SAP IDM: How to change the repository type of a repo job

When implementing repository jobs, SAP seems to have forgotten a functionality to change the repository type linked to a repository job. The field has been greyed out in Eclipse even when you are in edit mode.

So how to cope with this? Re-creating all the repo jobs you have set up for e.g. ABAP Load Balanced Connections for the ABAP Dedicated Server connection? A bit much effort. Also when replacing the SAP Repo type by your own you might not want to run through creation again.

So the answer lies – as often – inside the database. The repo type is mapped inside the mc_jobs table and is determined by two columns, mcRepositoryTypeQN and mcRepositoryTypeId.

Example

update mc_jobs set mcRepositoryTypeQN ='customer.idm.connector.abap:reptype.ABAPLoadBalancedConnection',
mcRepositoryTypeId = 11 where jobid = 1234

The above statement will update job number 1234 to another repo type.

How to get the proper values for mcRepositoryTypeQN and mcRepositoryTypeId?

Well the easiest is to just create a new job for the other repo type, get the job number from Eclipse and then

select mcRepositoryTypeQN,mcRepositoryTypeId = 11 from mc_jobs where jobid = 2345

Happy IDM programming.

SAP IDM provisioning queue

Looking at the provisioning queue within SAP Identity Managment you might find our e.g.:

select count(*) from mxp_provision

15693

But what to do now with this absolute number. Several blogs and tutorials are covering the different states and potential resolving of issues but the main information required is: Do I have an issue right at this time? For that purpose it makes sense to combine provisioning with the state and also with the information whether the repository being considered in provisioning is active at all. Especially larger customers who are undergoing maintenance cycles on several systems are likely to be affected by this.

Joining states with active repositories and provisioning queue the following query might come up handy:

select state.name, rep.rep_name, prov.* from mxp_provision prov inner join mxp_state state on prov.state = state.statid inner join mc_repository rep on rep.rep_id = prov.repositoryid  where rep.rep_disabled = 0 order by state desc

The entries returned are those which might need some deeper inspection, sorted by highest state.

Jira configuration for SSL

The documentation for hosting Jira yourself is quite good concerning the keystore.

But for howto use the keystore within the Tomcat connector there are two things to concern:

Firstly, the java keystore shall be made available for the jira user (do not use root) and secondly the server.xml template file does not cover all necessary settings. Mine looks like this on CentOS:

<Connector port="8443" maxHttpHeaderSize="8192" SSLEnabled="true"
relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" useBodyEncodingForURI="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/jira/.keystore" keystorePass="changeit"
ciphers="TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" />