Skip Headers
Oracle® Identity Management User Reference
10g Release 2 (10.1.2)
B15883-01
  Go To Documentation Library
Home		Go To Product List
Solution Area		Go To Table Of Contents
Contents		 Go To Index
Index
Previous
Previous 		Next
Next 		 

A.4 LDIF Format for Migrating Entries

This section describes how to properly format an LDIF file for use with the Oracle Internet Directory Migration Tool. The migration tool enables you to take LDIF entries output from other directories or applications and covert the data to use the attributes and values found in Oracle Internet Directory entries. You do this by inserting substitution variables for the data elements you want to convert.

See "ldifmigrator" for more information about the Oracle Internet Directory Migration Tool.

A.4.1 Substitution Variables for Migration Input Files

Substitution variables are denoted in the LDIF file by the following syntax: 

%s_variableName%

For example, let's say you have the following LDIF formatted entry that was exported from another application. The subtree where user entries are stored, the user nickname attribute, and the name of the user's organization are different in Oracle Internet Directory than in the original application. For those elements you want to convert, you would add substitution variables to the file as placeholders.

Example:

dn: cn=jdoe, %s_UserContainerDN%
sn: Doe
%s_UserNicknameAttribute%: jdoe
objectClass: inetOrgPerson
objectClass: orclUserV2
title: Member of Technical Staff
homePhone: 415-584-5670
homePostalAddress: 234 Lez Drive$ Redwood City$ CA$ 94402
ou: %s_UserOrganization%

When you run the Oracle Internet Directory Migration Tool against this file, it will find the variables and either replace then with the values you define on the command-line or look up the correct values in Oracle Internet Directory.

A.4.1.1 Predefined Substitution Variables

The Oracle Internet Directory Migration Tool recognizes several predefined substitution variables. If running the tool in lookup mode, the values for these variables can be looked up in Oracle Internet Directory. You can use these predefined variables or define variables of your own using the %s_variableName% syntax.

Table A-1 Predefined Substitution Variables

Variable Name Meaning How OID Migration Tool Determines the Value for This Variable

%s_UserContainerDN%

Distinguished name of the entry under which all users are supposed to be added.

This is assigned the value of the attribute: orclCommonUserSearchBase from the entry cn=Common,cn=Products under the realm- specific Oracle context.

%s_GroupContainerDN%

Distinguished name of the entry under which all public groups are supposed to be added.

This is assigned the value of the attribute: orclCommonGroupSearchBase from the entry cn=Common,cn=Products under the realm- specific Oracle context.

%s_UserNicknameAttribute%

The nickname attribute to be used for user entries in the identity management realm.

This is assigned the value of the attribute: orclCommonNicknameAttribute from the entry cn=Common,cn=Products under the realm- specific Oracle context.

%s_SubscriberDN%

Distinguished name of the LDAP entry corresponding to the identity management realm.

If a simple subscriber name is given, the migration tool will resolve it to a DN using the attribute orclSubscriberSearchBase and the orclSubscriberNickNameAttr from the entry cn=Common,cn=Products under the root Oracle context.

%s_SubscriberOracleContextDN%

Distinguished name of the realm-specific Oracle Context.

First the realm DN is computed as described earlier and then the string cn=OracleContext is pre-pended to it.

%s_RootOracleContextDN%

Distinguished name of the Root Oracle Context.

This is currently hard-coded to cn=OracleContext.

%s_CurrentUserDN%

Distinguished name of the User who is loading the LDIF file. This is sometimes required to bootstrap the creation of groups which require at least one member in them.

The migration tool expects this DN to be specified on the command line as part of the authentication information.


A.4.2 Reconcile Options for Migrated Entries

When migrating entries into Oracle Internet Directory from another application, it is possible that there may be conflicts. For example, a user entry may already be defined in Oracle Internet Directory, or have conflicting values with the migrated data. In this case, the reconcile option will control what LDIF changetype directives are performed. There are three modes for reconciliation of migrated data:

  • SAFE - This mode only adds new entries that don't exist or appends new attributes to existing entries. If any other directive besides the following are specified in the LDIF file, they will not be applied. 

    changetype:add

changetype:modify
      add: attribute_name (adds attribute only if it doesn't exist)

  • SAFE-EXTENDED - This mode only adds new entries that don't exist or appends new attributes to existing entries. If you try to add a new value for existing attributes, then it will add it to the existing set of values. If any other directive besides the following are specified in the LDIF file, they will not be applied. 

    changetype:add

changetype:modify
      add: attribute_name (appends values if attribute exists)

  • NORMAL - This mode applies all directives as intended. The following directives are supported: 

    changetype:add

changetype:delete

changetype:modify      add: attribute_name
      replace: attribute_name
      delete: attribute_name
  Previous
Previous 		Next
Next
  Go To Documentation Library
Home		Go To Product List
Solution Area		Go To Table Of Contents
Contents		 Go To Index
Index