| Oracle® Identity Management Integration Guide 10g (10.1.4.2) Part Number E10528-01 |
|
|
View PDF |
| Oracle® Identity Management Integration Guide 10g (10.1.4.2) Part Number E10528-01 |
|
|
View PDF |
This chapter contains information on post-configuration and ongoing administration tasks. It contains these topics:
Once configuration is complete, do the following:
Migrate data from one directory to the other as needed. This is described in "Bootstrapping Data Between Directories".
Use the Directory Integration Assistant to enable the synchronization profile by entering the following command:
$ORACLE_HOME/bin/dipassistant modifyprofile [-h host name] [-p port_number] [-D bind_DN] -profile profile_name_in_OID odip.profile.status=ENABLE
Start the Oracle directory integration server using the configuration set that corresponds to that of the profile. See "Starting, Stopping, and Restarting the Oracle Directory Integration Platform".
Management tasks typically include:
Managing synchronization profiles and mapping rules:
Creating new profiles. You create new profiles if you need to synchronize with an additional domain controller in a multiple domain environment.
You can create new profiles by using existing profiles as templates.To do this, use the createlike command of the Directory Integration Assistant (dipassistant) utility.
Changing configurations (attributes) in the profile.
Disabling profiles to allow maintenance and then reenabling them. Disabling profiles stops synchronization related to that profile.
Managing mapping rules:
Creating new rules when additional attributes need to be synchronized.
Changing existing rules when the way attributes are synchronized needs to change.
Deleting or commenting out rules not required when a particular attribute is not required to be synchronized.
Managing access control.
Starting and stopping the Oracle directory server and the Oracle directory integration server.
This section contains these topics:
See Also:
Oracle Identity Management User Reference for instructions on starting and stopping servers and how to use the Directory Integration Assistant (dipassistant) utility
Oracle Identity Management Infrastructure Administrator's Guide for instructions about how to use the Identity Management Grid Control Plug-in to manage integration with a third-party directory
Bootstrapping is sometimes called data migration. To bootstrap data, do the following once the third-party directory connector and plug-in configurations are complete:
Identify the data you want to migrate. You can choose to migrate all data in the directory or only a subset of data.
Use the following command to disable the import and export synchronization profile:
$ORACLE_HOME/bin/dipassistant modifyprofile -host myhost -port myport -file import.profile -dn bind_DN -passwd password_of_bind_DN -profile profile_name odip.profile.status=DISABLE
Bootstrap from one directory to another by using the Directory Integration Assistant (dipassistant) with the -bootstrap option. Bootstrapping is described in Chapter 8, " Bootstrapping a Directory in Oracle Directory Integration Platform".
Once bootstrapping is accomplished, the profile status attributes are appropriately updated in the synchronization profile by the Directory Integration Assistant (dipassistant).
If you used LDIF file-based bootstrapping, then initialize the lastchangekey value with the Directory Integration Assistant (dipassistant) as follows:
$ORACLE_HOME/bin/dipassistant modifyprofile -updlcn
This lastchangekey attribute should be set to the value of the last change number in the source directory before you started the bootstrap.
If two-way synchronization is required, then enable the export profile and make sure the change logging option is enabled for the Oracle directory server. Change logging is controlled by the -l option while starting Oracle Internet Directory. By default, it is set to TRUE, meaning that change logging is enabled. If it is set to FALSE, then use the OID Control Utility to shut down the Oracle directory server, and then to start the server again with the change log enabled.
This section explains how to delete, disable, and re-enable a third-party external authentication plug-in.
To delete a third-party external authentication plug-in, enter the following commands:
ldapdelete -h host -p port -D cn=orcladmin -w password "cn=adwhencompare,cn=plugin,cn=subconfigsubentry" ldapdelete -h host -p port -D cn=orcladmin -w password "cn=adwhenbind,cn=plugin,cn=subconfigsubentry"
To disable a third-party external authentication plug-in:
Create an LDIF file with the following entries:
dn: cn=adwhencompare,cn=plugin,cn=subconfigsubentry changetype: modify replace: orclpluginenable orclpluginenable: 0 dn: cn=adwhenbind,cn=plugin,cn=subconfigsubentry changetype: modify replace: orclpluginenable orclpluginenable: 0
Load the LDIF file with the ldapmodify command, as follows:
ldapmodify -h host -p port -D cn=orcladmin -w password -f fileName
To re-enable a third-party external authentication plug-in, use these two commands:
Create an LDIF file with the following entries:
dn: cn=adwhencompare,cn=plugin,cn=subconfigsubentry changetype: modify replace: orclpluginenable orclpluginenable: 1 dn: cn=adwhenbind,cn=plugin,cn=subconfigsubentry changetype: modify replace: orclpluginenable orclpluginenable: 1
Load the LDIF file with the ldapmodify command, as follows:
ldapmodify -h host -p port -D cn=orcladmin -w password -f fileName
