wiki:UPDT_unit_changes

Version 2 (modified by lttoth@…, 10 years ago) (diff)

--

Monthly Process: EDIR Unit Changes Following BOR Structure Table Changes

Original author: Beth Mercer - 20070607

Approximately monthly, IR updates their BOR structure table and the corresponding EDIR_STRUCTURE table, adding/deleting/modifying unit records. An EDIR stored procedure is subsequently executed to update EDIR unit records with EDIR_STRUCTURE table changes.

Following the EDIR update, departments depending on EDIR unit information are informed of the changes and requested to provide feedback.

Update Process for EDIR

Upon receipt of the email stating BOR table updates are complete, update the registry and generate and apply directory LDIF

Via AppWorx

Request AppWorx Process Flow, EDIR_UNIT_UPDATES

Manual Processing

The EDIR unit update process can be executed manually by running scripts as the RPTP cluster account, sxldap.

Update the People Registry Tables

  1. ssh to sxldap account on summit
  2. cd $HOME/local/ldap/registry
  3. At command line prompt, enter "sqlplus /"
    • @execute_xprocess
      • -- when prompted, enter the following: ldap_dept_maint(false,return_status)
      • -- the resulting output will be written to /tmp exi

Apply Resulting LDIF

Once the people registry updates are complete, take the following steps to apply the resulting LDIF to the LDAP repository.

  1. ask DBA group to execute the following to add world read permission to ldif files in /tmp
    • ~oracle/local/production/PMldap_tmp_chmod.ksh
  2. after the file permissions have been changed, copy the resulting ldif to sxldap owned directory and to iplanet account on eklutna
    • cd $HOME/appworx/
    • ./manage_ldif_files.ksh
  3. after copying the resulting ldif, tell iplanet on eklutna to apply it
    • ./apply_ldif_files.ksh
  4. have DBA group run this script to delete ldif from /tmp/
    • ~oracle/local/production/PMldap_tmp_cleanup.ksh

# after confirming LDIF applied, # email summary of changes to sdedirregistry@…

# changes are listed in ldap_RPTS_dept_<date>.changes file cd $HOME/local/ldap/extracts/ ls -lrt *dept*changes|tail -1 # check date/time stamp awk '{print $1}' $(ls -1rt *dept*changes|tail -1)|sort |uniq -c

# compare EDIR structure to BOR structure and send # email to Budget Offices soliciting response to unit changes

cd $HOME/local/ldap/query sqlplus /

@compare_edir_structure_to_bor.sql exit

# copy and paste screen output to email for budget offices # with request for feedback Recipients: Joan Harings <anjmh@…>, Phill Harrington <fnplh@…>, Lynn Wrightsman <lynn.wrightsman@…>, Barbara Hyde <barbara.hyde@…>, Barbara Stockwell <barbara.stockwell@…> CC: sdedirregistry@…

# if the budget office respond with feedback # then

# move EDIR data to new unit records if applicable (TBD - see beth in meantime)

# flag to keep, or delete, old unit records if applicable (TBD - see beth in meantime)

# Note: No EDIR unit record will be dropped from EDIR unless flagged # in the EDIR_STRUCTURE table. This allows EDIR to reflect units w/o # budget that are not retained in the BOR structure table.

# notify sdtsaa of new/obsolete EDIRroles (associated with unit changes) # NOTE: run show scripts before running add/delete scripts in next step

# first generate list of new and obsolete edir unit related roles # send 2 emails to sdtsaa; one with needed one with obsolete @show_needed_dlevel_roles.sql @show_needed_unit_roles.sql @show_obsolete_dlevel_roles.sql @show_obsolete_unit_roles.sql

# update LDAP_ZUAUSR_ADMIN table, adding needed roles and deleting obsolete roles # NOTE: run show scripts before running add/delete scripts

@add_needed_dlevel_roles.sql @add_needed_unit_roles.sql @delete_obsolete_dlevel_roles.sql @delete_obsolete_unit_roles.sql

########################################################
LEGACY CHANGE HISTORY - NOTE: All subsequent changes are recorded in TracWiki
########################################################
20070906 sxelm corrected ldap_dept_maint reference (erroneously ldap_dept_update)
20070608 sxelm replaced edir-admin-l references with sdedirregistry
20070607 sxelm added reference to Appworx job that circumvents need for DBA support