting logical objects on the Compare and Migrate page and clicking Next, any transformation rules that were defined for the association are applied automatically. The Customize page appears and shows how objects on the target have been customized by the application of transformation rule, if any. In the progress indicator, Customize is highlighted.
Initially, only the titles of the two environments are shown. When you expand either environment, details of both environments are presented in a navigation tree:
Target Environment - Before Migration: The current and exact state of logical objects in the target LDAP directory before transformation rules and any manual customizations are applied.
Target Environment - After Migration: The state of logical objects on the target as they will be after transformation rules, manual customization, and migration are completed.
A sample Customize page is shown in Figure 3-18. In this example, objects are expanded. Differences in attributes and dependents are visible. Again, the Add (+) and the Diff (!) icons indicate differences between the target before and after migration.
Clicking the Cancel button terminates the Customize operation and returns you to the Select Logical Object Types to Compare page.
Manually Customizing Attributes: Attributes in the Target Environment - After Migration tree include an update button labeled with two dots (..). Selecting an update button opens an Update Attribute window where you can manually assign a new value for the attribute. The new value will be assigned during the data migration. Alternatively you may customize attributes after migration within your Oracle Access Manager 10g (10.1.4.0.1), or Oracle COREid Release 7.0.4, deployment.
For example suppose that in both views the Password Policy Enable
is (False)
. To manually customize the value of this attribute, you select the (..) button beside Password Policy Enable (False)
. In the Update Attribute window, you enter a new value, in this case true
, and save it. Figure 3-19 provides an example of the Update Attribute window.
When you select Save, you are returned to the Customize page and the new value is reflected in the Target Environment - After Migration tree. If you canceled the update, you are returned to the Customize page with no changes made to the attribute.
When you finish customizing attributes and select the Next button the Preview page appears, as described next.
The Preview page provides you with a final opportunity to evaluate any customizations and to verify the logical objects that will be migrated. In the progress indicator, Migrate is highlighted.
On the Preview page, you expand icons as you did on other pages. The Diff ! icon appears only to identify attribute value differences on the target before and after the migration.
Before you select the Migrate button you need to enter a unique transaction description, as described next.
Selecting the Back button returns you to the Customize page. Selecting the Cancel button returns you to the initial Select Logical Objects to Compare page, with nothing selected.
Before you select the Migrate button, Oracle recommends that you enter a unique transaction description in the field provided at the bottom of the Preview page. A unique numeric Transaction ID is assigned automatically during data migration. A unique description will help identity this transaction from others later on. You may use a transaction record to roll back any changes made during this migration, as described in Chapter 5.
When you click the Migrate button, data migration begins. When migration completes, an informational message appears stating the operation was successful. For details about the time to complete data migration, see "Downtime Assessment and Example".
Note:
Alternatively, you may choose to export data to an LDIF file, as described next.After migrating data, you must restart all Identity and Access Servers in the target deployment, as described in "Restarting Servers After Migration".
Oracle Access Manager Configuration Manager allows you to export data to an LDIF file instead of migrating data automatically. If you export data to an LDIF file you can edit the LDIF file offline using a text editor, if desired, then import the LDIF file using an external tool offline.
The export method includes using Oracle Access Manager Configuration Manager to select an association, select logical object types on the source, and compare selected objects on the source with those on the target. You also preview changes after the application of transformation rules and customize data manually using Configuration Manager if you choose. Instead of assigning a transformation description and migrating data with Configuration Manager, you export your selections to an LDIF file.
After exporting data to an LDIF file, you import it offline at a later time. In this case, no transaction record is created because the actual migration occurs independently. Without a transaction record, rolling back changes is not possible using the Oracle Access Manager Configuration Manager.
Steps to export data to an LDIF file are included in the procedure on "Migrating Data", next. In this case, Oracle recommends that you make a snapshot of the target directory just before importing the LDIF file using an external tool.
Note:
Details of importing the LDIF file are outside the scope of this manual.Whether you export data to an LDIF file or migrate data automatically using the Configuration Manager, you must restart all Identity and Access Servers in the target deployment. For more information, see "Restarting Servers After Migration".
Any individual with HMUser
privileges can perform data migration. The Oracle Access Manager Configuration Manager repository and associated LDAP directories must be online. Confirm that all prerequisite tasks in Table 3-6 are completed before you use the procedure in this section to migrate data.
Table 3-6 Migration Prerequisites
Confirm | Prerequisite Task | Look In |
---|---|---|
Notify administrators of the migration window in advance (and follow up after migration) |
Notifying Other Administrators |
|
Create at least one directory association to specify the source and target for the migration |
Creating a Directory Association |
|
Add (optional) transformation rules for the association |
Adding an Optional Transformation Rule |
|
Make a snapshot of the current state of the target directory |
|
To migrate data from the source to the target
Test Environment: Perform the following activities to confirm that the source and target environments in the association are accessible to the Configuration Manager:
From Oracle Access Manager Configuration Manager, select the Migration tab, click Environments. For example:
Migration, Environments
Click the source Environment Name to view details. For example:
On the View Environment page, click the Test Environment button.
Test Environment
Read the informational message to confirm that the environment connection is successful.
If there is any problem with the connection, notify the directory administrator. The directory must be live and online during the migration.
Repeat these activities with the target environment to ensure that it is live and online.
From the Oracle Access Manager Configuration Manager, select the Migration tab, then click Migrate. For example:
Migration, Migrate
From the Select Association list, choose the desired association. For example:
Perform the following steps to select logical objects to compare and migrate:
Expand the association icon to display a list of supported logical object types. For example:
Select all logical object types that you want to include in this migration.
Compare: Perform the following steps to compare differences and view dependents of selected logical object types on the source and target directories:
Click the Compare button to display the Compare and Migrate page. For example:
Compare
The Compare and Migrate page appears.
Show Differences: On the Compare and Migrate page, perform the following steps to review any differences:
Expand objects by clicking the expansion icon beside the folder.
Add + icon: Determine whether the Add icon is only in the target, or only in the source.
Diff ! icon: Determine which objects are designated with the Diff ! icon (differing attribute values or dependents).
Show Dependents: Perform the following activities to show dependents for a logical object:
Click the expansion icon beside a logical object to expand it.
Look for and expand the list of dependents and attributes.
Dependents are migrated automatically; there is no way to select these independently. However, you must select logical objects and related logical objects to migrate.
Select Logical Objects and Related Objects for Migration: From the Source, check the box beside each item you want to select (or click a checked box to clear it).
On the Compare and Migrate page, click the Next button to display the Customize page.
Next
For more information about comparing logical objects, see "About Comparing Data Before Migration".
When you select the Next button, any transformation rules created for this association are applied automatically. The Customize page appears. The body of the page is divided in two segments: Target Environment - Before Migration and Target Environment - After Migration.
Customize: On the Customize page, perform the following activities:
Review details of the Target Environment - After Migration to see how the application of any transformation rules has changed objects.
Observe and document differences between the Target Environment - After Migration and the Target Environment - Before Migration; pay attention to any item flagged with the Diff (!) icon because you may want to update attributes.
Proceed as desired for your environment:
Update Attributes Before Migration: Proceed to step 7 if you want to perform this optional activity.
Preview Data: Proceed to step 8 to review all information before migration.
Cancel the Migration: Click the Cancel button to return to the Select Logical Objects to Compare page.
For more information, see "About Customizing the Target".
Update Attributes: From the Customize page, perform the following optional activities if desired. After expanding objects in the Target Environment - After Migration list:
In your browser window, enable pop-ups for this site.
Click the updated button (..) beside the attribute you want to change to open the Update Attributes window. For example:
In the Update Attributes window, add the new value and click Save. For example:
Attribute Name: The current attribute name is fixed and cannot be changed.
Attribute Old Value: The current attribute value is fixed.
Attribute New Value: Enter the new attribute value you want to assign using guidelines in "About Customizing the Target".
Save: Click the Save button to save the updated attribute value and return to the Customization page.
Repeat as needed for each attribute you want to change in the Target Environment - After Migration list.
When you finish with the Customize page, click the Next button to call the Preview page.
Preview the Target: On the Preview page, expand icons and review all information to confirm that this is what you want to migrate, then proceed as appropriate for your migration. For example:
Export Data to an LDIF File: Proceed to step 9 to export data to an LDIF file for customizing or importing with an external tool. In this case, no transaction record is created.
Migrate Data Now: Skip to step 10 to assign a transaction description then continue with following steps.
Cancel the Migration: Click the Cancel button to return to the Select Logical Objects to Compare page.
Export to LDIF File (Optional): Use the following steps only to export the selected logical objects to an LDIF file (to import offline at a later time).
Click the Export to LDIF button.
Export to LDIF
In the Open MigrationData window, click Open with Notepad (default).
Open with Notepad (default)
In the Notepad window, you may review and edit the data to be exported, then save the file.
Save
In the Save as window, locate the destination directory for this file and enter a file name with the .ldif extension and click Save. For example.
MigrationData_12_16.ldif
The file is created in the location you specify. No transaction record is created. For more information, see "About Exporting Data to an LDIF File (Optional)".
Before using an external tool to import the LDIF file, make a snapshot of the target directory.
Use of external tools to migrate data using an LDIF file are outside the scope of this manual.
Assign a Transaction Description (Required): In the Transaction Description field at the bottom of the Preview page:
Enter a unique name to help you recognize the record of this specific transaction later on. For example:
10104DevQA_12_14
Click Save.
Save
Migrate Data: On the Preview page, click the Migrate button. For example:
Migrate
A unique Transaction ID is assigned, then the migration operation completes. The amount of time it takes to perform the migration has several factors. For more information, see "Downtime Assessment and Example".
An informational message confirms that the migration is complete as shown here. The transaction ID and description are also shown.
Review the informational message, then note the transaction ID assigned during the migration (and description that you provided).
After migration, you need to shut down and restart all Identity Servers and Access Servers to flush the caches and update the configuration with the new information.
Proceed to "Restarting Servers After Migration" to ensure data synchronization after migration.
When you alter data directly using the Identity or Access System Console, changes are automatically written to the directory from the server. In this case, appropriate entries in the server cache are flushed and the server is updated with the latest configuration data automatically.
However when you use the Oracle Access Manager Configuration Manager to migrate changes, or you export data to an LDIF file and import it offline, changes are written to the directory only. In this case, the servers are not directly involved. As a result, immediately after migrating data with the Configuration Manager you must manually restart all Identity Servers and Access Servers in the target environment to flush their caches and update the servers with the latest configuration data from the target directory.
Caution:
When multiple servers are involved, it is particularly important to avoid delays that could result in data synchronization issues between the server and the directory. During a rolling restart, there will be a period of inconsistency until all servers have been restarted.Restarting 10g (10.1.4.0.1) Policy Manager components (known in release 7.0.4 as the Access Manager component), is not required after data migration.
Caution:
If you have a replicated directory environment, you must ensure that the migration changes made to the master LDAP directory are fully propagated to the replicas before restarting Identity and Access Servers.To ensure data synchronization after migration
Replicated Environment: Immediately after migrating data, ensure that all changes have fully propagated to the replicas before performing server restarts as described in following steps.
Immediately after migrating data, restart all Identity Servers (Identity Server Service on Windows platforms) in the target installation.
Immediately after migrating data, restart all Access Servers (Access Server Service on Windows platforms) in the target installation.
Validate the target environment and data changes as described in Chapter 4, "Validating Migration Success".