|Oracle Internet Directory Administrator's Guide
Part Number A86101-01
This appendix describes the steps to migrate data from LDAP v3-compatible directories into Oracle Internet Directory.
This appendix contains these topics:
This method uses the established LDIF file format for LDAP v3 flat file representation of application data and metadata. LDIF is the IETF-sanctioned ASCII interchange format for representing LDAP v3 directory data as a file. All LDAP v3-compatible servers should be able to export their contents into one or more LDIF files representing the directory information tree at the time of export. However, not all LDIF files are created equal: Certain proprietary attributes or metadata may or may not be included in a give product's LDIF output. As a result, there are some additional steps required before importing an LDIF file back into Oracle Internet Directory when using bulkload or ldapadd.
This section contains these topics:
See the vendor-supplied documentation for instructions. If flags or options exist for exporting data from the foreign directory, be sure to select the method that:
Any attributes not found in the Oracle Internet Directory base schema require extension of the Oracle Internet Directory base schema prior to the importation of the LDIF file. Some directories may support the use of configuration ("conf") files for defining extensions to their base schema (Oracle Internet Directory does not). If you have a configuration file you can use it as a guideline for extending the base schema in Oracle Internet Directory in "Task 3: Extend the Schema in Oracle Internet Directory".
See the chapter on managing the directory schema in Oracle Internet Directory Administrator's Guide for tips on how to extend directory schema in Oracle Internet Directory. You can do this by using either Oracle Directory Manager or command-line tools.
Certain elements of the LDAP v3 standard have not yet been formalized, such as Access Control Information (ACI) attributes. As a result, various directory vendors implement ACI policy objects in ways that do not "port" across vendor installations.
After the basic entry data has been imported from the "sanitized" LDIF file, you must explicitly re-apply security policies in the Oracle Internet Directory environment. You can do this by using either Oracle Directory Manager, or command line tools and LDIF files containing the desired Access Control Policy information.
There may be other proprietary metadata, representing areas outside the area of access control, that you should remove as well. A thorough understanding of the various IETF RFCs can help you determine which directory metadata is proprietary to a given vendor and which is standards-compliant, and thus portable by way of an LDIF file.
Two of the standard LDAP v3 operational attributes, namely,
modifyTimestamp are automatically generated by Oracle Internet Directory whenever entries are created or imported. It is not possible to instantiate these values from existing directory data, for example by using LDIF file importation. Therefore you should remove these attributes from the file before attempting to import.
Oracle Internet Directory release 2.1.1 supports the following
userPassword attribute hash algorithms:
userPassword attribute hash values used by some vendor products are not compatible with Oracle Internet Directory. As a result, all lines corresponding to the
userPassword attribute and value should be pruned from the LDIF data file unless they are represented in plain text or contain no value. After importation of the LDIF data, you must re-enter manually or upload hashed
userPassword information separately into the directory.
Before generating and loading an LDIF file, always perform check mode on it by using the bulkload utility. The bulkload output reports any inconsistencies in the data.