Original Message:
Sent: Fri December 06, 2024 05:35 AM
From: Laurent LA Asselborn
Subject: How to Cleanup Unused Servers which are visible from server list in pdadmin?
Hi Piyush,
No, it doesn't matter from where you connect and you don't need the old config files. You just have to create an empty config file for the tool to work.
To verify that the servers are deregistered you can look if their LDAP entries are deleted.
Each server has (at least) the following two entries:
- cn={server}/{host},cn=SecurityDaemons,SECAUTHORITY=DEFAULT
- principalName={server}/{host},cn=Users,SECAUTHORITY=DEFAULT
If after your operation these two entries are gone, the server is deleted. But I do not recommend only deleting in the LDAP as there are probably also entries in the master DB.
I recommend you to do the following LDAP search to find old servers:
base: cn=Users,SECAUTHORITY=DEFAULT
filter: (secCertSerialNumber=*)
attributes: secCertSerialNumber, secCertDN, createTimestamp, modifyTimestamp
If the modifyTimestamp is older than 2 years (and it is not the ivmgrd/master user!), the server is probably inactive as its cert has not been renewed.
------------------------------
Laurent LA Asselborn
Original Message:
Sent: Fri December 06, 2024 05:10 AM
From: Piyush Agrawal
Subject: How to Cleanup Unused Servers which are visible from server list in pdadmin?
Hello @Scott Exton and @Laurent LA Asselborn
Here is an example of one of the server and its Principal:
Administration Request Port: '8888'
Description: []
Hostname: T-114-270-018.mistraltest.mistralnett.test
Listening for authorization database update notifications: 'No'
Principal: eaipuppet/T-114-270-018.mistraltest.mistralnett.test
@Scott Exton your approch works it takes lots of time to load popup where you can mark servers and delete.
I tried https://{appliance_hostname}/isam/azn_server which also works.
I also see that servers can be removed with https://{appliance_hostname}/isam/azn_server/{server_name}. I have not tried yet.
@Laurent LA Asselborn
To Unconf PD User with com.tivoli.pd.jcfg.SvrSslCfg from PD.jar, I think must connect wtih client machine from where server/PD User was created and must have access to keyfiles.. these old servers are decommissioned??
how can i verify that that server cleaned up with ISVA Rest API is is also deregisters the specified authorization server with the policy server, cleaning up the data associated with that authorization server?
------------------------------
Piyush Agrawal
https://www.linkedin.com/in/piyush-norway/
Gjensidige Norway
Original Message:
Sent: Wed December 04, 2024 07:04 AM
From: Laurent LA Asselborn
Subject: How to Cleanup Unused Servers which are visible from server list in pdadmin?
Hi Piyush,
As an alternative to the method Scott already indicated, you can also use the class com.tivoli.pd.jcfg.SvrSslCfg from PD.jar to unconfigure servers.
If you are interested, I can send you the exact parameters to use. You have to create a dummy config file as that is a mandatory parameter.
Kind regards,
Laurent
------------------------------
Laurent LA Asselborn
Original Message:
Sent: Tue December 03, 2024 04:22 PM
From: Piyush Agrawal
Subject: How to Cleanup Unused Servers which are visible from server list in pdadmin?
Hello,
I am tring to cleanup all old servers via the pdadmin tool. After logging in as sec_master, I can list all servers using the server list command.
However, I notice many unused or obsolete servers in this list, along with their associated Principals (Users). I have not found any pdadmin command to clean up or remove these unused servers from the list.
Could someone guide me on the proper steps or best practices to clean up servers from the server list? Are there any guidelines or specific tools/commands for this task?
Thanks in advance!
Best regards,
------------------------------
Piyush Agrawal
https://www.linkedin.com/in/piyush-norway/
Gjensidige Norway
------------------------------