Orphaned Objects In The Trust/Configuration Store - Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual

Administration console guide

Hide thumbs Also See for ACCESS MANAGER 3.1 SP1 - ADMINISTRATION:

Manual (208 pages)

Installation manual (42 pages)

Quick start manual (24 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

2 Open the

EDIR TREE=<tree_name>

EDIR CA=<CA name>

These lines contain values using the hostname of the Administration Console you are on.

3 Modify these lines to use the hostname of the failed Administration Console.

When you install the primary Administration Console, the EDIR TREE parameter is set to the

hostname of the server with _tree appended to it. The EDIR CA parameter is set to the

hostname of the server with _tree CA appended to it.

If the failed Administration Console had amlab as its hostname, you would change these lines

to have the following values:

EDIR TREE="amlab_tree"

EDIR CA="amlab_tree CA"

4 Save your changes.

5 Make a backup from your new primary Administration Console.

WARNING: After configuring the secondary console to be the new primary console and

performing all the clean up steps, you cannot restore an old backup from the primary console.

Make a new backup as soon as your new primary console is functional.

6.8 Orphaned Objects in the Trust/Configuration

Store

If you delete a User object in LDAP, the objects in the trust/configuration datastore related to that

user can become orphaned. The system uses these objects for federated identity and user profiles.

Currently, there are no known issues related to orphaned identity objects, but they might affect

system performance. Orphaned user profile objects might also affect user lookup operations, and

therefore you should remove them.

To do so, you first delete the user's profile before you delete a User object, as described in the

following steps:

1 In iManager or an LDAP browser, edit the attributes of the User object that you are going to

delete.

2 Note the value of the User object's

Active Directory), or the

3 In the Access Manager trust/configuration datastore, locate any containers that use the

following naming patterns:

cn=LUP*,cn=SCC*,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell,cn=

LibertyUserProfiles*,cn=SCC*,cn=cluster,cn=nids,ou=accessManagerContainer

,o=novell.

4 Look for a child inside of these containers that is named by using the GUID noted in

There should only be one profile object for each GUID.

5 Delete that child profile object.

6 Repeat these steps for each User object that you want to delete.

7 Delete the User objects.

104 Novell Access Manager 3.1 SP1 Administration Console Guide

file and find the following lines:

defbkparm.sh

nsuniqueid

attribute (for eDirectory

GUID

attribute (for Sun One).

attribute (for

objectGUID

Step

Table of Contents

Chapters

Table of Contents

Orphaned Objects In The Trust/Configuration Store - Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual

Chapters

Troubleshooting

Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Related Content for Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Table of Contents