Version 4 (modified by lttoth@…, 10 years ago) (diff) |
---|
Monthly Process: EDIR Unit Changes Following BOR Structure Table Changes
Original author: Beth Mercer - 20070607
Approximately monthly, IR updates their BOR structure table and the corresponding EDIR_STRUCTURE table, adding/deleting/modifying unit records. An EDIR stored procedure is subsequently executed to update EDIR unit records with EDIR_STRUCTURE table changes.
Following the EDIR update, departments depending on EDIR unit information are informed of the changes and requested to provide feedback.
Update Process for EDIR
Upon receipt of the email stating BOR table updates are complete, update the registry and generate and apply directory LDIF
Via AppWorx
Request AppWorx Process Flow, EDIR_UNIT_UPDATES
Manual Processing
The EDIR unit update process can be executed manually by running scripts as the RPTP cluster account, sxldap.
Update the People Registry Tables
- ssh to sxldap account on summit
- cd $HOME/local/ldap/registry
- At command line prompt, enter "sqlplus /" and enter the following two commands:
- @execute_xprocess
- -- when prompted, enter the following: ldap_dept_maint(false,return_status)
- -- the resulting output will be written to /tmp
- exit
- @execute_xprocess
- Verify updates are complete
Apply Resulting LDIF
Once the people registry updates are complete, take the following steps to apply the resulting LDIF to the LDAP repository.
- ask DBA group to execute the following to
add world read permission to ldif files in /tmp
- ~oracle/local/production/PMldap_tmp_chmod.ksh
- after the file permissions have been changed,
copy the resulting ldif to sxldap owned
directory and to iplanet account on eklutna
- cd $HOME/appworx/
- ./manage_ldif_files.ksh
- after copying the resulting ldif,
tell iplanet on eklutna to apply it
- ./apply_ldif_files.ksh
- have DBA group run this script to
delete ldif from /tmp/
- ~oracle/local/production/PMldap_tmp_cleanup.ksh
Publicizing Summary Changes
After confirming LDIF applied, # email summary of changes to sdedirregistry@…
# changes are listed in ldap_RPTS_dept_<date>.changes file cd $HOME/local/ldap/extracts/ ls -lrt *dept*changes|tail -1 # check date/time stamp awk '{print $1}' $(ls -1rt *dept*changes|tail -1)|sort |uniq -c
# compare EDIR structure to BOR structure and send # email to Budget Offices soliciting response to unit changes
cd $HOME/local/ldap/query sqlplus /
@compare_edir_structure_to_bor.sql exit
# copy and paste screen output to email for budget offices # with request for feedback Recipients: Phil Harrington <plharrington@…>, Lynn Wrightsman <lawrightsman@…>, Barbara Hyde <bjhyde@…> CC: to ua-oit-registry@alaska.edu
# if the budget office respond with feedback # then
# move EDIR data to new unit records if applicable (TBD - see beth in meantime)
# flag to keep, or delete, old unit records if applicable (TBD - see beth in meantime)
# Note: No EDIR unit record will be dropped from EDIR unless flagged # in the EDIR_STRUCTURE table. This allows EDIR to reflect units w/o # budget that are not retained in the BOR structure table.
# notify sdtsaa of new/obsolete EDIRroles (associated with unit changes) # NOTE: run show scripts before running add/delete scripts in next step
# first generate list of new and obsolete edir unit related roles # send 2 emails to sdtsaa; one with needed one with obsolete @show_needed_dlevel_roles.sql @show_needed_unit_roles.sql @show_obsolete_dlevel_roles.sql @show_obsolete_unit_roles.sql
# update LDAP_ZUAUSR_ADMIN table, adding needed roles and deleting obsolete roles # NOTE: run show scripts before running add/delete scripts
@add_needed_dlevel_roles.sql @add_needed_unit_roles.sql @delete_obsolete_dlevel_roles.sql @delete_obsolete_unit_roles.sql
########################################################
LEGACY CHANGE HISTORY - NOTE: All subsequent changes are recorded in TracWiki
########################################################
20070906 sxelm corrected ldap_dept_maint reference (erroneously ldap_dept_update)
20070608 sxelm replaced edir-admin-l references with sdedirregistry
20070607 sxelm added reference to Appworx job that circumvents need for DBA support