Migrating a BPMN Workflow
After upgrading to IDM 5.5 or applying Security Advisory #201705, existing BPMN workflows must be modified in order to to attach a scriptTaskListener to each userTask within the workflow. The scriptTaskListener must inject any required user input within the process context, making it available to other workflow stages.
The attached workflowScriptTaskHelper.xsl file can be used to assist with migration and will automatically transform basic BPMN workflows. Complex workflows or those which do not already include a userTask may require additional manual intervention:
- On Mac® OS X® or Linux®, you must execute the following XSLT script to migrate your BPMN files:
xsltproc workflowScriptTaskHelper.xsl path/to/your/project.bpmn20.xml | xmllint -format -
- On Microsoft® Windows®, the Microsoft Command Line Transformation Utility (msxsl.exe) can be used in conjunction with the Microsoft Core XML Services to migrate your BPMN files:
msxsl.exe path/to/your/project.bpmn20.xml workflowScriptTaskHelper.xsl -o path/to/your/updated.bpmn20.xml
Related Issue Tracker IDs
The password plugin configuration is specified in one of the following files depending on the plugin version:
- Plugin version 3.5.0 and later - openidm-accountchange-plugin-sample-config
- Plugin versions 1.0.3 and 1.1.1 - openidm-pwsync-plugin-config.ldif
You must use the plugin version that corresponds to your DS/OpenDJ version. See Release Notes › Supported Connectors, Connector Servers, and Plugins for further information.
You can upgrade DS/OpenDJ as follows:
- Back up the password plugin configuration file (openidm-pwsync-plugin-config.ldif or openidm-accountchange-plugin-sample-config, which is located in the /path/to/ds/config directory) as this contains your current configuration details.
- Update the Default Password Policy to remove the account-status-notification-handler attribute using a dsconfig command such as the following:
$ ./dsconfig set-password-policy-prop --policy-name "Default Password Policy" --reset account-status-notification-handler --hostname localhost --port 4444 --bindDn "cn=Directory Manager" --bindPassword password --trustAll --no-prompt
- Remove the changes made to the cn=config backend when the plugin was installed using a ldapdelete command such as the following:
$ ./ldapdelete --hostname ds1.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password "cn=OpenIDM Notification Handler,cn=Account Status Notification Handlers,cn=config"
- Stop the DS/OpenDJ instance.
- Delete the following files that apply to the existing plugin:
- openidm-pwsync-plugin-config.ldif or openidm-accountchange-plugin-sample-config in the /path/to/ds/config directory.
- 90-openidm-pwsync-plugin.ldif file in the /path/to/ds/config/schema directory; as of DS 6 and later, located in /path/to/ds/db/schema for new installs.
- opendj-accountchange-handler-x.x.x.jar in the /path/to/ds/lib/extensions directory.
- Restart the DS/OpenDJ instance.
- Upgrade to the new version of DS/OpenDJ. See Installation Guide and Upgrading DS/OpenDJ for further information.
- Install the new plugin per the instructions in Password Synchronization Plugin Guide › Installing the DS Password Synchronization Plugin.
- Update the configuration file (openidm-pwsync-plugin-config.ldif or openidm-accountchange-plugin-sample-config depending on which version of the plugin you installed) with the details contained in the configuration file you backed up if you want to retain the same behavior you had previously.
Related Issue Tracker IDs