Bulk Federation

Federation Manager provides a script for federating user accounts in bulk. It is called ambulkfed and is located in /FederationManager-base/SUNWam/bin. The script assumes that the user database is LDAPv3–compliant.

The ambulkfed script is the primary script for bulk federation. It uses two other Perl scripts, amGenerateLDIF.pl and amGenerateNI.pl, behind the scenes.

As input, ambulkfed takes a file that maps the user distinguished name (DN) of the identity provider to the user DN of the service provider. Each line of the file must place the mappings in the following order and separated by a pipe (“|”): uid=spuser,dc=iplanet,dc=com | uid=idpuser,dc=iplanet,dc=com. The script generates unique random identifiers for each mapping and creates four files:

• spnameidentifiers.txt

• idpnameidentifiers.txt

• spuserdata.ldif

• idpuserdata.ldif

These files contain the data for bulk federation. The LDIFs are used for instances of LDAPv3–compliant data stores. ambulkfed generates and loads the LDIF data based on its given provider role. For example, it will load spuserdata.ldif because Federation Manager acts as a service provider. The LDIFs will also be stored locally and can be used with ldapmodify to load the data into a remote provider. If the remote provider is not an instance of Federation Manager, the generated text files spnameidentifiers.txt and idpnameidentifiers.txt can be used to generate federation data based on the input needs of the provider.