14.7 Using the Compare Feature When Deploying

Designer’s Compare feature allows you to see differences between driver sets, drivers, channels, and policies that are stored in projects and those that are running in deployed systems. Previous versions of Designer only provided conflict resolution when importing a driver. While importing, you could select which policies of the driver you wanted to update, but you could not view any differences between existing and new values.

Designer now provides conflict resolution on an object-by-object basis and allows you to view the differences between existing and new values when importing and deploying driver sets, drivers, channels and policies. For example, before deploying a driver object in Designer to a driver object that already exists in the Identity Vault, you can run Compare. Compare shows whether the driver objects are equal (no action is necessary) or unequal. If they are unequal, you can choose not to reconcile the driver objects, choose to update the driver object in Designer, or choose to update the driver object in eDirectory.

You can run the Compare feature at any time. If you choose to reconcile the differences between drivers objects in Designer and eDirectory while in Compare, you won’t need to run Import or Deploy.

14.7.1 Using Compare when Deploying a Driver Object

Suppose you want to determine if you have deployed all of the changes you have made to a driver object in Designer to the same driver in the Identity Vault.

  1. Right-click the driver object in either the Modeler view or in the Outline view. Select Live > Compare to bring up the Designer/eDirectory Object Compare window.

    The Designer/eDirectory Object Compare window
  2. In the Select an object or attribute portion of the window, you see the listed objects and attributes. Select the attributes and child objects to see the actual differences displayed in the Text Compare portion of the window.

    Viewing driver differences

    The plus icon at the right side of the Select an object or attribute allows you to expand all elements in the parent object, and the minus icon collapses all of the elements. The ? icon displays the Summary/Compare dialog box help. Server-specific attributes, which are attributes that have a value for each server that is associated with a driver set, are displayed in the Attributes list with the server name in parentheses to the right of the attribute name.

  3. By default, the Compare window only displays values that are different between eDirectory and Designer. To view all of the object values, select Show all from the pull-down menu. Your choices are Show differences, Show deletes, and Show all.

  4. Check to see the status of the values that are shown. Values that are equal are shown as Equal on the Compare Status line in the Information portion of the Compare window.

    The Compare Status and Reconcile Action portion of the window

    The overlay image displayed in the Compare Status entry identifies objects or attributes that need reconciliation. The following table describes what you see in the Compare Status line and the overlays that you can see:

    Compare Status

    Description

    Equal

    The selected attribute’s value or all attributes of the selected object are the same in eDirectory and Designer.

    Unequal

    The value of the selected attribute, or one or more attributes of the selected object, are different in eDirectory and Designer.

    Not Deployed

    The selected object or the object containing the selected attribute is not deployed to eDirectory.

    Not Imported

    The selected object or object containing the selected attribute does not exist in Designer.

    Renamed

    Designer tracks objects that are deployed, then renamed in the Designer project. The Designer and eDirectory DNs are displayed in the value fields.

    Unknown

    The selected object or object containing the selected attribute cannot be compared, such as a password.

    Deleted

    Designer also tracks objects that are deployed, then deleted from the Designer project. To delete the object from eDirectory during deployment, select Delete the Identity Vault object.

    You can also see an Attribute Note if you select an attribute.

  5. Under the Information portion of the Compare window, select how you want to reconcile the differences between the Source and Destination.

    If Compare Status shows Unequal, you have three choices:

    • To do nothing, keep the default value of Do Not Reconcile.

    • To update the driver in Designer so that it contains the same information as the driver in eDirectory, select Update Designer.

    • To update the driver in eDirectory to reflect the changes you have just made to the driver in Designer, select Update eDirectory.

    The green check box in the bottom corner of the icons shows all of the child objects that are being reconciled with the parent object. If you select the parent object to perform the update, then all of the child objects under the parent reflect that choice and you see the Reconciled By Parent button selected. If you do not choose a parent object, you can reconcile each child object individually. You can also see a small Designer icon and an eDirectory icon, showing how objects are being reconciled.

  6. Check to see the Text Compare values.

    The Text Compare values displayed in the bottom portion of the Designer/eDirectory Object Compare window vary, depending on the object being compared. For instance, Compare shows changes to policies or XML data. The Text Compare dialog box uses the Eclipse* Compare editor to compare attributes that contain XML data, such as policy data, driver filters, or configuration data. The differences in the code are highlighted in blue.

    Code differences highlighted
  7. After you view the differences, click Reconcile to perform the reconciliation actions for each object in the tree, or click Close to close the Designer/eDirectory Object Compare window.

14.7.2 Using Compare Before Deploying a Channel Object

Suppose you want to deploy a channel object from the Identity Vault and the same channel already exists in Designer. You can compare the two channels to see similarities and differences.

  1. Right-click the channel object in the Outline view.

  2. Select Live > Compare to bring up the Designer/eDirectory Object Compare window.

    All Compare windows behave the same as described under the Section 14.7.1, Using Compare when Deploying a Driver Object.

14.7.3 Using Compare Before Deploying a Policy

Suppose you want to deploy a policy object from the Identity Vault and the same policy already exists in Designer. You can compare the two policies to see similarities and differences

  1. Right-click the policy object in the Outline view.

  2. Select Live > Compare to bring up the Designer/eDirectory Object Compare window.

    All Compare windows behave the same as described under the Section 14.7.1, Using Compare when Deploying a Driver Object.

14.7.4 Matching Attributes with Designer Properties

The attributes of the object are displayed in the single select attribute list. Selecting an attribute displays its value below the attribute list with the Designer value on the left and the eDirectory value on the right. The name displayed in the list is the eDirectory attribute name.

Three tables map the eDirectory attribute to the Designer property page or control, where you can change or set the attribute (you can’t make changes inside the Compare window). Table 10-1 shows driver set eDirectory attributes, Table 10-2 shows driver eDirectory attributes, and Table 10-3 shows channel eDirectory attributes.

14.7.5 Comparing Driver Set and Driver Attributes

Use the Compare feature to compare the attributes of a driver set or a driver without comparing all of the child objects.

  1. Right-click the driver set or driver, then select Live > Driver Set Configuration > Compare Attributes.

    Comparing attributes

    By default, the Compare windows shows only those attributes that are unequal, but you can select to show deletes, or show all attributes.

14.7.6 Renaming and Deleting Deployed Objects

Designer now tracks objects that are deployed, then renamed in the Designer project. The Designer and eDirectory DNs are displayed in the value fields. The renamed objects are displayed in the Deployment Summary window and the Compare Status entry displays Renamed.

Figure 14-1 Renamed Drivers and Driver Sets

During the deploy operation, the renamed Designer object is renamed in eDirectory. When performing a compare operation, you can reconcile the object by updating either the Designer or eDirectory object name. Only objects that are renamed in Designer are tracked. If an object is renamed in eDirectory, Designer might not locate the associated eDirectory object when building the compare summary.

Designer also tracks objects that are deployed, then deleted from the Designer project. When you deploy the parent of the object that is deleted, you are given the option to delete the object from the Identity Vault. To delete the object from eDirectory during deployment, select Delete the Identity Vault object. You can select Show deletes from the drop-down menu.

Designer removes the object from the deleted object list if the parent is deployed and the object is not marked for deletion. In the following graphic, a driver was deleted from the driver set.

Figure 14-2 Deleting an Object in the Identity Vault

You can use the Compare feature to delete a deleted object from eDirectory or you can re-import the object into Designer.

Figure 14-3 Reconciling a Deleted Object

For example, to delete the object from eDirectory, select Update eDirectory from the Reconcile Action selection. To re-import the object into Designer, select Update Designer. Only objects that are deleted in Designer are tracked. If an object is deleted in eDirectory, Designer shows the object as not deployed and creates a new object when you run Deploy or Compare.