Layer 7 Identity Management

Tech Tip - CA Identity Manager: Information on migrating Templates from one environment to another

  • 1.  Tech Tip - CA Identity Manager: Information on migrating Templates from one environment to another

    Posted 06-29-2015 02:38 PM

    Account templates are not part of the IM object store, so they are not exported in the roles.xml.


    Instead, they exist at the provisioning layer.

    There is no documentation

    or tool to migrate the Account Templates. An approach that others have

    tried which you can try as well is listed below. Please note that this is

    provided as-is and you should first test it out.


    In existing (ie. Development) environment:

    a. dump the account template from the Provisioning Server (port 20389) via


    b. remove the eTID values for each Account Template in the ldif file

    c. adjust the attributes (i.e. endpoint name) as needed


    In New IM environment:

    d. import the role definitions on IM console, this will recreate all the

    provisioning roles

    e. import the ldif to new IMPS (port 20389) via Jxplorer (the endpoints

    should already have been acquired/explored

    Note: The Account Templates will not be associated to the Provisioning Roles

    f. Manually associate the Provisioning Role and the Account Templates


    The Role <-> Template and the

    Template <-> Endpoint mapping are handled via special inclusion objects which is

    why you don't see it as part of the Template LDIF file you exported. You

    will need to manually re-link the Role to the Template and the Template to

    the Endpoint. You could use the etautil tool to help you with this.



    etautil -u USER -p PWD -f INPUT.txt



    where input.txt contains etautil commands (one per line) such as:



    add 'eTNamespaceName=ActiveDirectory' eTADSDirectory

    eTADSDirectoryName='My_Endpoint' in 'eTADSPolicyContainerName=

    Active Directory Policies,eTNamespaceName=CommonObjects'

    eTADSPolicy eTADSPolicyName='My_Template';



    add 'eTRoleContainerName=Roles,eTNamespaceName=CommonObjects' eTRole

    eTRoleName='My_Role' in 'eTADSPolicyContainerName=Active Directory

    Policies,eTNamespaceName=CommonObjects' eTADSPolicy


    Please also take a look at our Techdoc: TEC1145626