If planning a skip-level upgrade, be sure to also review the upgrade notes in the following sections. Upgrade notes for subsequent versions of Identity Manager also apply to your upgrade.
If you are using an Oracle repository, the Identity Manager 8.0 and 8.1 repository DDL uses data types that are not properly handled by older Oracle JDBC drivers. The JDBC drivers in ojdbc14.jar do not properly read all of the columns in the log table.
You must upgrade to the ojdbc5.jar for JDK 5 drivers for Identity Manager to work properly.
Upgrading automatically converts the User Extended Attributes object and QueryableAttrNames and SummaryAttrNames elements of the UserUIConfig object into the IDM Schema Configuration object. (ID-17784)
The sample update.xml script contains an import command that invokes IDMSchemaConfigurationUpdater to convert legacy user schema configuration objects. Successful conversion of legacy user schema configuration objects performs the following:
Creates within IDM Schema Configuration an IDMObjectClassAttribute element for each extended attribute name from User Extended Attributes.
Flags as ”summary’ any IDMObjectClassAttribute that corresponds to each value from the SummaryAttrNames element within UserUIConfig.
Flags as ”queryable’ any IDMObjectClassAttribute that corresponds to each value from the QueryableAttrNames element within UserUIConfig.
Empties the SummaryAttrNames element within UserUIConfig.
Empties the QueryableAttrNames element within UserUIConfig.
Renames any extended attribute named objectClass to spml2ObjectClass. Starting in version 8.0, legacy attributes named objectClass conflict with a core attribute in the Identity Manager schema.
Identity Manager 8.0 dedicated some new tables for Roles objects. You must use the sample scripts provided in the db_scripts directory to make the schema changes, create the new table structures, and move your existing data.
Before updating the repository database table definitions, make a full backup of your repository tables.
Refer to the db_scripts/upgradeto8.0from71.DBMSName script for more information.
Be careful when you edit the super role field in the Role form because the super role itself may be a nested role. The super roles and subroles fields indicate a nesting of roles and their associated resources or resource groups. When applied to a user, the super role includes the resources associated with any designated subrole. The super role field is displayed to indicate the roles that include the displayed role.
During the upgrade process, Identity Manager analyzes all roles on the system and then updates any missing subroles and super roles links using the RoleUpdater class.
To check and upgrade roles outside of the upgrade process, you can import the new RoleUpdater configuration object that is provided in sample/forms/RoleUpdater.xml.
For example:
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE Waveset PUBLIC 'waveset.dtd' 'waveset.dtd'> <Waveset> <ImportCommand class='com.waveset.session.RoleUpdater' > <Map> <MapEntry key='verbose' value='true' /> <MapEntry key='noupdate' value='false' /> <MapEntry key='nofixsubrolelinks' value='false' /> </Map> </ImportCommand> </Waveset> |
Where:
verbose: Provides verbose output when updating roles. Specify false to enable a silent update of roles.
noupdate: Determines whether the roles are updated. Specify false to get a report that only lists which roles will be updated.
nofixsubrolelinks: Determines whether super roles are updated with missing subrole links. This value is set to false by default and links will be repaired.
Administrators who need to view or edit the Identity Manager schema for Users or Roles must be in the IDM Schema Configuration AdminGroup and must have the IDM Schema Configuration capability.
The SPML 2.0 implementation in Identity Manager changed in Sun Identity Manager 8.0. In previous releases, the SPML objectclass attribute used in SPML messages was mapped directly to the objectclass attribute of Identity Manager User objects. The objectclass attribute is now mapped internally to the spml2ObjectClass attribute and is used internally for other purposes.
During the upgrade process the objectclass attribute value is automatically renamed for existing users. If your SPML 2.0 configuration contains forms that reference the objectclass attribute, you must manually change those references to spml2ObjectClass.
Identity Manager does not replace the sample spml2.xml configuration file during an upgrade. If you used the spml2.xml configuration file as a starting point, be aware that this file contains a form with references to objectclass that you must change to spml2ObjectClass. Change the objectclass attribute in forms (where it is used internally), but do not change the objectclass attribute in the target schema (where the attribute is exposed externally).
When you upgrade Identity Manager, any custom code that calls UserUIConfig#getRepoIndexAttributes() must be removed or changed to call Type.USER#getInlineAttributeNames(). (ID-18051)
Importing update.xml converts the values from the UserUIConfig RepoIndexAttrs into values of XML attributes on the TypeDataStore element for Type.USER within the RepositoryConfiguration object. The update.xml file includes the UserUIConfigUpdater.xml file, which contains an import command that invokes UserUIConfigUpdater to convert RepoIndexAttrs. Conversion also sets a flag in SystemConfiguration that inhibits reconversion.
Any future changes to the inline attributes for Type.USER should be made by editing the RepositoryConfiguration object. If you change the inline attributes for Type.USER, you generally must refresh all Type.USER objects.
Changes to RepositoryConfiguration do not affect an Identity Manager server until you restart that server.