Changing the Identity Attribute of an Existing User Directory Configuration

When you configure a new user directory, the recommended value of the identity attribute is automatically set if you choose Oracle Internet Directory, SunONE Directory Server, IBM Directory Server, Novell eDirectory, or Active Directory as the user directory. In some cases, users select Other as the user directory to configure these LDAP-based user directories so as to use a custom identity attribute; for example, DN. If you want to change the identity attribute of a configured LDAP-enabled user directory of type Other to the recommended attribute for the user directory, you must complete the following migration procedure:

  To migrate from a custom identity attribute to the recommended attribute:

  1. Launch the Shared Services Console. See Launching Shared Services Console.

  2. Select Administration, and then Configure User Directories.

  3. From Defined User Directories screen, select the user directory for which you want to change the identity attribute.

  4. Click Edit.

  5. In ID Attribute, change the existing value to the default ID attribute value for the user directory. For example, if this is an Oracle Internet Directory, enter orclguid in place of the existing value. See Table 10.

    Table 10. Default ID Attributes for Supported User Directories

    Directory ServerDefault Attribute
    Sun One LDAPnsuniqueid
    IBM Directory Server LDAPIbm-entryUuid
    Novel eDirectory LDAPGUID
    Oracle Internet Directoryorclguid
    Active DirectoryObjectGUID

  6. Click Finish.

  7. In the View pane of Shared Services Console, expand Application Groups and then Foundation.

  8. Select Deployment Metadata.

  9. On Artifact List, expand Shared Services Registry, then Foundation Services, and then Shared Services.

  10. Right-click Properties and then select Export for Edit.

  11. On File Download, select Save, and then follow on screen prompt to save the file to a directory on your server. Name the file Component.properties.

  12. Using a text editor, open Component.properties.

  13. Locate CSS.MIGRATION.STATE property and change its value to FORCE_MIGRATION.

    Caution!

    If CSS.MIGRATION.STATE is set to FORCE_MIGRATION and the custom ID Attribute value (for example, DN) is not reset to the default value for your LDAP-enabled user directory (for example, orclguid for Oracle Internet Directory), you will lose group membership and provisioning information when you restart Shared Services. See step 1 - step 5.

  14. Save and close Component.properties.

  15. On Artifact List, right-click Properties and then select Import after Edit.

    If Artifact List is not open, repeat step 7 through step 9.

  16. on Load Artifact, select Component.properties and then select Finish.

  17. Restart Shared Services and other EPM System products and processes.