Skip Headers

Oracle® Internet Directory Administrator's Guide
10g (9.0.4)
Part Number B12118-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index

Go to previous page Go to beginning of chapter Go to next page

Syntax for LDIF and Command-Line Tools, 7 of 10

Oracle Directory Integration and Provisioning Platform Command-Line Tools Syntax

This section contains these topics:

The Directory Integration and Provisioning Assistant

Table A-26 lists the tasks you can perform by using the Directory Integration and Provisioning Assistant and the corresponding commands. It also points you to instructions for performing each task.

Table A-26  Summary of Functionality of the Directory Integration and Provisioning Assistant
Tasks Commands More Information

Create, modify, or delete a synchronization profile

createprofile

modifyprofile

deleteprofile

"Creating, Modifying, and Deleting Synchronization Profiles"

See all the profile names in Oracle Internet Directory

listprofiles

"Listing All Synchronization Profiles in Oracle Internet Directory"

See the details of a specific profile

showprofile

"Viewing the Details of a Specific Synchronization Profile"

Make Oracle Internet Directory and the connected directory identical before beginning synchronization

bootstrap

"Bootstrapping a Directory by Using the Directory Integration and Provisioning Assistant"

Set the wallet password that the Oracle directory integration and provisioning server later uses to connect to Oracle Internet Directory

wpasswd

"Setting the Wallet Password for the Oracle Directory Integration and Provisioning Server"

Reset the password of the administrator of the Oracle Directory Integration Platform

chgpasswd

"Changing the Password of the Administrator of the Oracle Directory Integration and Provisioning Platform"

Move integration profiles from one identity management node to another

reassociate

"Moving an Integration Profile to a Different Identity Management Node"

The command-line interface for the Directory Integration and Provisioning Assistant is:

dipassistant command [-help]

command := Directory Integration and Provisioning Assistant command 

Directory Integration and Provisioning Assistant command := 


createprofile [cp] 
| modifyprofile [mp] 
| deleteprofile [dp] 
| listprofiles[lsprof]
| showprofile[sp]
| bootstrap [bs]
| wpasswd [wp]
| chgpasswd [cpw]
| reassociate [rs]

For help on a particular command, enter: 

dipassistant command -help

Creating, Modifying, and Deleting Synchronization Profiles

The syntax for creating, modifying, or deleting synchronization profiles by using the Directory Integration and Provisioning Assistant is: 

dipassistant createprofile | modifyprofile | deleteprofile 
[-host host name] [-port port number] [-dn bind_DN] [-passwd password] 

{-file file name | -profile profile name } [propName1=value]
[propName2=value]... [-configset configset_number]

For example: 

dipassistant createprofile -host myhost -port 3060 -passwd xxxx 

-file import.profile -configset 1 

dipassistant modifyprofile -host myhost -port 3060 -passwd xxxx 

-file import.profile -dn xxxx -passwd xxxx -profile myprofile

[propName1=value]
[propName2=value]... 

dipassistant deleteprofile -profile myprofile [-host myhost] [-port 3060] [-dn 
xxxx] [-passwd xxxx] [-configset 1]

Table A-27 describes the parameters for creating, modifying, and deleting synchronization profiles by using the Directory Integration and Provisioning Assistant.

Table A-27  Parameters for Creating, Modifying, and Deleting Synchronization Profiles by Using the Directory Integration and Provisioning Assistant
Parameter Description

-host

Host where Oracle Internet Directory is running. The default value is the name of the local host.

-port

Port at which Oracle Internet Directory was started. The default is 389.

-dn

The Bind DN to be used in identifying to the directory. The default value is the DN of the Oracle Directory Integration and Provisioning platform administrator.

-passwd

The password of the bind DN to be used while binding to the directory.

-file

The file containing all the profile parameters.

See Also: Table A-28 for a list of parameters and their description

-configset

Number of the configuration set entry with which the profile needs to be associated

-profile

Profile that needs to modified

The properties expected by createprofile and modifyprofile commands are described in Table A-28. When modifying an already existing profile, no defaults are assumed. Only those attributes specified in the file are changed.

Table A-28  Properties Expected by createprofile and modifyprofile Commands
Parameter Description Default

odip.profile.name

Name of the profile

-

odip.profile.password

Password for accessing this profile

-

odip.profile.status

Either DISABLE or ENABLE

DISABLE

odip.profile.syncmode

Direction of synchronization. When the changes are propagated from the third party to Oracle Internet Directory, the synchronization mode is IMPORT. When the changes are propagated to the third party directory, the synchronization mode is EXPORT.

IMPORT

odip.profile.retry

Maximum number of times this profile should be executed in the case of an error before the integration server gives up

4

odip.profile.schedinterval

Interval between successive executions of this profile by the integration server. If the previous execution has not completed then the next execution will not resume until it completes.

1 Minute

odip.profile.agentexecommand

In the case of a NON-LDAP interface, the command to produce the information in LDIF format

-

odip.profile.condirurl

Location of third-party directory [hostname:port]

-

odip.profile.condiraccount

DN or user name used to connect to the third party directory.

-

odip.profile.condirpassword

Password used for identification to the third-party directory.

-

odip.profile.interface

Indicator as to whether the LDAP or LDIF or DB or TAGGED format is to be used for data exchange

LDAP

odip.profile.configfile

Name of the file that contains the additional profile-specific information to be used for execution

-

odip.profile.mapfile

Name of the file that contains the mapping rules

-

odip.profile.condirfilter

Filter that needs to be applied to the changes read from the connected directory before importing to Oracle Internet Directory

-

odip.profile.oidfilter

Filter that needs to be applied to the changes that are read from the Oracle Internet Directory before exporting to the connected directory

-

odip.profile.lastchgnum

Last applied change number. In the case of an export profile this number refers to Oracle Internet Directory's last applied change number However, n the case of the import profile, this number refers to the last applied change number in the connected directory

-

Bootstrapping a Directory by Using the Directory Integration and Provisioning Assistant

The command-line interface to the bootstrap command is: 

dipassistant bootstrap { -profile profile_name [-host host_name] [-port port_
number] -dn bind_DN [-passwd password] [-log log_file] [-logseverity severity] 
[-trace trace_file] [-tracelevel trace_level] [-loadparallelism <#nThrs>] 
[-loadretry <retryCnt>] | -cfg file_name }

For example, either: 

dipassistant bs -cfg bootstrap cfg

or 


dipassistant bs -host myhost -port 3060 -dn cn=orcladmin -password xxxx -profile  
iPlanetProfile
Table A-29  Parameters of a deleteprofile Command
Parameter Description

-cfg

A configuration file containing all the parameters required for performing the bootstrapping.

See Also: Table A-30 for a list of parameters and their description

-host

Host where Oracle Internet Directory is running

-port

Port at which Oracle Internet Directory was started

-dn

The Bind Dn to be used in identifying to the directory

-password

The password of the Bind DN to be used while binding to the directory

-profile

The profile name.

-log

Log file. If this parameter is not specified, then, by default, the log information is written to OH/ldap/odi/bootstrap.log

-logseverity

Log severity 1 - 15. 1 - INFO, 2 - WARNING, 3 - DEBUG, 4 - ERROR. Or any combination of these. If not specified, then INFO and ERROR messages alone will be logged.

-trace

Trace file for debugging purpose

-trace level

Trace level

-loadRetry

When the loading to the destination fails, the number of times the retry should be made before marking the entry as bad entry

-loadparallelism

Indicator that loading to Oracle Internet Directory is to take place in parallel by using multiple threads. For example, -loadparallelism 5 means that 5 threads are to be created, each of which tries to load the entries in parallel to Oracle Internet Directory.

Properties Expected by the Bootstrapping Command

Table A-30  Bootstrapping Properties
Property Description Mandatory Default

odip.bootstrap.srctype

Indicator of whether source of the bootstrapping is LDAP or LDIF. Valid values are either LDAP or LDIF.

Yes

-

odip.bootstrap.desttype

Indicator of whether destination of the bootstrapping is LDAP or LDIF. Valid values are either LDAP or LDIF.

Yes

-

odip.bootstrap.srcurl

In the case of LDAP source type, location of the source directory. In the case of LDIF, the location of the LDIF file.

Note: For LDAP, the expected format is host[:port]. For LDIF, the expected format is the absolute path of the file.

Yes

-

odip.bootstrap.desturl

In the case of LDAP, location of the destination directory. In the case of LDIF, the location of the LDIF file.

Note: For LDAP, the expected format is host[:port]. For LDIF, the expected format is the absolute path of the file.

Yes

-

odip.bootstrap.srcsslmode

Indicator of whether SSL-based authentication must be used to connect to the source of the bootstrapping. A value of TRUE indicates that SSL-based authentication must be used.

No

FALSE

odip.bootstrap.destsslmode

Indicator of whether SSL-based authentication must be used to connect to the destination of the bootstrapping. TRUE indicates that SSL-based authentication must be used.

Note: In the case of LDIF, this parameter is meaningless.

No

FALSE

odip.bootstrap.srcdn

Supplement to the source URL. In the case of LDIF binding, this parameter is meaningless. However in the case of LDAP, this parameter specifies the Bind DN.

Only in the case of LDAP

-

odip.bootstrap.destdn

Supplement to the destination URL. In the case of LDIF binding, this parameter is meaningless. However in the case of LDAP, this parameter specifies the Bind DN.

Only in the case of LDAP

-

odip.bootstrap.srcpasswd

Bind password to the source. In the case of LDAP binding, this is used as security. Oracle Corporation recommends that you not specify the password in this file.

No

-

odip.bootstrap.destpasswd

Bind password. In the case of LDAP binding, this is used as security credential.

Oracle Corporation recommends that you not specify the password in this file.

No

-

odip.bootstrap.mapfile

Location of the map file that contains the attribute and domain mappings.

No

-

odip.bootstrap.logfile

Location of the log file. If this file already exists then it will be appended. The default log file is bootstrap.log created under $ORACLE_HOME/ldap/odi/log directory.

No

The file bootstrap.log created under the directory $ORACLE_HOME/ldap/odi/

odip.bootstrap.logseverity

Type of log messages that needs to be logged.

    INFO - 1

    WARNING - 2

    DEBUG - 4

    ERROR - 8

Note: A combination of these types can also be given. For example, if you are interested only in WARNING and ERROR message, then specify a value of 8+2--that is, 10. Similarly, for all types of message, use 1 + 2 + 4 + 8 = 15

No

1 + 8 = 9

odip.bootstrap.loadparallelism

Numeric value indicating the number of writer threads used to load the processed data to the destination

No

1-

odip.bootstrap.loadretry

In the event of a failure to load an entry, indicator of how many times to retry

No

5

odip.bootstrap.trcfile

Location of the trace file. If this file already exists, then it is overwritten.

No

$ORACLE_HOME/ldap/odi/log/bootstrap.trc

odip.bootstrap.trclevel

The tracing level

No

3

Changing the Password of the Administrator of the Oracle Directory Integration and Provisioning Platform

The default password for the dipadmin account is same as ias_admin password chosen during installation. This command lets you reset the password of dipadmin account. To reset that password, you must provide the security credentials of the orcladmin account.

For example: 

$ dipassistant chgpasswd -passwd orcladmin password -host oid.heman.com 

-port 3060

The Assistant then prompts for the new password as follows: 

New Password: 
Confirm Password:

Listing All Synchronization Profiles in Oracle Internet Directory

The listprofiles command prints a list of all the synchronization profiles in Oracle Internet Directory. For example: 

$ dipassistant listprofiles -passwd dipadmin password -host oid.heman.com 

-port 3060

This command prints the following sample list: 

IplanetExport 
IplanetImport 
ActiveImport 
ActiveExport 
LdifExport 
LdifImport 
TaggedExport 
TaggedImport 
OracleHRAgent 
ActiveChgImp

Note:

The list shown here is the default set of profiles created during installation.

Viewing the Details of a Specific Synchronization Profile

The showprofile command prints the details of a specific synchronization profile For example: 

$ dipassistant showprofile -passwd dipadmin password -host oid.heman.com 

-port 3060 -profile ActiveImport

This command prints the following sample output: 

odip.profile.version = 1.0 
odip.profile.lastchgnum = 0 
odip.profile.interface = LDAP 
odip.profile.oidfilter = orclObjectGUID 
odip.profile.schedinterval = 60 
odip.profile.name = ActiveImport 
odip.profile.syncmode = IMPORT 
odip.profile.retry = 5 
odip.profile.debuglevel = 0 
odip.profile.status = DISABLE

Setting the Wallet Password for the Oracle Directory Integration and Provisioning Server

The WPasswd command enables you to set the wallet password that the Oracle directory integration and provisioning server later uses to connect to Oracle Internet Directory. To use this command, enter: 

dipassistant wp

The Directory Integration and Provisioning Assistant prompts you to enter, and then confirm, the password.

Moving an Integration Profile to a Different Identity Management Node

You can use the Directory Integration and Provisioning Assistant to move directory integration profiles to another node and to reassociate them with it. For example, if the middle-tier components are associated with a particular Oracle Identity Management infrastructure, then all the integration profiles existing in that infrastructure node can be moved to a new infrastructure node.

Table A-31 describes the reassociation rules.

Table A-31  Scenarios for Reassociating Directory Integration Profiles
Scenario Actions Taken

Integration profile does not exist on the second Oracle Internet Directory node

The integration profile is copied to the second Oracle Internet Directory node and is disabled after copying. It must be enabled by the application. The lastchangenumber attribute in the integration profile is modified to the current last change number on the second Oracle Internet Directory node.

Integration profile exists on the second Oracle Internet Directorynode

Both integration profiles are reconciled in the following manner:

  • Any new attribute in the profile on node 1 is added to the profile on node 2

  • For existing same attributes, the values in profile on node 1 override the attributes in the profile on node 2

  • The Profile is disabled after copying. It needs to be enabled by the application.

  • The lastchangenumber attribute in the integration profile is modified to the current last change number on the second Oracle Internet Directory node

The usage is as follows 

dipassistant reassociate [-src_ldap_host <hostName>]
[-src_ldap_port <portNo>] [-src_ldap_dn <bindDn>] [-src_ldap_passwd
<password>] -dst_ldap_host <hostName> [-dst_ldap_port <portNo>]
[-dst_ldap_dn <bindDn>] [-dst_ldap_passwd <password>] [-log <logfile>]
Options:
-src_ldap_host <hostName> : Host where OID-1 runs
-src_ldap_port <portNo> : Port at which OID-1 runs
-src_ldap_dn <bindDn> : Bind Dn to connect to OID-1
-src_ldap_passwd <password> : Bind Dn password to connect to OID-1
-dst_ldap_host <hostName> : Host where OID-2 runs
-dst_ldap_port <portNo> : Port at which OID-2 runs
-dst_ldap_dn <bindDn> : Bind Dn to connect to OID-2
-dst_ldap_passwd <password> : Bind Dn password to connect to OID-2
-log <logFile> : Log file

Defaults: 

src_ldap_host - localhost, src_ldap_port & dst_ldap_port - 389
src_ldap_dn & dst_ldap_dn - cn=orcladmin account

Examples: 

dipassistant reassociate -src_ldap_host oid1.mycorp.com \
-dst_ldap_host oid2.mycorp.com -src_ldap_passwd xxxx \
-dst_ldap_passwd xxxx

dipassistant rs -help

Note if the location of the log file is not specified then by default it will be created as $ORACLE_HOME/ldap/odi/log/reassociate.log.

Limitations of the Directory Integration and Provisioning Assistant in Oracle Internet Directory 10g (9.0.4)

In this release, the Directory Integration and Provisioning Assistant does not support the following:

The following elements of the Directory Integration and Provisioning Assistant are untested:

The bootstrapping command of the Directory Integration and Provisioning Assistant has the limitations described in Table A-32.

Table A-32  Limitations of Bootstrapping in the Directory Integration and Provisioning Assistant
Type of Bootstrapping Limitation

LDIF-to-LDIF

None

LDAP-to-LDIF

For a large number of entries, bootstrapping can fail with an error of size limit exceeded. To resolve this, the server from which you are bootstrapping should:

  • Support paged results control (OID 1.2.840.113556.1.4.319). Currently, Microsoft Active Directory is the only LDAP directory that supports this control.

  • Have an adequate value for the server side search size limit parameter

  • Use the proprietary Import/Export tool, take the dump of the data, and bootstrap by using either the LDIF-to-LDIF or the LDIF-to-LDAP approach

LDIF -to-LDAP

None

LDAP-to-LDAP

Same as LDAP-to-LDIF

The ldapUploadAgentFile.sh Tool Syntax

Use LdapUploadAgentFile.sh to load mapping and configuration information when you are synchronizing directories. 

ldapUploadAgentFile.sh -name  profile_name 
-config configset_the_profile_is_associated_with 
-LDAPhost  directory_server_host
-LDAPport  directory_server_port
-binddn  DN_that_can_modify_the_profile   >
-bindpass password_for_the_bind_DN
-attrtype  "MAP" | "ATTR"
-filename complete_path_of_file_to_be_uploaded
Table A-33  Arguments for ldapUploadAgentFile.sh
Argument Description

Name

The name of the integration profile to which the information needs to be loaded.

Config

The configset to which the profile belongs to.

LDAPhost

Directory server host

LDAPport

Directory server port

Binddn

Bind DN of the directory user who has access rights to modify the profile entry. The default is cn=orcladmin

Bindpass

Password corresponding to the bind DN. The default is welcome.

AttrType

Type of file to be loaded. "MAP' is specified for loading the mapping file. And "ATTR" is specified for loading the config info file.

Filename

Complete path name of the file to be uploaded.

Note:

Alternatively, you can use the Directory Integration and Provisioning Assistant to perform this operation. Enter either of the following:

    dipassistant mp [options] odip.profile.mapfile=your map file

    dipassistant mp [options] odip.profile.configfile= your configuration file

See Also:

Chapter 33, "Oracle Directory Synchronization Service" for a description of when to use ldapUploadAgentFile.sh

The ldapCreateConn.sh Tool Syntax

You can create an integration profile by using the command-line tool ldapcreateConn.sh. This tool is in the following directory:

$ORACLE_HOME/ldap/admin/.

The following example creates an integration profile named "HRMS" in configuration set 2: 

ldapcreateConn.sh 


-name agent_name> 
[ -type  <IMPORT | EXPORT > ] \   

[ -agentpwd agent_password ] \ 

[ -config configset_to_associate_with ] \

[ -LDAPhost directory_server_host ] 

[ -LDAPport directory_server_port ] \  

[ -binddn DN_of_super_user] \

[ -bindpass   Bind_password ] \                                    [ 
[-retry   maximum_retry_count_on_synchronization_errors ] \

[ -poll polling_interval_for_synchronization ] \                                    
[ -host host_on_which_to_run_agent ] \

[ -conndirurl  connected_directory_URL ] \                                    
[ -conndiracct connected_directory_account_information ] \

[ -conndirpwd connected_directory_account_password ] \                                    
[ -execmd command_line_for_the_agent ]  \

[ -iftype interface_type ]      \                                    [ 
-condirfilter connected_directory_matching_filter ]\ 

[ -oidfilter OID_matching_filter ] \                                    
[ -U SSL_authentication_mode ] 

[ -W wallet_location ]\

[ -P wallet_password ]
Table A-34  Arguments for Registering a Partner Agent by Using ldapcreateConn.sh
Argument Description

Name

The name of the Integration Profile.This must be unique.

Type

IMPORT/EXPORT. The default is IMPORT/

Agentpwd

The password to protect the profile. The default is `welcome'.

Config

The configuration set number. The default is 1.

LDAPhost

Directory server host. The default is the current host.

LDAPport

Directory server port The default is port 389.

Binddn

The bind DN of the Directory user which has the privileges to create Integration profile. The default is `cn=orcladmin'

Bindpass

The bind password. The default is `welcome'

Retry

Maximum number of retries to be done by the server when encountering a synchronization error. The default is `5'.

Poll

The scheduling interval of the profile. The default is `60' seconds.

Host

This is currently used. For the time being, it should be set to the machine name on which the DIP server is executing.

Conndirurl

The connected directory access Information.

Conndiracct

The connected directory account.

Conndirpwd

The connected directory account password

Execmd

The OS command line to execute the partner agent.

Iftype

The interface type. The default is TAGGED.

Condirfilter

The connected directory matching filter

Oidfilter

The OID matching filter.

Note:

Alternatively, you can use the createprofile option of the Directory Integration and Provisioning Assistant to perform this operation.

The ldapDeleteConn.sh Tool Syntax

You can deregister a synchronization profile by using the command-line tool ldapDeleteConn.sh. This tool is in the directory $ORACLE_HOME/ldap/admin/.

The syntax is: 

ldapdeleteConn.sh [ -name Profile_Name ]
 -LDAPhost <LDAP server host> (default is local host)]
            [ -LDAPport directory_server_port> (default 389)]
            [ -binddn SuperUserDN (default cn=orcladmin ) ]
            [ -bindpass   password (default=welcome) ]
            [ -config configset_associated_with_agent ]
            [ -U <SSL_authentication_mode> ]
            [ -W Wallet_location ]
            [ -P Wallet_password ]
            [ -help | -usage ]

The following example deregisters a profile entry and dissociates it from the configuration set 2 (config 2) entry: 

ldapDeleteConn.sh name HRMS config 2

Note:

Alternatively, you can use the deleteprofile option of the Directory Integration and Provisioning Assistant to perform this operation.

The StopOdiServer.sh Tool Syntax

In a client-only installation where OID Monitor and OIDCTL tools are not available, you can start the directory integration and provisioning server without OIDCTL. To stop the server, use the stopOdiServer.sh tool.

The path name for this tool is:
$ORACLE_HOME/ldap/admin/stopodiserver.sh

The usage is: 

$ORACLE_HOME/ldap/admin/stopodiserver.sh  


[ -LDAPhost LDAP_server_host ]  
[ -LDAPport LDAP_server_port ]  
[ -binddn super_user_dn (default cn=orcladmin ) ]   
[ -bindpass   bind_password (default=welcome) ] 
-instance instance_number_to_stop
Table A-35  Arguments for Stopping the Oracle Directory Integration and Provisioning Server
Argument Description

LDAPhost

Directory server host. The default is the current host.

LDAPport

Directory server port. The default is port 389.

Binddn

The bind DN of the Directory user which has the privileges to create Integration profile. The default is `cn=orcladmin'

Bindpass

The bind password. The default is `welcome'

Instance

The instance number of the Oracle directory integration and provisioning server to stop.

Note:

To run shell script tools on the Windows operating system, you need one of the following UNIX emulation utilities:

The schemasync Tool Syntax

The schemasync tool enables you to synchronize schema elements--namely attributes and object classes--between an Oracle directory server and third-party LDAP directories.

The usage for schemasync is as follows: 

$ORACLE_HOME/bin/schemasync 


-srchost source_LDAP_directory  
-srcport source_LDAP_port_numbert 
-srcdn privileged_DN_in_source_directory_to_access_schema 
-srcpwd password
-dsthost destination_LDAP_directory 
-dstport destination_LDAP_port
-dstdn privileged_dn_in_destination_directory_to_access_schema
-dstpwd password 
[-ldap]

Note:

the -ldap parameter is optional. If it is specified, then the schema changes are applied directly from the source LDAP directory to the destination LDAP directory. If it is not specified, then the schema changes are placed in the following LDIF files:

  • $ORACLE_HOME/ldap/odi/data/attributetypes.ldif
    This file has the new attribute definitions.

  • $ORACLE_HOME/ldap/odi/data/objectclasses.ldif
    This file has the new object class definitions.

if you do not specify -ldap, then you must use ldapmodify to upload the definitions from these two files, first attribute types and then object classes.

The errors that occur during schema synchronization are logged in the
following log files:

The Oracle Directory Integration and Provisioning Server Registration Tool (odisrvreg)

To register an Oracle directory integration and provisioning server with the directory, this tool creates an entry in the directory and sets the password for the directory integration and provisioning server. If the registration entry already exists, then you can use the tool to reset the existing password. The odisrvreg tool also creates a local file called odisrvwallet_hostname, at $ORACLE_HOME/ldap/odi/conf. This file acts as a private wallet for the directory integration and provisioning server, which uses it on startup to bind to the directory.

Table A-36 describes the parameters that you use with the Oracle Directory Integration and Provisioning Server Registration Tool. You can also run odisrvreg in SSL mode to make communication between the tool and the directory fully secure, using the -U, -W, and -P parameters that are also described in Table A-36.

To register the directory integration and provisioning server, enter this command: 

odisrvreg -h host_name -p port -D binddn -w bindpasswd -I passwd [-U ssl_mode -W 
wallet -P wallet_password]
Table A-36  Descriptions of ODISRVREG Arguments
Argument Description

-h host_name

Oracle directory server host name

-p port_number

Port number on which the directory server is running

-D binddn

Bind DN. The bind DN must have authorization to create the registration entry for the directory integration and provisioning server

-lhost

In a cold failover cluster configuration, the virtual hostname

-w bindpasswd

Bind password

-U SSL mode

For no authorization, specify 0. For one-way authorization, specify 1.

-W Wallet location

Location of the Oracle Wallet containing the SSL certificate

-P Wallet password

Wallet password to open the Oracle wallet

The Provisioning Subscription Tool (oidprovtool) Syntax

Use the Provisioning Subscription Tool to administer provisioning profile entries in the directory. More specifically, use it to perform these activities:

The Provisioning Subscription Tool shields the location and schema details of the provisioning profile entries from the callers of the tool. From the callers' perspective, the combination of an application and a subscriber uniquely identify a provisioning profile. The constraint in the system is that there can be only one provisioning profile for each application for each subscriber.

Note:

To run shell script tools on the Windows operating system, you need one of the following UNIX emulation utilities:

The name of the executable is oidProvTool, located in $ORACLE_HOME/bin.

To invoke this tool, use this command: 

oidprovtool param1=param1_value  param2=param2_value param3=param3_value ...

The Provisioning Subscription Tool accepts the following parameters:

Table A-37  Provisioning Subscription Tool Parameters
Name Description Operations Mandatory/Optional

operation

The subscription operation to be performed. The legal values for this parameter are: create, enable, disable, delete, status and reset. Only one operation can be performed for each invocation of the tool.

all

M

ldap_host

Host-name of the directory server on which the subscription operations are to be performed. If not specified, the default value of `localhost' is assumed.

all

O

profile_status

The status of the profile (ENABLED/ DISABLED). Default is ENABLED.

Create

O

profile_mode

IBOUND/OUTBOUND/BOTH. Default is OUTBOUND.

Create

O

profile_debug

The debugging level with which the profile is executed by the Oracle directory integration and provisioning server.

All

O

sslmode

Indicator of whether to execute the Provisioning Subscription Tool in SSL mode. A value of 0 indicates non-ssl and 1 indicates SSL mode.

All

O

ldap_port

The TCP/IP port on which the LDAP server is listening for requests. If not specified, the default value of `389' is assumed.

all

O

ldap_user_dn

The LDAP distinguished name of the user on whose behalf the operation is to be performed. Not all users have the necessary permissions to perform Provisioning Subscription operations. Please see the administrative guide to grant or deny LDAP users the permission to perform Provisioning Subscription operations.

all

M

ldap_user_password

The password of the user on whose behalf the operation is to be performed.

all

M

application_dn

The LDAP distinguished name of the application for which the Provisioning Subscription Operation is being performed. The combination of the application_dn and the organization_dn parameters help the subscription tool to uniquely identify a provisioning profile.

all

M

organization_dn

The LDAP distinguished name of the organization for which the Provisioning Subscription Operation is being performed. The combination of the application_dn and the organization_dn parameters help the subscription tool to uniquely identify a provisioning profile.

all

M

interface_name

Database schema name for the PLSQL package. Format of the value should be: [Schema].[PACKAGE_NAME]

create only

M

interface_type

The type of the interface to which events have to be propagated.Valid Values: PLSQL (if not specified this is assumed as the default)

create only

O

interface_connect_info

Database connect string Format of this string:[HOST]:[PORT]:[SID]:
[USER_ID]:[PASSWORD]

create only

M

interface_version

The version of the interface protocol. Valid Values: 1.0 or 1.11.0 will be the old interface. If not specified, this is used as the default.

create only

O

interface_additional_info

Additional information for the interface. This is not currently used.

create only

O

schedule

The scheduling information for this profile. The value is the length of the time interval in seconds after which DIP will process this profile. If not specified, a default of 3600 is assumed.

create only

O

max_retries

The number of times the Provisioning Service should retry a failed event delivery. If not specified, a default value of 5 is assumed.

create only

O

event_subscription

Events for which DIP should send notification to this application. Format of this string:"[USER]GROUP]:[Domain of interest>]:[DELETE]ADD]MODIFY(<list of attributes separated by comma>)]"Multiple values may be specified by listing the parameter multiple times each with different values. If not specified the following defaults are assumed:USER:<org. DN>:DELETEGROUP:<org. DN>:DELETEqQthat is, send user and group delete notifications under the organization DN.

create only

O
Go to previous page Go to beginning of chapter Go to next page
Oracle
Copyright © 1999, 2003 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index