You begin policy and credential store migration by creating the JPS root and then you reassociate the policy and credential store with Oracle Internet Directory.
Migrating policy and credential stores involves the following steps:
Create the jpsroot in Oracle Internet Directory using the command line ldapadd
command as shown in these steps:
Create an ldif
file similar to this:
dn: cn=jpsroot_idm cn: jpsroot_idm_idm objectclass: top objectclass: orclcontainer
Use ORACLE_HOME
/bin/ldapadd
to add these entries to Oracle Internet Directory. For example:
ORACLE_HOME/bin/ldapadd -h oid.mycompany.com -p 389 -D cn="orcladmin" -w
welcome1 -c -v -f jps_root.ldif
To reassociate the policy and credential store with Oracle Internet Directory, use the WLST reassociateSecurityStore
command. Follow these steps:
From IDMHOST1, start the wlst
shell from the ORACLE_HOME
/common/bin
directory. For example:
./wlst.sh
Connect to the WebLogic Administration Server using the wlst connect
command shown below.
connect('AdminUser',"AdminUserPassword",t3://hostname:port')
For example:
connect("weblogic_idm,"welcome1","t3://idmhost-vip.mycompany.com:7001")
Run the reassociateSecurityStore
command as shown below:
Syntax:
reassociateSecurityStore(domain="domainName",admin="cn=orcladmin", password="orclPassword",ldapurl="ldap://LDAPHOST:LDAPPORT",servertype="OID", jpsroot="cn=jpsRootContainer")
For example:
wls:/IDMDomain/serverConfig> reassociateSecurityStore(domain="IDMDomain",
admin="cn=orcladmin",password="password",
ldapurl="ldap://oid.mycompany.com:389",servertype="OID",
jpsroot="cn=jpsroot_idm_idmhost1")
The output for the command is as follows:
{servertype=OID, jpsroot=cn=jpsroot_idm, admin=cn=orcladmin,
domain=IDMDomain, ldapurl=ldap://oid.mycompany.com:389, password=password}
Location changed to domainRuntime tree. This is a read-only tree with
DomainMBean as the root.
For more help, use help(domainRuntime)
Starting Policy Store reassociation.
LDAP server and ServiceConfigurator setup done.
Schema is seeded into LDAP server
Data is migrated to LDAP server
Service in LDAP server after migration has been tested to be available
Update of jps configuration is done
Policy Store reassociation done.
Starting credential Store reassociation
LDAP server and ServiceConfigurator setup done.
Schema is seeded into LDAP server
Data is migrated to LDAP server
Service in LDAP server after migration has been tested to be available
Update of jps configuration is done
Credential Store reassociation done
Jps Configuration has been changed. Please restart the server.
Restart the Administration Server after the command completes successfully. For information about restarting the Administration Server, see Starting the Servers.