Re: Migration of shared DACLs from ACS 4.x to 5.x

igor.mamuzic · ‎03-08-2012

Hi guys,

Is there a simple way to migrate shared dACL to group/user mappings from ACS 4 to ACS 5? After migration using the Migration tool provided by Cisco I get shared dACLs and also I get all my users/groups transfered but these shared dACLs are not mapped to groups or users as previously. I understand that in new ACS we do not apply authorization directly to users/groups, but then if I had in ACS 4.x a hundreds of groups and each of these groups had a dedicated dACL (shared) applied as authorization attribute now after migration to ACS 5 I have to create separate authorization profile for each of these groups which is a lot of manual work. So I'm asking for an easy automated way to migrate authorozation rules to new ACS version.

steven yang · ‎03-09-2012

hi igor,

when i try to enable acs migration web interface,i got the error message as below,anybody would be help on it,thanks in advance!

acs52/admin# acs config-web-interface migration enable
Failed to modify webapp state

I got the logging as below:


Mar  8 17:22:21 acs52 [ACS-modify-migration-state]: migration
Mar  8 17:22:21 acs52 [ACS-modify-migration-state]: log4j:WARN No appenders could be found for logger (org.hibernate.cfg.Envi
ronment).
Mar  8 17:22:21 acs52 [ACS-modify-migration-state]: log4j:WARN Please initialize the log4j system properly.
Mar  8 17:22:29 acs52 [ACS-modify-migration-state]: INFO:Creating client socket at:172.22.254.199:2030
Mar  8 17:22:29 acs52 [ACS-modify-migration-state]: INFO:Creating client socket at:172.22.254.199:2030
Mar  8 17:22:30 acs52 [ACS-modify-migration-state]: INFO:Creating client socket at:172.22.254.199:2030
Mar  8 17:22:30 acs52 admin: [ACS-modify-migration-state] failed