You can use the export11cnf utility to export an existing version 1.1 configuration file to an XML file and then use the idsync importcnf command to import the file into the 6.0 system before installing the connectors.
Although it is possible to re-enter the 1.1 configuration manually by using the Identity Synchronization for Windows console, it is recommended that you use the export11cnf utility. If you do not use export11cnf, the state of the connectors is not preserved.
Exporting the version 1.1 configuration enables you to:
Eliminate most of the initial configuration process to be performed from the management Console.
Guarantee that the connector IDs assigned in version 6.0 match the connector IDs used in version 1.1. This simplifies the task of preserving the existing connector states that can be used directly in the version 6.0 deployment.
Back up the persist and etc directories, and then restore them later to avoid confusion about the underlying directory structure.
You can find the export11cnf utility in the installation migration directory. No additional installation steps are necessary.
To export an Identity Synchronization for Windows configuration to an XML file, execute export11cnf from the migration directory as follows:
In a terminal window, type the following:
java -jar export11cnf.jar -h hostname -p port -D bind DN -w bind password -s rootsuffix -q configuration password -Z -P cert-db-path -m secmod-db-path -f filename |
java -jar export11cnf.jar -D “cn=dirmanager” -w - -q - -s “dc=example,dc=com” -f exported-configuration
The export11cnf utility shares the same common arguments as the Identity Synchronization for Windows command-line utilities. For more information, see Common Arguments to the Idsync Subcommands in Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide. The export11cnf utility exports the current configuration into the file specified in the argument of the -f option.
For security reasons, the export11cnf utility does not export clear-text passwords from version 1.1. Instead, the utility inserts empty strings in cleartextPassword fields wherever applicable. For example,
<Credentials userName="cn=iswservice,cn=users,dc=example,dc=com" cleartextPassword=""/> <!-- INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVE FIELD --> |
You must enter a password manually, between double quotes, for every cleartextPassword field in the exported configuration file, before you can import the file into Identity Synchronization for Windows. importcnf validation prevents you from importing a configuration file with empty password values.
For example,
<Credentials userName="cn=iswservice,cn=users,dc=example,dc=com" cleartextPassword="mySecretPassword"/> <!-- INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVE FIELD -->
In the following sample exported configuration file,
ad-host.example.com refers to the Active Directory domain controller.
ds-host.example.com refers to the host running Directory Server.
<?xml version="1.0" encoding="UTF-8"?> <ActiveConfiguration> <SunDirectorySource parent.attr="DirectorySource" onDemandSSLOption="true" maxConnections="5" displayName="dc=example,dc=com" resyncInterval="1000"> <SynchronizationHost hostOrderOfSignificance="1" hostname="ds-host.example.com" port="389" portSSLOption="true" securePort="636"/> <Credentials userName="uid=PSWConnector, dc=example, dc=com" </SynchronizationHost> <SyncScopeDefinitionSet index="0" location="ou=people,dc=example,dc=com" filter="" creationExpression="uid=%uid%,ou=people,dc=example,dc=com" sulid="SUL1"/> </SunDirectorySource> <ActiveDirectorySource parent.attr="DirectorySource" displayName="example.com" resyncInterval="1000"> <SynchronizationHost hostOrderOfSignificance="1" hostname="ad-host.example.com" port="389" portSSLOption="true" securePort="636"> <Credentials userName="cn=Administrator,cn=Users,dc=metaqa,dc=com" cleartextPassword=""/> <!-- INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVE FIELD --> </SynchronizationHost> <SyncScopeDefinitionSet index="0" location="cn=users,dc=example,dc=com" filter="" creationExpression="cn=%cn%,cn=users,dc=example,dc=com" sulid="SUL1"/> </ActiveDirectorySource> <ActiveDirectoryGlobals flowInboundCreates="true" flowInboundModifies="true" flowOutboundCreates="true" flowOutboundModifies="true"> <TopologyHost parent.attr="SchemaLocation" hostname="ad-host.example.com" port="3268" portSSLOption="true" securePort="3269"> <Credentials parent.attr="Credentials" userName="cn=Administrator,cn=Users,dc=example,dc=com" cleartextPassword=""/> <!-- INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVE FIELD --> </TopologyHost> <TopologyHost parent.attr="HostsTopologyConfiguration" hostname="ad-host.example.com" port="3268" portSSLOption="true" securePort="3269"> <Credentials parent.attr="Credentials" userName="cn=Administrator,cn=Users,dc=example,dc=com" cleartextPassword=""/> <!-- INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVE FIELD --> </TopologyHost> <AttributeMap> <AttributeDescription parent.attr="WindowsAttribute" name="lockouttime" syntax="1.2.840.113556.1.4.906"/> <AttributeDescription parent.attr="SunAttribute" name="pwdaccountlockedtime" syntax="1.3.6.1.4.1.1466.115.121.1.24"/> </AttributeMap> <AttributeDescription parent.attr="SignificantAttribute" name="lockouttime" syntax="1.2.840.113556.1.4.906"/> <AttributeDescription parent.attr="SignificantAttribute" name="samaccountname" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="CreationAttribute" name="samaccountname" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeMap> <AttributeDescription parent.attr="WindowsAttribute" name="samaccountname" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="SunAttribute" name="uid" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> </AttributeMap> <AttributeMap> <AttributeDescription parent.attr="SunAttribute" name="sn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="WindowsAttribute" name="sn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> </AttributeMap> <AttributeDescription parent.attr="SignificantAttribute" name="sn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="SignificantAttribute" name="cn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="CreationAttribute" name="cn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeMap> <AttributeDescription parent.attr="SunAttribute" name="cn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="WindowsAttribute" name="cn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> </AttributeMap> <AttributeMap> <AttributeDescription parent.attr="SunAttribute" name="uniquemember" syntax="1.3.6.1.4.1.1466.115.121.1.25"/> <AttributeDescription parent.attr="WindowsAttribute" name="member" syntax="1.2.840.113556.1.4.910"/> </AttributeMap> <AttributeDescription parent.attr="SignificantAttribute" name="member" syntax="1.2.840.113556.1.4.910"/> </ActiveDirectoryGlobals> <SunDirectoryGlobals userObjectClass="inetOrgPerson" flowInboundCreates="true" flowInboundModifies="true" flowOutboundCreates="true" flowOutboundModifies="true"> <AttributeDescription parent.attr="SignificantAttribute" name="uniquemember" syntax="1.3.6.1.4.1.1466.115.121.1.25"/> <AttributeDescription parent.attr="CreationAttribute" name="cn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="SignificantAttribute" name="cn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="SignificantAttribute" name="pwdaccountlockedtime" syntax="1.3.6.1.4.1.1466.115.121.1.24"/> <TopologyHost parent.attr="SchemaLocation" hostname="ds-host.example.com" port="389" portSSLOption="false" securePort="636"> <Credentials parent.attr="Credentials" userName="cn=directory manager" cleartextPassword=""/> <!-- INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVE FIELD --> </TopologyHost> <AttributeDescription parent.attr="SignificantAttribute" name="uid" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="CreationAttribute" name="sn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="SignificantAttribute" name="sn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> </SunDirectoryGlobals> </ActiveConfiguration> |
After the completion of configuration export, export11cnf reports the result of the operation. If the operation fails, an appropriate error message is displayed with an error identifier.