Oracle® Application Server Single Sign-On Administrator's Guide 10g (9.0.4) Part Number B10851-01 |
|
This chapter explains how to move data between two or more single sign-on servers. Various conditions dictate whether you export and import data. Perhaps you want to stage data on a test server before transferring it to a production server. Or maybe you want to consolidate multiple servers as one server. Or you may simply want to back up an existing server.
The chapter contains the following topics:
The export and import script, ssomig, moves three categories of data:
If you need to move user accounts, use LDAP command-line scripts such as ldapsearch to extract data from the source directory. Use ldapadd or ldapmodify to load data into the target directory. To learn how to use these scripts see Oracle Internet Directory Application Developer's Guide.
The ssomig script uses Perl, Oracle SQL*Plus, and the tools exp and imp to move data between two release 9.0.4 servers. You must run the export and import modes separately. You can find ssomig in $ORACLE_HOME/sso/bin.
Run ssomig
using the following syntax:
ssomig -ssso_schema
-psso_password
-cnet_service_name
-log_dlog_dir
{ -export [-prompt] [-noextappusrs] -import {-merge | -overwrite} [-discoforce | -disconoforce] } [-log_flog_file
] [-ddump_file_name
] [-help]
Table 14-1 defines the parameters passed to ssomig.
Parameter | Description | Additional Information |
---|---|---|
|
Database schema name for OracleAS Single Sign-On. |
The default is |
|
Database schema password for OracleAS Single Sign-On. |
The password is randomized during installation of the OracleAS infrastructure. To obtain the password, see Appendix B. |
|
Net service name for the OracleAS Single Sign-On database. |
- |
|
Name of the log directory. |
This directory must be writable. The log file and the dump file are written here. Use the absolute path for the directory when running the script. The default is $ORACLE_HOME/sso/log. |
|
Extracts data from single sign-on tables and places it into a dump file. |
- |
|
Exports partner and external applications selectively. |
Use with |
|
Specifies that external application users not be exported. |
Choose this mode if you are moving data from a staged server to a production server and do not want to move test users. |
|
Extracts data from a dump file and places it into single sign-on tables. |
- |
|
Imports only partner and external applications that do not already exist in the target server. |
Choose this mode after you have imported the first of multiple servers.
Use with |
|
Imports all partner and external applications, regardless of whether some already exist in the target server. |
Choose this mode when migrating the first of multiple servers.
Use with |
|
Imports OracleAS Discoverer information, replacing Discoverer information in the target server. |
- |
|
Imports OracleAS Discoverer information only if the target server contains no Discoverer data. |
- |
|
Log file name. |
This file provides export results and the runtime status of tools such as SQL*Plus, exp, and imp. The default file name is ssomig.log. |
|
|
The default is ssomig.dmp. |
|
Describes the syntax and parameters for ssomig. |
- |
The scenarios under which the export and import script is run fall into two categories: export from a single server and export from multiple servers. The choice of one category or the other dictates whether the script is run in overwrite mode or merge mode. It also dictates whether partner and external applications are exported selectively. This section examines single-server export and import. For multiple-server export and import, see "Consolidating Multiple Servers".
This section contains the following topics:
What follows are scenarios that you are likely to encounter when moving data from one single sign-on server to another. The command appropriate for each scenario is provided.
ssomig -export -s orasso -p password -c net_service_name -log_d /tmp
ssomig -export -prompt -s orasso -p password -c net_service_name -log_d /tmp
ssomig -export -prompt -noextappusrs -s orasso -p password -c net_
service_name
-log_d /tmp
ssomig -import -overwrite -s orasso -p password -c net_service_name -log_d /tmp
ssomig -import -overwrite -s orasso -p password -c net_service_name
-log_d /tmp -discoforce
ssomig -import -overwrite -s orasso -p password -c net_service_name
-log_d /tmp -disconoforce
To export data:
ORACLE_HOME
, to point to the Oracle home of the release 9.0.4 single sign-on server.
This action creates the dump file ssomig.dmp, the log file ssoconf.log, and the single sign-on configuration file ssoconf.log. All three are created in the log directory.
To import data:
ORACLE_HOME
to point to the Oracle home for the release 9.0.4 single sign-on server.
log_d
parameter points to the log directory where the log files for export are located. The script must reference the files ssomig.dmp and ssoconf.log when it runs in import mode. You may have to copy these files from the computer on which the export server is located.
import
mode. (See "Export and Import Scenarios and Script Examples").
After completing export and import operations, open ssomig.log and check for errors. To interpret the messages that you encounter in the file, see "Error Messages".
This scenario is applicable if several departments in your enterprise maintain departmental single sign-on servers. You may want to consolidate these servers into a unified identity management service.
Use the following approach to export and import multiple servers:
import
mode, overwrite
option, for the first single sign-on server that you migrate. For help, see the section "Import Scenarios".
merge
mode. Import partner and external applications to the target server, importing the servers one at a time:
ssomig -import -merge -s orasso -p
password
-c
net_service_name
-log_d /tmp -d ssomig.dmp
This command merges only partner and external applications.
Any one of the following messages might appear during the course of export and import. Table 14-2 defines these messages to aid problem resolution.
Error | Cause | Action |
---|---|---|
|
Import or export or both failed because of one or more errors. |
Determine the error from the log file or from screen output. |
|
The variable has not been set for the release 9.0.4 Oracle home. |
Follow the instructions in "Running the Script". |
|
The directory represented by |
Set the Oracle home to a valid Oracle instance. |
|
You lack write permission for the log directory specified. |
Specify a directory for which you have write permission. |
|
The log directory specified does not exist. |
Specify a valid directory. |
|
The command-line parameter string is repeated or both options that compose a set of complementary options are provided. |
Avoid repeating the command-line parameter string.
Avoid including both options that compose a set of complementary options-- |
|
A mandatory command-line parameter string is missing |
Specify the parameter string, including any relevant values. |
|
The script does not support the version of the source or destination server. |
Make sure that you are using release 9.0.4 servers to perform export and import operations. |
|
The parameter string is not a recognized command-line parameter |
Use the option |
|
The schema name, password, or net service name is invalid.
|
Reenter the command. |
|
You lack write permission for the log file that you specified. |
Specify a log file for which you have write permission. |
|
An expected script file was missing, or an operating system error or database error was encountered. |
View the log files for details. Correct any errors that you find. |
|
The export operation failed because of one or more errors. |
Determine the error from the log file or from screen output. |
|
A script file is missing or an operating system error or database error was encountered. |
View the log file for details. Correct errors that you find. |
|
You lack write permission for the dump file specified. |
Specify a dump file for which you have write permission. |
|
A script file is missing or an operating system error or database error was encountered. |
View the log file for details. Correct errors that you find. |
|
The file string has been deleted or renamed externally. |
Ensure that the file string is not touched externally during execution of the script. |
|
A script file is missing or an operating system error or database error was encountered. |
View the log file for details. Correct errors that you find. |
|
The import operation failed because of one or more errors. |
Determine the error from the log file or from screen output. Correct errors that you find. |
|
You lack read permission for the dump file string. |
Obtain read permission for the specified dump file. |
|
An error occurred during export. |
View the log file. Correct errors that you find. |
|
This error appears if required configuration files such as dump and log are missing during import. |
Ensure that the configuration files are present in the log directory. |
|
The configuration file has been altered. |
Ensure that the configuration file is not altered when transferred from the source to the destination. |
|
A script file is missing or an operating system error or database error was encountered. |
View the log file for details. Correct errors that you find. |
|
![]() Copyright © 1996, 2003 Oracle Corporation. All Rights Reserved. |
|