= Monthly Process: EDIR Unit Changes Following BOR Structure Table Changes = Original author: Beth Mercer - 20070607 Approximately monthly, IR updates their BOR structure table and the corresponding EDIR_STRUCTURE table, adding/deleting/modifying unit records. An EDIR stored procedure is subsequently executed to update EDIR unit records with EDIR_STRUCTURE table changes. Following the EDIR update, departments depending on EDIR unit information are informed of the changes and requested to provide feedback. == Update Process for EDIR == Upon receipt of the email stating BOR table updates are complete, update the registry and generate and apply directory LDIF === Via !AppWorx === Request !AppWorx Process Flow, EDIR_UNIT_UPDATES === Manual Processing === The EDIR unit update process can be executed manually by running scripts as the RPTP cluster account, ''sxldap''. ==== Update the People Registry Tables ==== 1. ssh to sxldap account on summit 1. cd $HOME/local/ldap/registry 1. At command line prompt, enter "sqlplus /" and enter the following two commands: * @execute_xprocess * -- when prompted, enter the following: ldap_dept_maint(false,return_status) * -- the resulting output will be written to /tmp * exit 1. Verify updates are complete ==== Apply Resulting LDIF ==== Once the people registry updates are complete, take the following steps to apply the resulting LDIF to the LDAP repository. 1. Ask DBA group to execute the following to add world read permission to ldif files in /tmp * ~oracle/local/production/PMldap_tmp_chmod.ksh 1. After the file permissions have been changed, copy the resulting ldif to sxldap owned directory and to iplanet account on eklutna * cd $HOME/appworx/ * ./manage_ldif_files.ksh 1. After copying the resulting ldif, tell iplanet on eklutna to apply it * ./apply_ldif_files.ksh 1. Have DBA group run this script to delete ldif from /tmp/ * ~oracle/local/production/PMldap_tmp_cleanup.ksh ==== Publicizing Summary Changes==== After confirming LDIF applied, 1. Email summary of changes to sdedirregistry@email.alaska.edu * Changes are listed in ldap_RPTS_dept_.changes file * cd $HOME/local/ldap/extracts/ * ls -lrt *dept*changes|tail -1 # check date/time stamp * awk '{print $1}' $(ls -1rt *dept*changes|tail -1)|sort |uniq -c 1. Compare EDIR structure to BOR structure and send 1. Email to Budget Offices soliciting response to unit changes * cd $HOME/local/ldap/query * sqlplus / * @compare_edir_structure_to_bor.sql * exit * copy and paste screen output to email for budget offices with request for feedback * Recipients: Phil Harrington , Lynn Wrightsman , Barbara Hyde * CC: to !ua-oit-registry@alaska.edu * If the budget office respond with feedback * move EDIR data to new unit records if applicable (TBD - see beth in meantime) * flag to keep, or delete, old unit records if applicable (TBD - see beth in meantime) * ''Note:'' No EDIR unit record will be dropped from EDIR unless flagged * in the EDIR_STRUCTURE table. This allows EDIR to reflect units w/o * budget that are **not** retained in the BOR structure table. 1. Notify sdtsaa of new/obsolete EDIRroles (associated with unit changes) * First generate a list of new and obsolete EDIR unit related roles {{{ @show_needed_dlevel_roles.sql @show_needed_unit_roles.sql @show_obsolete_dlevel_roles.sql @show_obsolete_unit_roles.sql }}} * Run "Show" scripts before running add/delete scripts in the following step * Send an email to sdtsaa; see [[SyncDirectory|Banner/Directory Synchronization]] for detailed instructions. 1. Update LDAP_ZUAUSR_ADMIN table, adding needed roles and deleting obsolete roles * Run show scripts before add/delete {{{ @add_needed_dlevel_roles.sql @add_needed_unit_roles.sql @delete_obsolete_dlevel_roles.sql @delete_obsolete_unit_roles.sql }}} ########################################################[[br]] LEGACY CHANGE HISTORY - NOTE: All subsequent changes are recorded in TracWiki[[br]] ########################################################[[br]] 20070906 sxelm corrected ldap_dept_maint reference (erroneously ldap_dept_update)[[br]] 20070608 sxelm replaced edir-admin-l references with sdedirregistry[[br]] 20070607 sxelm added reference to Appworx job that circumvents need for DBA support