Enabling Third-Party Metadirectory Solutions to Synchronize with Oracle Internet Directory

To enable third-party metadirectory solutions to retrieve changes from Oracle Internet Directory, perform the tasks described in this section.

• Task 1: Perform Initial Bootstrapping

• Task 2: Create a Change Subscription Object in Oracle Internet Directory for the Third-Party Metadirectory Solution

Task 1: Perform Initial Bootstrapping

To bootstrap a directory to synchronize data between a local directory and Oracle Internet Directory, do the following:

1. Find the number of the last change recorded in Oracle Internet Directory. This number is contained in the DSE root attribute, lastChangeNumber.

   To find the number of the last change recorded in Oracle Internet Directory, use ldapsearch. Enter the following command:

   ldapsearch -h host_name -p port_number -s base -b "" 'objectclass=*' 
   lastchangenumber
   
   

   If the change log does not contain change entries because they have been purged, then the last change number retrieved is 0 (zero).

2. Use ldifwrite to export data from Oracle Internet Directory into an LDIF file.

3. Convert the LDIF file to a format suitable to the client directory, then load it into the client directory.

   Note: Initial bootstrapping is not required with a new installation of Oracle Internet Directory. In this case, the current change number of the newly installed Oracle Internet Directory is 0 (zero).

   See Also: "ldifwrite Syntax" for instructions on using ldifwrite

Task 2: Create a Change Subscription Object in Oracle Internet Directory for the Third-Party Metadirectory Solution

To enable a third-party metadirectory solution to synchronize with Oracle Internet Directory, you must create a change subscription object for it in Oracle Internet Directory. This gives the third-party metadirectory solution access to change log objects stored in Oracle Internet Directory.

About the Change Subscription Object

The change subscription object is an entry located under the following container in Oracle Internet Directory:

cn=Subscriber Profile,cn=ChangeLog Subscriber,cn=Oracle Internet Directory

This change subscription object provides a unique credential for a third-party metadirectory solution to bind with Oracle Internet Directory and to retrieve changes from it. You associate the change subscription object with the auxiliary object class orclChangeSubscriber. This object class has several attributes, of which the following are mandatory:

• userPassword

  Password to be used by the directory when accessing the change log object in Oracle Internet Directory

• orclLastAppliedChangeNumber

  Number of the change applied during the last synchronization. This attribute allows the directory to retrieve only the changes in Oracle Internet Directory it has not already applied.

Creating a Change Subscription Object

To create a change subscription object, use ldapadd. The following example uses an input file, named add.ldif, to create and enable a change subscription object, named my_change_subscription_object, under the container
cn=Subscriber Profile,cn=ChangeLog Subscriber,cn=Oracle Internet Directory. The orclLastAppliedChangeNumber is the current change number in the directory before initial bootstrapping--in this example, 250.

• Edit file add.ldif:

  dn: cn=my_change_subscription_object,cn=Subscriber Profile,cn=ChangeLog 
  Subscriber,cn=Oracle Internet Directory
  userpassword: my_password
  orclLastAppliedChangeNumber: 250
  orclSubscriberDisable: 0
  objectclass: orclChangeSubscriber
  objectclass: top
  
  
  

• Add the entry:

  ldapadd -h my_host -p 389 -f add.ldif
  

  See Also: "Disabling and Deleting Change Subscription Objects" for instructions on temporarily disabling change subscription objects or deleting them altogether