Oracle® Identity Management Integration Guide 10g (10.1.4.2) Part Number E10528-01 |
|
|
View PDF |
This chapter discusses directory bootstrapping, which refers to the initial migration of data between a connected directory and Oracle Internet Directory. Because the synchronization process can handle the migration of data between a connected directory and Oracle Internet Directory, you are not required to perform directory bootstrapping. However, relying on the synchronization process to perform the initial migration can be a time-consuming process, especially for large amounts of data. For this reason, you should perform directory bootstrapping when you first deploy Oracle Directory Integration Platform.
This chapter contains these topics:
About Directory Bootstrapping in Oracle Directory Integration Platform
Bootstrapping Directly Using the Default Integration Profile
See Also:
The chapter on data migration from other directories and data repositories in Oracle Internet Directory Administrator's GuideIn Oracle Directory Integration Platform, bootstrapping is handled by using the Directory Integration Assistant (dipassistant
) with the bootstrap
option. The command is:
dipassistant bootstrap
For information about using the Directory Integration Assistant, enter:
dipassistant bootstrap -help
The Directory Integration Assistant enables you to bootstrap using either a parameter file or a completely configured integration profile. This chapter discusses both approaches.
See Also:
Thedipassistant
section of the Oracle Directory Integration Platform tools chapter in Oracle Identity Management User ReferenceThe parameters in this file specify:
Source and destination interface types (LDIF and LDAP)
Connection details and credentials (valid only for LDAP)
Mapping rules
The various parameters and the default values that the Directory Integration Assistant assumes for them while reading the file are given in the dipassistant
section of the Oracle Directory Integration Platform tools chapter in Oracle Identity Management User Reference.
You can bootstrap using an LDIF file in one of these ways:
By using the Directory Integration Assistant to read from the source directory
By using directory-dependent tools to read from the source directory
By using the Directory Integration Assistant to load data into Oracle Internet Directory
During installation, the following sample parameter files are copied to the $ORACLE_HOME/ldap/odi/samples/ directory:
Ldp2ldp.properties
Ldp2ldf.properties
Ldf2ldp.properties
Ldf2ldf.properties
The preceding files describe the significance of each of the parameters in bootstrapping.
When you run the tools for bootstrapping, be sure that the ORACLE_HOME
and NLS_LANG
settings are correct.
Bootstrapping can be performed between services with or without one or more intermediate files. However, for large directories, an intermediate LDIF file is required.
This section contains these topics:
Oracle recommends this method for smaller directories where the entries are:
Relatively few in number
In a flat structure
Not interdependent—that is, the creation of one entry does not depend on the existence of another as, for example, when the creation of a group entry depends on the existence of user member entries
To use this method:
Create the mapping file with appropriate mapping rules. The mapping file is one of the properties in the bootstrap file. Be sure that it is compatible with the mapping rules defined for synchronization.
Create the parameter file with the required details specifying the source as LDAP and the destination type as LDIF. A sample parameter file, ldp2ldf.properties, is available in $ORACLE_HOME/ldap/odi/samples. Make sure that binary attributes are specified as binary in the SrcAttrType
field.
Use the Directory Integration Assistant bootstrap
command using a configuration file in which:
The source is specified as an LDAP directory.
The destination type is specified as an LDIF.
Start the Directory Integration Assistant as follows:
dipassistant bootstrap –cfg parameter_file
Check the $ORACLE_HOME/ldap/odi/log/bootstrap.log and $ORACLE_HOME/ldap/odi/log/bootstrap.trc files for any errors.
Use the bulkload
utility to upload the data to Oracle Internet Directory.
For continued synchronization, update the last change number:
dipassistant mp –profile profile_name -updlcn
This section describes two ways to bootstrap a directory by using an LDIF file.
Oracle recommends that you use this method for large directories. To use this method:
Download the data from the directory to an LDIF file. The tool you use depends on the directory from which you are loading the data. If you are bootstrapping from a Microsoft Active Directory, then use the ldifde
command to load the data. Be sure to load all the required attributes for each entry.
Create the mapping file with appropriate mapping rules. When you want to do further synchronization, be sure that the mapping file is the same as the one used for synchronization.
Create the parameter file with source and destination as LDIF and other details. A sample parameter file is available in $ORACLE_HOME/ldap/odi/samples/ldf2ldf.properties.
Use the Directory Integration Assistant bootstrap
command with a parameter file in which the source is specified as LDIF and the destination type is specified as LDIF. This converts the source data and creates a new LDIF as required by Oracle Internet Directory. Execute the Directory Integration Assistant as follows:
dipassistant bootstrap –cfg parameter_file
Check the bootstrap.log
and bootstrap.trc
files for any errors.
Use the Oracle Internet Directory bulkload tool (bulkload.sh
) to upload the data to Oracle Internet Directory.
If a corresponding synchronization profile is created for further synchronization, then update the last change number:
dipassistant mp –profile profile_name -updlcn
To use this method:
Download the data from the directory to an LDIF file. The tool you use depends on the directory from which you are loading the data. If you are bootstrapping from a Microsoft Active Directory, then use the ldifde
command to load the data. Be sure to load all the required attributes for each entry.
Prepare the mapping file with appropriate mapping rules. When you want to do further synchronization, be sure that the mapping file is the same as the one used for synchronization.
Create the properties file with the source specified as LDIF and the destination specified as LDAP.
Use the Directory Integration Assistant bootstrap
command with a parameter file in which the source is specified as the LDIF file, the destination type is specified as LDAP, and the destination specified as Oracle Internet Directory. This converts the source data and creates entries in Oracle Internet Directory as required. A sample properties file, ldf2ldp.properties, is available in $ORACLE_HOME/ldap/odi/samples.
Check the bootstrap.log and bootstrap.trc files for any errors.
If a corresponding synchronization profile is created for further synchronization, then update the last change number:
dipassistant mp –profile profile_name -updlcn
Bootstrapping relies on an existing integration profile configured for synchronization. The configuration information used to connect to the third-party directory.
While using this method, put the source directory in read-only mode.
If the profile is an import profile, then footprints of the required objects in the connected directory are created in Oracle Internet Directory. If the profile is an export profile, then footprints of the required objects from Oracle Internet Directory are created in the connected directory.
While creating these entries, the distinguished name and object-level mappings as specified in the integration profile are used. If there is a failure uploading the entries, then the information is logged in $ORACLE_HOME/ldap/odi/log/bootstrap.log. The trace information is written to the file $ORACLE_HOME/ldap/odi/log/bootstrap.trc.
For example, for bootstrapping from Sun Java System Directory to Oracle Internet Directory, you would do the following:
Customize the default integration profile iPlanetImport
, which is created as part of the installation by following the instructions in "Configuring Advanced Integration with Sun Java System Directory".
Enter the following command:
dipassistant bootstrap -profile iPlanetImport -D 'cn=orcladmin'
Check the bootstrap.log and bootstrap.trc files to be sure that the bootstrapping is successfully completed.
If you are bootstrapping using the Directory Integration Assistant (dipassistant
), then, at the end of the bootstrapping process, the assistant initializes the lastchangenumber
attribute for further synchronization.
You can user either a parameter file or an integration profile to bootstrap in SSL mode. When you bootstrap in SSL mode, either Oracle Internet Directory, the connected directory, or both Oracle Internet Directory and the connected directory can be running SSL mode.
To bootstrap in SSL mode from a parameter file, you must assign values of either true
or false
to the odip.bootstrap.srcsslmode
and odip.bootstrap.destsslmode
arguments in the parameter file.
To bootstrap in SSL mode from an integration profile, you use the -U
argument with the Directory Integration Assistant's -bootstrap
command. The -U
argument accepts one of the following values:
1—SSL mode with no authentication
2—SSL mode with server authentication
3—SSL mode with server and client authentication
When you bootstrap from a default integration profile, the value assigned to the default integration profile's odip.profile.condirurl
is used to establish an SSL connection to the connected directory.
See Also:
Oracle Identity Management User Reference for information on how to run thedipassistant
command in SSL modeIf the source directory from which you are loading data contains a large number of entries, the quickest and easiest method to bootstrap the target directory is by using an LDIF file. Bootstrapping with an integration profile is not recommended in this case because connection errors may occur when reading and writing between the source and target directories. Using an LDIF file is also recommended if the DNs contain special characters, which may not be escaped properly when bootstrapping with an integration profile.