Delta Aggregation

Delta aggregation is supported for IBM Tivoli Directory Server. This includes changes such as if a user or group has been added, updated, or deleted on the managed system, as well as aggregation of delta changes for Move and Rename operations.

Prerequisite

After creating a new version of an IdentityIQ application or following an upgrade to the latest version of IdentityIQ, open the application configuration file in Debug mode and ensure that the GROUPS_HAVE_MEMBERS feature string has been added in the Group schema.

<entry key='groupMemberAttribute' value='uniqueMember'/>

Configuring the Server for Delta Aggregation

The attribute used for delta aggregation in the managed Tivoli Directory Server system is changeLog.

Delta Aggregation in the Tivoli Directory Server

Configure Tivoli Directory Server for delta aggregation.

Important
After enabling the changelog on the directory server, run a full Account and Account-Group aggregation tasks before running delta aggregation.

1. Stop the Tivoli Directory server instance.

2. Locate the idscfgchglg file for your Tivoli Directory Server installation.

3. To configure a changelog for directory server instance, run the following command:

   idscfgchglg -I <Tivoli instance> -m 0

4. Restart the directory server instance.

Note
To confirm the server has been enabled for changelog, open a LDAP browser and bind it to the LDAP server instance and view the cn=changelog naming context. You should be able to see this naming context and the relevant change objects. Ensure this before you proceed with delta aggregation for Tivoli directory servers.

Testing Delta Aggregation

For delta aggregation to work properly, it needs a start point from where it detects changes. To retrieve changes from the last iteration, it needs to first perform a full aggregation. The connector establishes this process as its reference point. Once the full aggregation completes, you may create a separate delta aggregation task to retrieve delta changes that occurred after the full aggregation.

Perform the following steps to test delta aggregation:

1. Execute Account and Account-Group Aggregation tasks.

2. Create a task with delta aggregation set for Account and Account-Group Aggregation.

3. Perform Create/Update/Delete/Revoke operations for Accounts or Groups on the directory server.

4. Execute the respective delta aggregation task.

5. Confirm the changes have been retrieved in IdentityIQ.

Note
The delta aggregation task fails even though the full aggregation is successful in cases where the server has not been configured for changelog. Therefore, before performing a full aggregation, ensure the changelog has been configured for the directory server.