| | 1 | = Synchronizing Banner and EDIR LDAP Data = |
| | 2 | # 20070806 sxelm Verifying Directory/Registry are in Synch |
| | 3 | |
| | 4 | The production EDIR directory instance, slapd-<server>Prod, is associated with an Oracle |
| | 5 | registry instance, OPS$SXLDAP in RPTS. Monday through Friday, both the production |
| | 6 | registry and one instance the production directory are dumped to text files that can be |
| | 7 | compared to determine if the directory and registry remain in synch. |
| | 8 | |
| | 9 | The dump is automatic (scheduled in cron) and normally completed by 8:30am. |
| | 10 | |
| | 11 | summit:~sxldap/local/ldap/scripts/dump_all.ksh |
| | 12 | |
| | 13 | The comparison is also automatic (scheduled as cron) and starts a 9am. |
| | 14 | |
| | 15 | summit:~sxldap/local/ldap/scripts/compare_dumps.ksh |
| | 16 | |
| | 17 | The compare job generates the email with the subject 'EDIR: out of sync (RPTS)' |
| | 18 | and also generates a number of files that can be used when resolving out of sync |
| | 19 | conditions. |
| | 20 | |
| | 21 | What is not automated is the process of generating LDIF to put the registry and |
| | 22 | directory back in sync. When the problem is solely related to Banner extracted data, |
| | 23 | the following resolution can be applied. |
| | 24 | |
| | 25 | #================================================================================ |
| | 26 | # Resolution when only Banner extracted data out of sync |
| | 27 | #================================================================================ |
| | 28 | |
| | 29 | # Use ~sxldap/local/ldap/cleanup/problems.update_last_ldif to modify registry |
| | 30 | # records before rerunning the ldap_gen_ldif procedure |
| | 31 | # to generate LDIF for updating the directory. |
| | 32 | |
| | 33 | ssh -l sxldap localhost |
| | 34 | cd local/ldap/cleanup/ |
| | 35 | |
| | 36 | # Establish RPTS environment |
| | 37 | . ua_oracle RPTS env |
| | 38 | |
| | 39 | # Connect to registry |
| | 40 | sqlplus / |
| | 41 | |
| | 42 | # Update registry table |
| | 43 | @$PWD/problemsRPTS.update_last_ldif |
| | 44 | |
| | 45 | # !!!!!!!!!!!!! |
| | 46 | # After flagging the problem accounts for ldif generation, |
| | 47 | # you can simply wait for the ldif to be generated and applied |
| | 48 | # the following working day. |
| | 49 | # |
| | 50 | # Alternatively, you can generate and apply the ldif the same day |
| | 51 | # with the following steps - but you will need DBA support for |
| | 52 | # one step. |
| | 53 | # !!!!!!!!!!!!! |
| | 54 | |
| | 55 | # Generate LDIF |
| | 56 | @../registry/execute_xprocess |
| | 57 | # when prompted for input, enter the following exactly |
| | 58 | ldap_gen_ldif('both','all',return_status) |
| | 59 | |
| | 60 | # This will generated LDIF for the accounts that are |
| | 61 | # out of synch between the directory and the registry. |
| | 62 | |
| | 63 | #+++++++++++++++++++++++++++++++++++++ |
| | 64 | # As oracle, execute the following scripts to remove |
| | 65 | # /tmp/ldap_RPTS output already copied to the sxldap |
| | 66 | # account and to change permissions on those files |
| | 67 | # that were just generated so that sxldap can copy them |
| | 68 | # to his own directory. |
| | 69 | |
| | 70 | # connect to oracle account on summit |
| | 71 | ssh -l oracle summit.alaska.edu |
| | 72 | |
| | 73 | # Run cleanup script to remove previously processed |
| | 74 | # ldap_RPTS files that remain in /tmp. Because the |
| | 75 | # files recently created have not been processed, |
| | 76 | # PMldap_tmp_cleanup.ksh will report errors. That's OK. |
| | 77 | $HOME/local/production/PMldap_tmp_cleanup.ksh |
| | 78 | |
| | 79 | # Run chmod script to make it possible for sxldap to |
| | 80 | # copy the newly generated /tmp/ldap_RPTS files: |
| | 81 | $HOME/local/production/PMldap_tmp_chmod.ksh |
| | 82 | #+++++++++++++++++++++++++++++++++++++ |
| | 83 | |
| | 84 | # As sxldap, copy the /tmp files to $HOME/local/ldap/extracts |
| | 85 | # and place copies on eklutna and edgar. |
| | 86 | $HOME/appworx/manage_ldif_files.ksh |
| | 87 | |
| | 88 | # Then process the LDIF on eklutna and edgar. |
| | 89 | $HOME/appworx/apply_ldif_files.ksh |
| | 90 | |
| | 91 | #================================================================================ |
| | 92 | # Commentary |
| | 93 | #================================================================================ |
| | 94 | |
| | 95 | |
| | 96 | The directory and registry are expected to be in synch at all times. Since the |
| | 97 | dump files are point in time copies made from different sources on different |
| | 98 | hosts, however, it is possible for discrepancies to be reported that are in fact |
| | 99 | only timing differences. Gross discrepancies are almost always associated with |
| | 100 | dumps taken at distinctly different times or dumps being performed while daily |
| | 101 | batch updates are still being processed. |
| | 102 | |
| | 103 | To determine if gross discrepancies are related to timing differences, compare dump |
| | 104 | file date stamps with log file date stamp in: |
| | 105 | |
| | 106 | eklutna:~iplanet/local/spool/ |
| | 107 | summit:~sxldap/local/ldap/extracts/ |
| | 108 | |
| | 109 | Discrepencies that are significant, and require resolution, are those associated |
| | 110 | with attributes extracted from Banner (not self service, therefore only the |
| | 111 | extract process touches them) and self service attribute differences not associated |
| | 112 | with an update transaction. |
| | 113 | |
| | 114 | The Banner extract, aggregation and LDIF generation processes for EDIR are pretty |
| | 115 | clean as of 2004/10/20. However, we do still encounter circumstances not allowed for |
| | 116 | by the EDIR batch processes, circumstances that results in registry changes not being |
| | 117 | propogated to the directory. The resynching steps (above) propogate the registry |
| | 118 | changes to the directory but do not resolve the undering processing problem that |
| | 119 | caused the discrepancy. |
| | 120 | |
| | 121 | The troubleshooting and debugging of the EDIR Banner extract process is beyond the |
| | 122 | scope of this document. |
| | 123 | |
| | 124 | Self service updates, processed by the EDIR web gateway script ldap_bulk_update, are |
| | 125 | very clean as of 2004/10/20. Because the gateway uses a two phase commit for directory |
| | 126 | updates (update must pass registry constraints or is not processed in directory; if |
| | 127 | update fails directory constraints registry update is rolled back) it is hightly |
| | 128 | unlikely that a self service update will fail to be recorded in the registry. Should |
| | 129 | that ever occur, the resolution is to insert a corresponding record into |
| | 130 | OPS$SXLDAP.LDAP_ATTR_SS. Self service updates are recorded by EDIR in date stamped |
| | 131 | gateway_edir_updates files in eklutna:~iplanet/local/ldap/web/log/. Those files are |
| | 132 | renamed with a "COPIED." prefix when transfered to the backup directory on edgar. |
| | 133 | |
| | 134 | The troublshooting and debugging of EDIR web gateway ldap_bulk_update script is beyond |
| | 135 | the scope of this document. |
| | 136 | |
| | 137 | (eof) |