wiki:UPDT_unit_changes
Last modified 6 years ago Last modified on 11/18/14 13:55:14

Monthly Process: EDIR Unit Changes Following BOR Structure Table Changes

Original author: Beth Mercer - 20070607

Approximately monthly, IR updates their BOR structure table and the corresponding EDIR_STRUCTURE table, adding/deleting/modifying unit records. An EDIR stored procedure is subsequently executed to update EDIR unit records with EDIR_STRUCTURE table changes.

Following the EDIR update, departments depending on EDIR unit information are informed of the changes and requested to provide feedback.

Update Process for EDIR

Upon receipt of the email stating BOR table updates are complete, update the registry and generate and apply directory LDIF

Via AppWorx

Request AppWorx Process Flow, EDIR_UNIT_UPDATES

Manual Processing

The EDIR unit update process can be executed manually by running scripts as the RPTP cluster account, sxldap.

Update the People Registry Tables

  1. ssh to sxldap account on summit
  2. cd $HOME/local/ldap/registry
  3. At command line prompt, enter "sqlplus /" and enter the following two commands:
    • @execute_xprocess
      • -- when prompted, enter the following: ldap_dept_maint(false,return_status)
      • -- the resulting output will be written to /tmp
    • exit
  4. Verify updates are complete

Apply Resulting LDIF

Once the people registry updates are complete, take the following steps to apply the resulting LDIF to the LDAP repository.

  1. Ask DBA group to execute the following to add world read permission to ldif files in /tmp
    • ~oracle/local/production/PMldap_tmp_chmod.ksh
  2. After the file permissions have been changed, copy the resulting ldif to sxldap owned directory and to iplanet account on eklutna
    • cd $HOME/appworx/
    • ./manage_ldif_files.ksh
  3. After copying the resulting ldif, tell iplanet on eklutna to apply it
    • ./apply_ldif_files.ksh
  4. Have DBA group run this script to delete ldif from /tmp/
    • ~oracle/local/production/PMldap_tmp_cleanup.ksh

Publicizing Summary Changes

After confirming LDIF applied,

  1. Email summary of changes to sdedirregistry@…
    • Changes are listed in ldap_RPTS_dept_<date>.changes file
    • cd $HOME/local/ldap/extracts/
    • ls -lrt *dept*changes|tail -1 # check date/time stamp
    • awk '{print $1}' $(ls -1rt *dept*changes|tail -1)|sort |uniq -c
  2. Compare EDIR structure to BOR structure and send
  3. Email to Budget Offices soliciting response to unit changes
    • cd $HOME/local/ldap/query
    • sqlplus /
      • @compare_edir_structure_to_bor.sql
      • exit
    • copy and paste screen output to email for budget offices with request for feedback
      • Recipients: Phil Harrington <plharrington@…>, Lynn Wrightsman <lawrightsman@…>, Barbara Hyde <bjhyde@…>
      • CC: to ua-oit-registry@alaska.edu
    • If the budget office respond with feedback
      • move EDIR data to new unit records if applicable (TBD - see beth in meantime)
      • flag to keep, or delete, old unit records if applicable (TBD - see beth in meantime)
    • Note: No EDIR unit record will be dropped from EDIR unless flagged
    • in the EDIR_STRUCTURE table. This allows EDIR to reflect units w/o
    • budget that are not retained in the BOR structure table.
  4. Notify sdtsaa of new/obsolete EDIRroles (associated with unit changes)
    • First generate a list of new and obsolete EDIR unit related roles
      	@show_needed_dlevel_roles.sql
      	@show_needed_unit_roles.sql
      	@show_obsolete_dlevel_roles.sql
      	@show_obsolete_unit_roles.sql
      
    • Run "Show" scripts before running add/delete scripts in the following step
    • Send an email to sdtsaa; see Banner/Directory Synchronization? for detailed instructions.
  5. Update LDAP_ZUAUSR_ADMIN table, adding needed roles and deleting obsolete roles
    • Run show scripts before add/delete
      	@add_needed_dlevel_roles.sql
      	@add_needed_unit_roles.sql
      	@delete_obsolete_dlevel_roles.sql
      	@delete_obsolete_unit_roles.sql
      

########################################################
LEGACY CHANGE HISTORY - NOTE: All subsequent changes are recorded in TracWiki
########################################################
20070906 sxelm corrected ldap_dept_maint reference (erroneously ldap_dept_update)
20070608 sxelm replaced edir-admin-l references with sdedirregistry
20070607 sxelm added reference to Appworx job that circumvents need for DBA support