Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Syntax for LDIF and Command-Line Tools, 7 of 10
This section contains these topics:
Table A-26 lists the tasks you can perform by using the Directory Integration and Provisioning Assistant and the corresponding commands. It also points you to instructions for performing each task.
Tasks | Commands | More Information |
---|---|---|
Create, modify, or delete a synchronization profile |
|
"Creating, Modifying, and Deleting Synchronization Profiles" |
See all the profile names in Oracle Internet Directory |
|
"Listing All Synchronization Profiles in Oracle Internet Directory" |
See the details of a specific profile |
|
|
Make Oracle Internet Directory and the connected directory identical before beginning synchronization |
|
"Bootstrapping a Directory by Using the Directory Integration and Provisioning Assistant" |
Set the wallet password that the Oracle directory integration and provisioning server later uses to connect to Oracle Internet Directory |
|
"Setting the Wallet Password for the Oracle Directory Integration and Provisioning Server" |
Reset the password of the administrator of the Oracle Directory Integration Platform |
|
"Changing the Password of the Administrator of the Oracle Directory Integration and Provisioning Platform" |
Move integration profiles from one identity management node to another |
|
"Moving an Integration Profile to a Different Identity Management Node" |
The command-line interface for the Directory Integration and Provisioning Assistant is:
dipassistant command [-help]
command := Directory Integration and Provisioning Assistant command
Directory Integration and Provisioning Assistant command :=createprofile [cp] | modifyprofile [mp] | deleteprofile [dp] | listprofiles[lsprof] | showprofile[sp] | bootstrap [bs] | wpasswd [wp] | chgpasswd [cpw] | reassociate [rs]
For help on a particular command, enter:
dipassistant command -help
The syntax for creating, modifying, or deleting synchronization profiles by using the Directory Integration and Provisioning Assistant is:
dipassistant createprofile | modifyprofile | deleteprofile [-host host name] [-port port number] [-dn bind_DN] [-passwd password]
{-file file name | -profile profile name } [propName1=value] [propName2=value]... [-configset configset_number]
For example:
dipassistant createprofile -host myhost -port 3060 -passwd xxxx
-file import.profile -configset 1 dipassistant modifyprofile -host myhost -port 3060 -passwd xxxx
-file import.profile -dn xxxx -passwd xxxx -profile myprofile
[propName1=value] [propName2=value]... dipassistant deleteprofile -profile myprofile [-host myhost] [-port 3060] [-dn xxxx] [-passwd xxxx] [-configset 1]
Table A-27 describes the parameters for creating, modifying, and deleting synchronization profiles by using the Directory Integration and Provisioning Assistant.
Parameter | Description |
---|---|
|
Host where Oracle Internet Directory is running. The default value is the name of the local host. |
|
Port at which Oracle Internet Directory was started. The default is 389. |
|
The Bind DN to be used in identifying to the directory. The default value is the DN of the Oracle Directory Integration and Provisioning platform administrator. |
|
The password of the bind DN to be used while binding to the directory. |
|
The file containing all the profile parameters. See Also: Table A-28 for a list of parameters and their description |
|
Number of the configuration set entry with which the profile needs to be associated |
|
Profile that needs to modified |
The properties expected by createprofile
and modifyprofile
commands are described in Table A-28. When modifying an already existing profile, no defaults are assumed. Only those attributes specified in the file are changed.
The command-line interface to the bootstrap command is:
dipassistant bootstrap { -profile profile_name [-host host_name] [-port port_
number] -dn bind_DN
[-passwd password] [-log log_file] [-logseverity severity]
[-trace trace_file] [-tracelevel trace_level] [-loadparallelism <#nThrs>]
[-loadretry <retryCnt>] | -cfg file_name }
For example, either:
dipassistant bs -cfg bootstrap cfg
or
dipassistant bs -host myhost -port 3060 -dn cn=orcladmin -password xxxx -profile iPlanetProfile
Parameter | Description |
---|---|
|
A configuration file containing all the parameters required for performing the bootstrapping. See Also: Table A-30 for a list of parameters and their description |
|
Host where Oracle Internet Directory is running |
|
Port at which Oracle Internet Directory was started |
|
The Bind Dn to be used in identifying to the directory |
|
The password of the Bind DN to be used while binding to the directory |
|
The profile name. |
|
Log file. If this parameter is not specified, then, by default, the log information is written to |
|
Log severity 1 - 15. 1 - INFO, 2 - WARNING, 3 - DEBUG, 4 - ERROR. Or any combination of these. If not specified, then INFO and ERROR messages alone will be logged. |
|
Trace file for debugging purpose |
|
Trace level |
|
When the loading to the destination fails, the number of times the retry should be made before marking the entry as bad entry |
|
Indicator that loading to Oracle Internet Directory is to take place in parallel by using multiple threads. For example, |
The default password for the dipadmin
account is same as ias_admin
password chosen during installation. This command lets you reset the password of dipadmin
account. To reset that password, you must provide the security credentials of the orcladmin
account.
For example:
$ dipassistant chgpasswd -passwd orcladmin password -host oid.heman.com
-port 3060
The Assistant then prompts for the new password as follows:
New Password: Confirm Password:
The listprofiles command prints a list of all the synchronization profiles in Oracle Internet Directory. For example:
$ dipassistant listprofiles -passwd dipadmin password -host oid.heman.com
-port 3060
This command prints the following sample list:
IplanetExport IplanetImport ActiveImport ActiveExport LdifExport LdifImport TaggedExport TaggedImport OracleHRAgent ActiveChgImp
The showprofile command prints the details of a specific synchronization profile For example:
$ dipassistant showprofile -passwd dipadmin password -host oid.heman.com
-port 3060 -profile ActiveImport
This command prints the following sample output:
odip.profile.version = 1.0 odip.profile.lastchgnum = 0 odip.profile.interface = LDAP odip.profile.oidfilter = orclObjectGUID odip.profile.schedinterval = 60 odip.profile.name = ActiveImport odip.profile.syncmode = IMPORT odip.profile.retry = 5 odip.profile.debuglevel = 0 odip.profile.status = DISABLE
The WPasswd
command enables you to set the wallet password that the Oracle directory integration and provisioning server later uses to connect to Oracle Internet Directory. To use this command, enter:
dipassistant wp
The Directory Integration and Provisioning Assistant prompts you to enter, and then confirm, the password.
You can use the Directory Integration and Provisioning Assistant to move directory integration profiles to another node and to reassociate them with it. For example, if the middle-tier components are associated with a particular Oracle Identity Management infrastructure, then all the integration profiles existing in that infrastructure node can be moved to a new infrastructure node.
Table A-31 describes the reassociation rules.
The usage is as follows
dipassistant reassociate [-src_ldap_host <hostName>] [-src_ldap_port <portNo>] [-src_ldap_dn <bindDn>] [-src_ldap_passwd <password>] -dst_ldap_host <hostName> [-dst_ldap_port <portNo>] [-dst_ldap_dn <bindDn>] [-dst_ldap_passwd <password>] [-log <logfile>] Options: -src_ldap_host <hostName> : Host where OID-1 runs -src_ldap_port <portNo> : Port at which OID-1 runs -src_ldap_dn <bindDn> : Bind Dn to connect to OID-1 -src_ldap_passwd <password> : Bind Dn password to connect to OID-1 -dst_ldap_host <hostName> : Host where OID-2 runs -dst_ldap_port <portNo> : Port at which OID-2 runs -dst_ldap_dn <bindDn> : Bind Dn to connect to OID-2 -dst_ldap_passwd <password> : Bind Dn password to connect to OID-2 -log <logFile> : Log file
Defaults:
src_ldap_host - localhost, src_ldap_port & dst_ldap_port - 389 src_ldap_dn & dst_ldap_dn - cn=orcladmin account
Examples:
dipassistant reassociate -src_ldap_host oid1.mycorp.com \ -dst_ldap_host oid2.mycorp.com -src_ldap_passwd xxxx \ -dst_ldap_passwd xxxx dipassistant rs -help
Note if the location of the log file is not specified then by default it will be created as $ORACLE_HOME/ldap/odi/log/reassociate.log
.
In this release, the Directory Integration and Provisioning Assistant does not support the following:
The following elements of the Directory Integration and Provisioning Assistant are untested:
The bootstrapping command of the Directory Integration and Provisioning Assistant has the limitations described in Table A-32.
Use LdapUploadAgentFile.sh
to load mapping and configuration information when you are synchronizing directories.
ldapUploadAgentFile.sh -name profile_name -config configset_the_profile_is_associated_with -LDAPhost directory_server_host -LDAPport directory_server_port -binddn DN_that_can_modify_the_profile > -bindpass password_for_the_bind_DN -attrtype "MAP" | "ATTR" -filename complete_path_of_file_to_be_uploaded
See Also:
Chapter 33, "Oracle Directory Synchronization Service" for a description of when to use |
You can create an integration profile by using the command-line tool ldapcreateConn.sh. This tool is in the following directory:
$
ORACLE_HOME
/ldap/admin/.
The following example creates an integration profile named "HRMS" in configuration set 2:
ldapcreateConn.sh-name agent_name> [ -type <IMPORT | EXPORT > ] \
[ -agentpwd agent_password ] \
[ -config configset_to_associate_with ] \
[ -LDAPhost directory_server_host ]
[ -LDAPport directory_server_port ] \
[ -binddn DN_of_super_user] \
[ -bindpass Bind_password ] \ [ [-retry maximum_retry_count_on_synchronization_errors ] \
[ -poll polling_interval_for_synchronization ] \ [ -host host_on_which_to_run_agent ] \
[ -conndirurl connected_directory_URL ] \ [ -conndiracct connected_directory_account_information ] \
[ -conndirpwd connected_directory_account_password ] \ [ -execmd command_line_for_the_agent ] \
[ -iftype interface_type ] \ [ -condirfilter connected_directory_matching_filter ]\
[ -oidfilter OID_matching_filter ] \ [ -U SSL_authentication_mode ]
[ -W wallet_location ]\
[ -P wallet_password ]
You can deregister a synchronization profile by using the command-line tool ldapDeleteConn.sh
. This tool is in the directory $
ORACLE_HOME
/ldap/admin/
.
The syntax is:
ldapdeleteConn.sh [ -name Profile_Name ] -LDAPhost <LDAP server host> (default is local host)] [ -LDAPport directory_server_port> (default 389)] [ -binddn SuperUserDN (default cn=orcladmin ) ] [ -bindpass password (default=welcome) ] [ -config configset_associated_with_agent ] [ -U <SSL_authentication_mode> ] [ -W Wallet_location ] [ -P Wallet_password ] [ -help | -usage ]
The following example deregisters a profile entry and dissociates it from the configuration set 2 (config 2
) entry:
ldapDeleteConn.sh name HRMS config 2
In a client-only installation where OID Monitor and OIDCTL tools are not available, you can start the directory integration and provisioning server without OIDCTL. To stop the server, use the stopOdiServer.sh tool.
The path name for this tool is: $
ORACLE_HOME
/ldap/admin/stopodiserver.sh
The usage is:
$ORACLE_HOME/ldap/admin/stopodiserver.sh[ -LDAPhost LDAP_server_host ] [ -LDAPport LDAP_server_port ] [ -binddn super_user_dn (default cn=orcladmin ) ] [ -bindpass bind_password (default=welcome) ] -instance instance_number_to_stop
Note: To run shell script tools on the Windows operating system, you need one of the following UNIX emulation utilities:
|
The schemasync tool enables you to synchronize schema elements--namely attributes and object classes--between an Oracle directory server and third-party LDAP directories.
The usage for schemasync is as follows:
$ORACLE_HOME/bin/schemasync-srchost source_LDAP_directory -srcport source_LDAP_port_numbert -srcdn privileged_DN_in_source_directory_to_access_schema -srcpwd password -dsthost destination_LDAP_directory -dstport destination_LDAP_port -dstdn privileged_dn_in_destination_directory_to_access_schema -dstpwd password [-ldap]
The errors that occur during schema synchronization are logged in the
following log files:
To register an Oracle directory integration and provisioning server with the directory, this tool creates an entry in the directory and sets the password for the directory integration and provisioning server. If the registration entry already exists, then you can use the tool to reset the existing password. The odisrvreg
tool also creates a local file called odisrvwallet_
hostname
, at $
ORACLE_HOME
/ldap/odi/conf
. This file acts as a private wallet for the directory integration and provisioning server, which uses it on startup to bind to the directory.
Table A-36 describes the parameters that you use with the Oracle Directory Integration and Provisioning Server Registration Tool. You can also run odisrvreg
in SSL mode to make communication between the tool and the directory fully secure, using the -U
, -W
, and -P
parameters that are also described in Table A-36.
To register the directory integration and provisioning server, enter this command:
odisrvreg -h host_name -p port -D binddn -w bindpasswd -I passwd [-U ssl_mode -W wallet -P wallet_password]
Use the Provisioning Subscription Tool to administer provisioning profile entries in the directory. More specifically, use it to perform these activities:
The Provisioning Subscription Tool shields the location and schema details of the provisioning profile entries from the callers of the tool. From the callers' perspective, the combination of an application and a subscriber uniquely identify a provisioning profile. The constraint in the system is that there can be only one provisioning profile for each application for each subscriber.
Note: To run shell script tools on the Windows operating system, you need one of the following UNIX emulation utilities:
|
The name of the executable is oidProvTool, located in $
ORACLE_HOME
/bi
n.
To invoke this tool, use this command:
oidprovtool param1=param1_value param2=param2_value param3=param3_value ...
The Provisioning Subscription Tool accepts the following parameters:
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|