Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
Quick Procedure for Creating Server Instances and Suffixes
Creating and Deleting a Directory Server Instance
To Create a Directory Server Instance
To Delete a Directory Server Instance
Starting, Stopping, and Restarting a Directory Server Instance
To Start, Stop, and Restart Directory Server
To List All the Running Instances
Disabling or Enabling a Suffix
To Disable then Enable a Suffix
Setting Referrals and Making a Suffix Read-Only
To Set Referrals to Make a Suffix Read-Only
Importing Data From an LDIF File
To Load Sample Data in Directory Server Instance
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
You can import data to a Directory Server suffix in the following ways:
Initialize a suffix from an LDIF file. This operation deletes the current data in the suffix and replaces it with the contents of the LDIF file.
Use an LDIF file to perform bulk ldapadd, ldapmodify, or ldapdelete operations. This allows you to add, modify, and delete entries in bulk in any suffix of the directory.
Note - The offline import (dsadm import) does not remove the changelog as the changelog data may still be in the suffix. At server start, replication decides if the changelog needs to be kept or not. Online import (dsconf import) decides straight away if changelog needs to be recreated or not.
The following table shows the differences between initializing a suffix and adding, modifying, and deleting entries in bulk.
Table 2-1 Comparison of Initializing a Suffix and Importing Data in Bulk
|
Initializing a suffix overwrites the existing data in a suffix with the contents of an LDIF file that contains only entries for addition.
You must be authenticated as the Directory Manager or an Administrator to initialize a suffix.
When the server is running, only the Directory Manager and Administrators can import an LDIF file that contains a root entry. For security reasons, only these users have access to the root entry of a suffix, for example, dc=example,dc=com.
Before restoring suffixes involved in replication agreements, read Restoring Replicated Suffixes.
Note -
All LDIF files that you import must use UTF-8 character-set encoding.
When initializing a suffix, the LDIF file must contain the root entry and all directory tree nodes of the corresponding suffix.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Caution - These commands overwrite the data in your suffix. |
If your server is local and stopped, type:
$ dsadm import instance-path LDIF-file suffix-DN
The following example uses the dsadm import command to import two LDIF files into a single suffix:
$ dsadm import /local/dsInst /local/file/example/demo1.ldif \ /local/file/example/demo2.ldif dc=example,dc=com
If your server is running (local or remote), type:
$ dsconf import -h host -p port LDIF-file suffix-DN
The following example imports an LDIF file using dsconf import. You do not need root privileges to run the command, but you must authenticate as a user with root permissions, such as the Directory Manager.
$ dsconf import -h host1 -p 1389 /local/file/example/demo1.ldif \ ou=People,dc=example,dc=com
You can import gzip compressed files. Examples:
$ dsadm import /local/dsInst /local/file/example/demo2.ldif.gz \ /local/file/example/demo2.ldif dc=example,dc=com $ dsconf import -h host1 -p 1389 /local/file/example/demo2.ldif.gz \ ou=People,dc=example,dc=com
For more information, see the dsadm(1M) and dsconf(1M)man pages.
Examples that use command-line tools depend on sample data residing under the dc=example,dc=com suffix of your directory.
You can set up part of the data that is required by creating a dc=example,dc=com suffix. You can then populate the suffix with entries from the install-path/dsee7/resources/ldif/Example.ldif file.
$ dsadm create -p port -P SSL-port instance-path $ dsadm start instance-path
$ dsconf create-suffix -h localhost -p 1389 dc=example,dc=com $ dsconf import -h localhost -p 1389 \ install-path/dsee7/resources/ldif/Example.ldif dc=example,dc=com
For more information, see To Create a Directory Server Instance.
define suffix=dc=example,dc=com define maildomain=example.com branch: ou=test,[suffix] subordinateTemplate: person:100 template: person rdnAttr: uid objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson givenName: <first> sn: <last> cn: {givenName} {sn} initials: {givenName:1}{sn:1} employeeNumber: <sequential> uid: test{employeeNumber} mail: {uid}@[maildomain] userPassword: auth{employeeNumber}{employeeNumber} telephoneNumber: <random> description: This is the description for {cn}.
Note - The test.template file must be created in the install-path/dsee7/dsrk/bin/example_files directory.
$ cd install-path/dsee7/dsrk/bin/example_files $ ../makeldif -t test.template -o test.ldif Processing complete. 101 total entries written. $ ../ldapmodify -a -c -D uid=hmiller,dc=example,dc=com -w - -f test.ldif Enter bind password: …
If you read Example.ldif, you see that the password for hmiller is hillock.
Note - This step is specific to the zip installation because the makeldif command is available only in the zip distribution.
When you perform an ldapmodify operation, you are able to add, modify, or delete entries in bulk. Entries are specified in an LDIF file that contains update statements to modify or delete existing entries. This operation does not erase entries that already exist.
The changed entries may target any suffix that is managed by your Directory Server. As with any other operation that adds entries, the server will index all new entries as they are imported.
The ldapmodify command will import an LDIF file through LDAP and perform all operations that the file contains. Using this command you can modify data in all directory suffixes at the same time.
Before restoring suffixes involved in replication agreements, see Restoring Replicated Suffixes.
Note - All LDIF files that you import must use UTF-8 character-set encoding.
When importing an LDIF file, parent entries must either exist in the directory or be added first from the file.
$ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - -B baseDN -f LDIF-file
The following example performs an import using the ldapmodify command. You do not need root privileges to run this command, but you must authenticate as a user with root permissions, such as cn=Directory Manager or cn=admin,cn=Administrators,cn=config. The last parameter specifies the name of the LDIF file to import.
$ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - \ -B dc=example,dc=com -f /local/dsInst/ldif/demo.ldif