As a first time user of Analyzer 4.5, I could uses some advice / insight
from anyone who has experiance using the current or older versions of
Anlyzer and is willing to take the time to answer a few noob qustions
that weren't addressed in the 'NetIQ 4.5 documentation'

Thank you in advance for your time and or your responses.... it is
much appreciated!!!
-Jeff S.


I'm attempting to import user data from three different
eDirectory / LDAP trees, and then compare the data so that I can
consolidate the eDirectory instances with the aggregate data. For that
effort I'm looking at between 45,000 and 50,000 user records per tree...
with 47 different attributes each. The attributes consist of half stock
and half custom, including some multi valued attributes such as member
and security equals. Similarly I would like to compare the groups in
each eDirectory tree, rouglhy 2500 groups per tree with 5 attributes
each (including multi valued attributes like membership and equivalent
to me). For this effort I've been successful in installing and setting
up Analyzer 4.5. I've been successful in importing my users to the
default database (it took just under 13 hours per user dataset). I've
also been successful in passing the uniqueness test, and have even
started my matching efforts for two user datasets... using three
attributes in the mathing rule (cn, wokforceid, and uuid). However 18
hours in and it is still running with no indicator of progress, or how
much longer it might take. Thus I have some questions:

*Question 1)* Is what I'm attempting to do realistic and or feasible?

*Question 2)* What things if any can I do to optimize performance of
the dataset imports and or dataset comparisions?

*Question 3)* Can / Does Analyzer 4.5 support comparing every value of
a multi valued attribute... when comparing datasets?

*Question 4)* The context in one of my trees has different case for the
O, but other wise case matches between the three trees. Will this cause
me a problem with group membership, security equals, equivalent to me,
and ACL matching?

*Question 5)* For comparing groups, or OUs across different trees...
is there any advice you can offer for matching? I imported my groups in
about an hour (roughly 2500 per tree). But my uniqueness comparison
fails because I can't seem to specify DN, or anything related to the
context that the group exists in.... thus I'm having difficulties
getting my uniqueness test to pass as using the CN or any other
combination of attributes which would be consistent across trees comes
back with less then a 90% uniqueness rate.

For the groups dataset import I'm specifying 5 ObjectClasses:
groupOfNames, ldapGroup. nestedGroupAux, posixGroup, Top
And I'm interested in comparing roughly 7 attributes: cn, member,
groupMember, groupMembership, equivalentToMe, gidNumber, description

For the OrganizationlUnit dataset import I'm specifying one ObjectClass:
And I'm interested in comparing the attributes: cn, description, ACLs
(trustee rights), associated password policies, & intruder detection

*Question 6)* I saw in one of the old forum posts that using a MySQL
database might yield significantly better performance. In the post it
referred me to the Analyzer documentation, and the configure preferences
section where I would specify a database using MySQL. However I don't
know anything about MySQL... so what would I have to do to set that up.
The info seems to be missing from the Analyzer documentation. More
specifically if I change the config preference in Analyzer does it
create and populate a MySQL database by default? Or do I first have to
create such a database, with a schema and or tables predefined, then
drop it on my workstation, and finally point analyzer 4.5 to it?

*Question 7)* Are there any gotchas I should be aware of... I think I
read in the forums that values longer then 255 characters might be a
problem.... I think only my group memberships related attributes might
possibly exceed this limitation if that is the only gotcha.

jeschaff's Profile:
View this thread: