Upgrading plugins for One Identity Safeguard for Privileged Sessions 6.0
This document provides guidelines on upgrading your deprecated plugins for One Identity Safeguard for Privileged Sessions 6.0. The following sections describe the most common parameter mappings from the deprecated plugins to the new One Identity Safeguard for Privileged Sessions 6.0 plugins.
[name-of-plugin]
This section is intended to be the same as in the deprecated plugins. However, it is advised to double-check it against the respective new default.cfg file.
[users]
This configuration section was only included in certain plugins.
The following parameters were in the now deprecated [users] configuration section. They are mapped as follows:
[users] <user-name-1>=<id-1>
This is now:
[usermapping source=explicit] <user-name-1>=<id-1>
[plugin]
The following parameters were in the now deprecated [plugin] configuration section. They are mapped as follows:
[plugin] config_version=1
This is now deleted.
[plugin] log_level=info
This is now:
[logging] log_level=info
Note that log_level now only accepts strings as values. It does not accept integers.
[plugin] cred_store=<name-of-credstore-hosting-sensitive-data>
This is now:
[credential_store] name=<name-of-credstore-hosting-sensitive-data>
[auth]
The following parameters were in the [auth] configuration section. They are mapped as follows:
[auth] prompt=Hit Enter to send Duo push notification or provide the OTP:
This has not changed.
[auth] whitelist=<name-of-the-user-list>
This is now:
[whitelist source=user_list] name=<name-of-the-user-list>
[username_transform]
The following parameters were in the [username_transform] configuration section. They are mapped as follows:
[username_transform] append_domain=<name-of-the-domain-to-append-to-usernames>
This has not changed.
[ldap]
The following parameters were in the now deprecated [ldap] configuration section. They are mapped as follows:
[ldap] ldap_server_config=<ldap-configuration-name>
This is now:
[ldap_server] name=<ldap-configuration-name>
[ldap] filter=(&(cn={})(objectClass=inetOrgPerson))This is now deleted. It is automatically retrieved from the LDAP Server Policy from now on.
[ldap] user_attribute=cn
This is now:
[usermapping source=ldap_server] user_attribute=cn
[cache]
The following parameters were in the now deprecated [cache] configuration section. They are mapped as follows:
[cache] soft_timeout=0
This is now:
[authentication_cache] soft_timeout=0
[cache] hard_timeout=0
This is now:
[authentication_cache] hard_timeout=0
[cache] limit=0
This is now:
[connection_limit by=client_ip_gateway_user] conn_limit=0
[question_1]
The following parameters were in the now deprecated [question_1] configuration section. They are mapped as follows:
[question_1] key=nameofthekey
This has not changed.
[question_1] prompt=prompt to ask from the user
This has not changed.
[question_1] disable_echo=1
This has not changed.