Oracle Internet Directory Administrator's Guide
Release 2.1.1

Part Number A86101-01





Go to previous page Go to next page

Migrating Data from Other LDAP-Compliant Directories

This appendix describes the steps to migrate data from LDAP v3-compatible directories into Oracle Internet Directory.

This appendix contains these topics:

About the Data Migration Process

This method uses the established LDIF file format for LDAP v3 flat file representation of application data and metadata. LDIF is the IETF-sanctioned ASCII interchange format for representing LDAP v3 directory data as a file. All LDAP v3-compatible servers should be able to export their contents into one or more LDIF files representing the directory information tree at the time of export. However, not all LDIF files are created equal: Certain proprietary attributes or metadata may or may not be included in a give product's LDIF output. As a result, there are some additional steps required before importing an LDIF file back into Oracle Internet Directory when using bulkload or ldapadd.

See Also:

// for more on the LDIF Technical Specification 

Migrating Data

This section contains these topics:

Task 1: Export Data from the Non-Oracle Internet Directory Server into LDIF File Format

See the vendor-supplied documentation for instructions. If flags or options exist for exporting data from the foreign directory, be sure to select the method that:

Task 2: Analyze the LDIF User Data for Any Required Schema Additions Referenced in the LDIF Data

Any attributes not found in the Oracle Internet Directory base schema require extension of the Oracle Internet Directory base schema prior to the importation of the LDIF file. Some directories may support the use of configuration ("conf") files for defining extensions to their base schema (Oracle Internet Directory does not). If you have a configuration file you can use it as a guideline for extending the base schema in Oracle Internet Directory in "Task 3: Extend the Schema in Oracle Internet Directory".

Task 3: Extend the Schema in Oracle Internet Directory

See the chapter on managing the directory schema in Oracle Internet Directory Administrator's Guide for tips on how to extend directory schema in Oracle Internet Directory. You can do this by using either Oracle Directory Manager or command-line tools.

Task 4: Remove Any Proprietary Directory Data from the LDIF File

Certain elements of the LDAP v3 standard have not yet been formalized, such as Access Control Information (ACI) attributes. As a result, various directory vendors implement ACI policy objects in ways that do not "port" across vendor installations.

After the basic entry data has been imported from the "sanitized" LDIF file, you must explicitly re-apply security policies in the Oracle Internet Directory environment. You can do this by using either Oracle Directory Manager, or command line tools and LDIF files containing the desired Access Control Policy information.

There may be other proprietary metadata, representing areas outside the area of access control, that you should remove as well. A thorough understanding of the various IETF RFCs can help you determine which directory metadata is proprietary to a given vendor and which is standards-compliant, and thus portable by way of an LDIF file.

Task 5: Remove Operational Attributes from the LDIF File

Two of the standard LDAP v3 operational attributes, namely, creatorsName, createTimestamp, modifiersName, and modifyTimestamp are automatically generated by Oracle Internet Directory whenever entries are created or imported. It is not possible to instantiate these values from existing directory data, for example by using LDIF file importation. Therefore you should remove these attributes from the file before attempting to import.

Task 6: Remove Incompatible userPassword Attribute Values from the LDIF File

Oracle Internet Directory release 2.1.1 supports the following userPassword attribute hash algorithms:

The userPassword attribute hash values used by some vendor products are not compatible with Oracle Internet Directory. As a result, all lines corresponding to the userPassword attribute and value should be pruned from the LDIF data file unless they are represented in plain text or contain no value. After importation of the LDIF data, you must re-enter manually or upload hashed userPassword information separately into the directory.

Task 7: Run the -check Mode and Determine Any Remaining Schema Violations or Duplication Errors

Before generating and loading an LDIF file, always perform check mode on it by using the bulkload utility. The bulkload output reports any inconsistencies in the data.

Go to previous page Go to next page
Copyright © 1996-2000, Oracle Corporation.

All Rights Reserved.