Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-12062

Upgrade procedure: JDBC repo IDM 6.0 to 6.5


    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.5.0
    • Component/s: _Update
    • Labels:
    • Target Version/s:
    • Verified Version/s:
    • Story Points:
    • Sprint:
      OpenIDM Sprint 6.5-10.2


      For upgrading from IDM 6.0 to 6.5 with a JDBC repo (MySQL), problems were found with schema changes and documented update procedure. This issue will cover the scenario of using each 6.0 JDBC database, with the default JSON configuration for 6.5 (no migration or customization), and then confirm that the database schema is property upgraded with scripts.

      The general test/upgrade procedure is as follows (more steps needed for config migrations, but this assumes we are only upgrading with an existing 6.0 database instance):

      1. Install fresh IDM 6.0 with a given external repo backend
      2. Shutdown IDM
      3. Extract IDM 6.5 directory, and configure it for use with the specific database
      4. Copy truststore/keystore files in /security directory from 6.0 to 6.5
      5. Clear all configobjects related tables, or else their old config will get loaded with many errors

      MySQL, for example:

      DELETE FROM openidm.configobjects;
      DELETE FROM openidm.configobjectproperties;

      6. Run all schema upgrade scripts for the database in bin/update/scripts directory

      7. Some altered roles tables will not be populated with data yet, so you will need to add the following entry to script/access.js in order to run the update scripts

                 "pattern"    : "endpoint/*",
                 "roles"      : "*",
                 "methods"    : "read",
                 "actions"    : "*"

      8. Start IDM 6.5 (should be no errors!!!)

      9. Execute the upgrade script endpoints.

      The two following endpoints are documented in the release notes:

      curl \
       --header "X-OpenIDM-Username: openidm-admin" \
       --header "X-OpenIDM-Password: openidm-admin" \
       --request GET \

      This is the script that populates the roles-related data:

      curl \
       --header "X-OpenIDM-Username: openidm-admin" \
       --header "X-OpenIDM-Password: openidm-admin" \
       --request GET \

      10. Undo the change made above to script/access.js

      Another step that I tested was when running 6.0, I changed the openidm-admin user's password, then followed the above steps to verify that those credentials still worked properly when updating to 6.5:

      # using 6.0, change openidm-admin password
      curl \
       --header "Content-Type: application/json" \
       --header "X-OpenIDM-Username: openidm-admin" \
       --header "X-OpenIDM-Password: openidm-admin" \
       --request PUT \
       --data '{
           "password": "Passw0rd",
           "roles": [
               "_ref": "repo/internal/role/openidm-admin"
               "_ref": "repo/internal/role/openidm-authorized"
           "_id": "openidm-admin"
           }' \
       "http://localhost:8080/openidm/repo/internal/user/openidm-admin" | jq
      # verify change
      curl \
       --header "X-OpenIDM-Username: openidm-admin" \
       --header "X-OpenIDM-Password: Passw0rd" \
       --request GET \
       "http://localhost:8080/openidm/repo/internal/user/openidm-admin" | jq


          Issue Links



              • Assignee:
                travis.haagen Travis Haagen
                travis.haagen Travis Haagen
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Created: