Oracle® Identity Management User Reference
10g Release 2 (10.1.2) B15883-01 |
|
Previous |
Next |
The Directory Integration and Provisioning Assistant (dipassistant
) is a command-line tool for administering the Oracle Directory Integration and Provisioning server.
operation
The name of the operation to perform using dipassistant
. See the appropriate operation documentation for operation specific syntax, arguments, and usage. The following operations are available:
bootstrap (bs) - Performs the initial migration of data between a connected directory and Oracle Internet Directory. See "The dipassistant bootstrap Operation" for more information about this operation.
bulkprov (bp) - Creates user entries and provisions or de-provisions them to applications in bulk. See "The dipassistant bulkprov Operation" for more information about this operation.
chgpasswd (cpw) - Changes the password for the dipadmin
account. See "The dipassistant chgpasswd Operation" for more information about this operation.
createprofile (cp) - Creates a new synchronization profile from. See "The dipassistant createprofile Operation" for more information about this operation.
createprofilelike (cpl) - Creates a new synchronization profile by using an existing profile as a template. See "The dipassistant createprofilelike Operation" for more information about this operation.
deleteprofile (dp) - Deletes a synchronization profile. See "The dipassistant deleteprofile Operation" for more information about this operation.
expressconfig (ec) - Performs an express configuration of the Active Directory connector. See "The dipassistant expressconfig Operation" for more information about this operation.
listprofiles (lp) - Shows a list of all synchronization profile names in Oracle Internet Directory. See "The dipassistant listprofiles Operation" for more information about this operation.
loaddata (ld) - See "The dipassistant loaddata Operation" for more information about this operation.
modifyprofile (mp) - Modifies an existing synchronization profile. See "The dipassistant modifyprofile Operation" for more information about this operation.
reassociate (rs) - Moves and reassociates directory integration profiles from one Oracle Internet Directory server to another. See "The dipassistant reassociate Operation" for more information about this operation.
showprofile (sp) - See "The dipassistant showprofile Operation" for more information about this operation.
wpasswd (wp) - See "The dipassistant wpasswd Operation" for more information about this operation.
-gui
Launches the Oracle Directory Integration and Provisioning Server Administration Tool, which is a graphical user interface that enables you to perform the same operations as dipassistant
. See the Oracle Identity Management Integration Guide for more information about the Oracle Directory Integration and Provisioning Server Administration Tool.
-help
Displays the command-line help for the dipassistant
tool. To see a list of all operations, type:
dipassistant -help
To see the arguments and syntax for a particular operation, type:
dipassistant operation_name -help
The bootstrap (bs)
operation performs the initial migration of data between a connected directory and Oracle Internet Directory.
dipassistant bootstrap [-h oid_hostname] [-p port] [-D "bindDN"] [-w password] {-f config_file | {-profile profile_name [-log log_file] [-logseverity 1-15] [-trace trace_file] [-tracelevel level] [-loadparallelism number_threads] [-loadretry retry_count]}
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
The password used to bind to the directory.
-f config_file
Either -f
or -profile
is required. The full path and file name of a configuration file containing the properties described in "Configuration File Properties for dipassistant bootstrap". If you do not provide a configuration file, you can provide the name of a synchronization profile instead.
-profile profile_name
Either -f
or -profile
is required. The name of the synchronization profile to use when performing the bootstrap operation. If you do not provide a synchronization profile, you can provide the name of a configuration file instead. If a profile is provided, then the following optional arguments may be supplied on the command-line.
-log log_file
Optional. The path and file name of the log file. The default is ORACLE_HOME
/ldap/odi/bootstrap.log
.
-logseverity
Optional. A number between 1 and 15 that corresponds to the level of events that should be logged. The levels are as follows.
1 – INFO
2 – WARNING
4 – DEBUG
8 – ERROR
To specify multiple levels, add the numbers together. For example, the default log severity is 9, INFO and ERROR (1+8=9).
-trace trace_file
Optional. The full path and file name of the trace logging file. The default location is ORACLE_HOME
/ldap/odi/log/bootstrap.trc
. If the file exists it will be overwritten.
-tracelevel level
Optional. The number that corresponds to the level of information to write to the trace logging file. To specify multiple levels, add the numbers together. The default trace level is 3 (1+2=3).
1 - Starting and stopping of threads
2 - Refreshing of profiles
4 - Initialization, execution, and enddetails of connectors
8 - Details during connector execution
16 - Change record of the connector
32 - Mapping details of the connector
64 - Execution time details of the connector
-loadparallelism number_threads
Optional. The number of concurrent threads for loading data into Oracle Internet Directory. The default is 5.
-loadretry retry_count
Optional. If the loading of an entry fails, the number of times to retry to load the entry before the entry is marked as a bad entry. The default is 5.
odip.bootstrap.srctype
Required. The source of the bootstrap data. Valid values are LDAP
or LDIF
.
odip.bootstrap.desttype
Required. The destination for the bootstrap data. Valid values are LDAP
or LDIF
.
odip.bootstrap.srcurl
Required. For LDAP
, the host_name:port
of the directory server that is the source of the bootstrap data. For LDIF
, the absolute path of the file that contains the bootstrap source data.
odip.bootstrap.desturl
Required. For LDAP
, the host_name:port
of the directory server that is the destination for the bootstrap data. For LDIF
, the absolute path of the destination LDIF file.
odip.bootstrap.srcsslmode
Optional. Set to TRUE
to require SSL-based authentication to the to connect to the source of the bootstrapping data. The default is FALSE
(SSL not used).
odip.bootstrap.destsslmode
Optional. Set to TRUE
to require SSL-based authentication to the to connect to the destination for the bootstrapping data. The default is FALSE
(SSL not used).
odip.bootstrap.srcdn
Required for LDAP only. The DN used to bind to the source directory. The default is the DN of the Oracle Directory Integration and Provisioning administrator, for example "cn=dipadmin"
.
odip.bootstrap.destdn
Required for LDAP only. The DN used to bind to the destination directory. The default is the DN of the Oracle Directory Integration and Provisioning administrator, for example "cn=dipadmin"
.
odip.bootstrap.srcpasswd
Optional. The password used to bind to the source directory. In the case of LDAP binding, this is used as a security credential. Oracle Corporation recommends that you not specify the password in this file.
odip.bootstrap.destpasswd
Optional. The password used to bind to the destination directory. In the case of LDAP binding, this is used as a security credential. Oracle Corporation recommends that you not specify the password in this file.
odip.bootstrap.mapfile
Optional. Location of the map file that contains the attribute and domain mappings.
odip.bootstrap.logfile
Optional. The path and file name of the log file. The default is ORACLE_HOME
/ldap/odi/bootstrap.log
.
odip.bootstrap.logseverity
Optional. A number between 1 and 15 that corresponds to the level of events that should be logged. The levels are as follows.
1 – INFO
2 – WARNING
4 – DEBUG
8 – ERROR
To specify multiple levels, add the numbers together. For example, the default log severity is 9, INFO and ERROR (1+8=9).
odip.bootstrap.loadparallelism
Optional. The number of concurrent threads for loading data into Oracle Internet Directory. The default is 5.
odip.bootstrap.loadretry
Optional. If the loading of an entry fails, the number of times to retry to load the entry before the entry is marked as a bad entry. The default is 5.
odip.bootstrap.trcfile
Optional. The full path and file name of the trace logging file. The default location is ORACLE_HOME
/ldap/odi/log/bootstrap.trc
. If the file exists it will be overwritten.
odip.bootstrap.trclevel
Optional. The number that corresponds to the level of information to write to the trace logging file. To specify multiple levels, add the numbers together. The default trace level is 3 (1+2=3).
1 - Starting and stopping of threads
2 - Refreshing of profiles
4 - Initialization, execution, and enddetails of connectors
8 - Details during connector execution
16 - Change record of the connector
32 - Mapping details of the connector
64 - Execution time details of the connector
odip.bootstrap.srcencode
Optional. The native character set encoding of the LDIF file. Defaults to the character set of the user's terminal. Each supported character set has a unique acronym, for example, WE8MSWIN1252
, JA16SJIS
, or AL32UTF8
. You should specify a character set if the LDIF file:
Was generated by a third-party directory utility.
Contains Globalization Support data.
Was processed on a different platform.
Using the bootstrap
operation you can perform the following tasks:
The following example uses a synchronization profile named iPlanetProfile
to perform bootstrapping.
Example:
dipassistant bootstrap –profile iPlanetProfile -h myhost –port 3060 -D cn=dipadmin -w welcome1
The following example uses a configuration file named bootstrap.cfg
to perform bootstrapping. The configuration file contains the properties described in "Configuration File Properties for dipassistant bootstrap".
Example:
dipassistant bootstrap –f bootstrap.cfg
The bulkprov (bp)
operation allows administrators to create user entries and provision them in bulk to various applications, or to delete user entries and de-provision them in bulk form various applications. You can also use this operation to modify the attributes of user entries. This operation takes an LDIF file as input. See Appendix A, "LDIF File Format" for more information about the proper formatting of the input LDIF file.
For example, here is a sample user entry in LDIF format:
dn: cn=John Smith,cn=users,dc=us,dc=mycompany,dc=com changetype: add cn: John Smith cn: John sn: Smith mail: jsmith@mycompany.com uid: jsmith_us orclisenabled: True
The bulkprov
operation invoked with this input file would add the user entry and provision it to the applications configured in the directory. If the configured applications all have a default provisioning policy of PROVISIONING_REQUIRED
, then users will be created with this provisioning status by default for each of the applications.
The bulkprov
operation also invokes any configured plug-ins for the application. These plug-ins can override the default provisioning policy by means of specifying plug-ins, which determine the provisioning policy, perform data validations, and assign defaults. If the application-specific attributes is maintained elsewhere, then you can provide a plug-in to manage that application's data.
You must ensure that the distinguished name (DN) for each user specified in the LDIF file is a valid DN within the realm. DN validation is not performed automatically. If the LDIF file specifies a DN outside of the realm and that does not fall in one of the user search bases, then the new users will not be visible when you search for users in the Oracle Internet Directory Provisioning Console or the Oracle Internet Directory Self-Service Console.
To delete user entries and de-provision them from applications, you would supply an LDIF file with user entries such as this:
dn: cn=John Smith,cn=users,dc=us,dc=mycompany,dc=com changetype: delete
dipassistant bulkprov -f ldif_file [-h oid_hostname] [-p port] [-D bindDN] [-w password] [-realm realm_name] [-E character_set]
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
The password used to bind to the directory.
-realm realm_name
The realm in which the users are to be provisioned. If not specified, then the default identity management realm specified in the Root Oracle Context will be used.
-E "character_set"
Optional. The native character set encoding. Defaults to the character set of the user's terminal. Each supported character set has a unique acronym, for example, ISO-8859-1
, JA16SJIS
, or AL32UTF8
.
The chgpasswd (cpw)
operation resets the password of the Oracle Directory Integration and Provisioning administrator (dipadmin
) account. The default password for the dipadmin
account is same as ias_admin
password chosen during installation. To reset the password, you must provide the security credentials of the Oracle Internet Directory administrator (orcladmin
) account.
dipassistant chgpasswd [-h oid_hostname] [-p port] [-D bindDn] [-w password]
In addition to the arguments provided on the command line, the tool will prompt you for the new Oracle Directory Integration and Provisioning administrator (dipadmin
) account password.
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
The password used to bind to the directory.
Using the dipassistant chgpasswd
operation you can perform the following tasks:
Example:
dipassistant chgpasswd -h myhost -p 3060 -D cn=orcladmin -w welcome1
The Directory Integration and Provisioning Assistant then prompts for the new password as follows:
New Password: Confirm Password:
The createprofile (cp)
operation creates a new synchronization profile for Oracle Internet Directory and an external directory.
dipassistant createprofile [-h oid_hostname] [-p port] [-D bindDN] [-w password] -f prop_file -configset configset_number
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
The password used to bind to the directory.
-f prop_file
Required. The full path and file name of the profile properties file containing the properties described in "Configuration File Properties for dipassistant createprofile".
-configset configset_number
Required. An integer greater than 0 that represents the configuration set with which to associate the profile.
odip.profile.agentexecommand
In the case of a NON-LDAP interface, the command to produce the information in LDIF format. This is stored in the orclODIPAgentExeCommand attribute of the profile entry.
odip.profile.condiraccount
DN or user name used to connect to the third party directory. This is stored in the orclODIPConDirAccessAccount attribute of the profile entry.
odip.profile.condirpassword
The password used to connect to the third party directory. This is stored in the orclODIPConDirAccessPassword attribute of the profile entry.
odip.profile.condirfilter
Filter that needs to be applied to the changes read from the connected directory before importing to Oracle Internet Directory. This is stored in the orclODIPConDirMatchingFilter attribute of the profile entry.
odip.profile.condirurl
The hostname:port
of the third party directory. This is stored in the orclODIPConDirURL attribute of the profile entry.
odip.profile.configfile
Name of the file that contains the additional profile-specific information to be used for execution.
odip.profile.configinfo
Contains additional profile-specific information to be used for execution. This is stored in the orclODIPAgentConfigInfo attribute of the profile entry.
odip.profile.debuglevel
Specifies the debugging level. This is stored in the orclODIPProfileDebugLevel attribute of the profile entry.
odip.profile.interface
The format used for data exchange—LDAP, LDIF, DB or TAGGED. LDAP is the default. This is stored in the orclODIPProfileInterfaceType attribute of the profile entry.
odip.profile.lastchgnum
Last applied change number. In the case of an export profile this number refers to Oracle Internet Directory's last applied change number. However, in the case of the import profile, this number refers to the last applied change number in the connected directory. This is stored in the orclODIPConDirLastAppliedChgNum attribute of the profile entry. You can use the ldapsearch
command to determine the last change number in Oracle Internet Directory. For example:
ldapsearch -D cn=orcladmin -w welcome1 -b "" -s base objectclass=* lastchangenumber
odip.profile.mapfile
Name of the file that contains the mapping rules. This is stored in the orclODIPAttributeMappingRules attribute of the profile entry.
odip.profile.name
Name of the synchronization profile. This is stored in the orclODIPAgentName attribute of the profile entry.
odip.profile.oidfilter
Filter that needs to be applied to the changes that are read from the Oracle Internet Directory before exporting to the connected directory. This is stored in the orclODIPOIDMatchingFilter attribute of the profile entry.
odip.profile.password
The password to access this profile. This is stored in the orclODIPAgentPassword attribute of the profile entry.
odip.profile.retry
Maximum number of times the Oracle Directory Integration and Provisioning server should attempt to execute an entry. This is stored in the orclODIPSyncRetryCount attribute of the profile entry. Default is 4.
odip.profile.schedinterval
Interval between successive executions of this profile by the integration server. If the previous execution has not completed then the next execution will not resume until it completes. This is stored in the orclODIPSchedulingInterval attribute of the profile entry. Default is 1 minute.
odip.profile.status
Whether to ENABLE or DISABLE this profile. This is stored in the orclODIPAgentControl attribute of the profile entry. The default is DISABLE.
odip.profile.syncmode
Direction of synchronization. When the changes are propagated from the third party to Oracle Internet Directory, the synchronization mode is IMPORT. When the changes are propagated to the third party directory, the synchronization mode is EXPORT. This is is stored in the orclODIPSchedulingInterval attribute of the profile entry. Default is IMPORT.
Using the createprofile
operation you can perform the following tasks:
The following example uses a configuration file named import.profile
to create a new profile and associate the new profile with configuration set 1.
Example:
dipassistant createprofile -h myhost -p 3060 -D cn=dipadmin -w welcome1 -f import.profile -configset 1
The createprofilelike (cpl)
operation creates a new synchronization profile by using an existing profile as a template.
dipassistant createprofilelike [-h oid_hostname] [-p port] [-D bindDN] [-w password] -profile orig_profile_name -newprofile new_profile_name
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
The password used to bind to the directory.
-profile orig_profile_name
Required. The name of the existing profile to be used as a template.
-newprofile new_profile_name
Required. The name of the new profile to be created.
Using the createprofilelike
operation you can perform the following tasks:
The following example creates a new profile named iPlImport
with values copied from a profile named iPllmportTemplate
.
Example:
dipassistant createprofilelike -h myhost -p 3060 -D cn=dipadmin -w welcome1 -profile iPlImportTemplate -newProfile iPlImport
The deleteprofile (dp)
operation deletes a synchronization profile from Oracle Internet Directory.
dipassistant deleteprofile -profile profile_name [-h oid_hostame] [-p port] [-D bindDN] [-w password] [-configset configset_number]
-profile profile_name
Required. The name of the profile to be deleted.
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
The password used to bind to the directory.
-configset configset_number
Optional. An integer greater than 0 that represents the configuration set associated with the profile. Default is 1.
The expressconfig (ec)
operation performs an express configuration of the Microsoft Active Directory connector. It performs all required configurations and also creates two profiles, an import profile and an export profile. For more information about configuring Active Directory connectors, see the Oracle Identity Management Integration Guide.
dipassistant expressconfig [-h oid_hostname] [-p port] [-3rdpartyds hostname:port] [-configset configset_number]
In addition to the arguments supplied on the command-line, the tool will prompt you for the following information:
Oracle Internet Directory credentials. You must specify the DN and password of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
Active Directory connection details and credentials of a privileged user. To synchronize deletions, you must have the necessary administrative privileges in Microsoft Active Directory, for example administrator@mycompany.com
if the host on which Microsoft Active Directory is installed is myhost@mycompany.com
.
Name to identify the synchronization profiles to be created. For example, if you specify the name abc
, then the tool creates two profiles: abcImport
and abcExport
.
Appropriate ACLs on the cn=users container (Optional). You can choose to enable users and groups to be managed by Oracle components under the cn=users
container. If you customize ACLs in this way, then the original ACLs are saved in ORACLE_HOME
/ldap/odi/archive/profile_name_prefix_useracl.ldif
.
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-3rdpartyds hostname:port
Optional. The host name and LDAP listening port of the third-party directory service to which you are connecting. If not provided on the command-line, the tool will prompt you for this information.
-configset configset_number
Optional. An integer greater than 0 that represents the configuration set associated with the profile. Default is 1.
The listprofiles (lp)
operation prints a list of all the synchronization profiles in Oracle Internet Directory.
dipassistant listprofiles [-h oid_hostname] [-p port] [-D bindDN] [-w password] [-configset configset_number]
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
The password used to bind to the directory.
-configset configset_number
Optional. An integer greater than 0 that represents the configuration set associated with the profile. Default is 1.
Using the listprofiles
operation you can perform the following tasks:
The following example prints a list of all the synchronization profiles in Oracle Internet Directory.
Example:
dipassistant listprofiles -h myhost -p 3060 -D cn=dipadmin -w welcome1
By default, the preceding command prints the following list of sample profiles created during installation. However, your deployment of Oracle Internet Directory may contain additional synchronization profiles.
IplanetExport IplanetImport ActiveImport ActiveExport LdifExport LdifImport TaggedExport TaggedImport OracleHRAgent ActiveChgImp
The loaddata
operation loads data from a CSV file into Oracle Internet Directory.
dipassistant loaddata -f properties_file | [-h oid_hostname] [-p port] [-D bindDn] [-w password] [-c control_file] [-a application] [-g groupDN] -data data_file [-map map_file] [-log log_file] [-logseverity 1-15] [-trace trace_file] [-tracelevel level]
-f properties_file
Required for loading data with a properties file. The full path and file name of a properties file containing the properties described in "Configuration File Properties for dipassistant loaddata".
See the following sample properties file, which demonstrates how to load data from a CSV file into Oracle Internet Directory:
$ORACLE_HOME/ldap/odi/samples/csv2ldp.properties
See the following sample properties file, which demonstrates how to load data from a CSV file into Oracle Internet Directory and make the data available to Oracle Instant Portal. In addition to creating new users in Oracle Internet Directory, the properties file also adds each user to the group required by Oracle Instant Portal. If you need the new users to be available in Oracle Instant Portal and you do not use the following properties file, then you must manually add each user to the required Oracle Instant Portal group.
$ORACLE_HOME/ldap/odi/samples/load2oip.properties
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
Optional. The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
Optional. The password used to bind to the directory.
-c control_file
Required for loading data from a data file. The full path and file name of a control file. See "odip.bootstrap.srcctl" on page 6-18 for more information.
-a application
Optional. The name of an application that will use the loaded data. In Oracle Identity Management 10g Release 2 (10.1.2), the only valid value for this argument is portal
, for Oracle Instant Portal.
-g groupDN
Optional. The group DN of the application specified with the -a
argument. In Oracle Identity Management 10g Release 2 (10.1.2), the only valid value for this argument is the group DN for Oracle Instant Portal.
-data data_file
Required for loading data from a data file. The full path and file name of a CSV file containing the data to load. See "odip.bootstrap.srcurl" on page 6-18 for more information.
-map map_file
Required for loading data from a data file. The full path and file name of a mapping file. See "odip.bootstrap.mapfile" on page 6-18 for more information.
-log log_file
Optional. The full path and file name of a log file. The default is $ORACLE_HOME/ldap/odi/log/loaddata.trc.
-logseverity 1-15
Optional. A number between 1 and 15 that corresponds to the level of events that should be logged. The levels are as follows.
1—INFO
2—WARNING
4—DEBUG
8—ERROR
To specify multiple levels, add the numbers together. For example, the default log severity is 9, INFO and ERROR (1+8=5).
-trace trace_file
Optional. The full path and file name of the trace logging file.
-tracelevel level
Optional. The number that corresponds to the level of information to write to the trace logging file. To specify multiple levels, add the numbers together. The default trace level is 3 (1+2=3).
odip.bootstrap.srctype
Required. The source type of the data to be loaded. The only valid value for this property is CSV.
odip.bootstrap.dsttype
Required. The destination type of the data to be loaded. The only valid value for this property is LDAP.
odip.bootstrap.srcurl
Required. The absolute path of the CSV file that contains the data to load into Oracle Internet Directory. See the following sample data file:
$ORACLE_HOME/ldap/odi/samples/csvsample.data
odip.bootstrap.srcctl
Required. The absolute path of the file containing source control information about how the data is stored. See the following sample source control file:
$ORACLE_HOME/ldap/odi/samples/csvsample.ctl
odip.bootstrap.desturl
Required. The LDAP
host_name:port
of the directory server that is the destination for the data.
odip.bootstrap.destdn
Required. The DN used to bind to the destination directory. The default is the DN of the Oracle Directory Integration and Provisioning administrator, for example "cn=dipadmin"
.
odip.bootstrap.destpasswd
Required. The password used to bind to the destination directory. In the case of LDAP binding, this is used as a security credential. Oracle Corporation recommends that you remove the value assigned to this property from the properties file immediately after loading data.
odip.bootstrap.mapfile
Required. The absolute path of the map file that contains the attribute and domain mappings. See the following sample map file:
$ORACLE_HOME/ldap/odi/samples/csvload.map.sample
odip.bootstrap.logfile
Optional. The path and file name of the log file. The default is ORACLE_HOME
/ldap/odi/loaddata.log
.
odip.bootstrap.trcfile
Optional. The full path and file name of the trace logging file. The default location is $
ORACLE_HOME
/ldap/odi/log/loaddata.trc
. If the file exists it will be overwritten.
Using the loaddata
operation you can perform the following task:
Loading Data with a Properties File into Oracle Internet Directory
Loading Data from a Data File into Oracle Internet Directory
The following example uses a properties file named loadcsv.properties
to load a CSV file into Oracle Internet Directory.
Example:
dipassistant loaddata –f loadcsv.properties
The following example uses a data file named loadcsv.data
to load a CSV file into Oracle Internet Directory.
Example:
dipassistant loaddata -h myhost -p 3060 -D cd=dipadmin -w welcome1 -data loadcsv.data -c loadcsv.ctl -map loadcsv.map
The modifyprofile (mp)
operation enables you to change certain properties of a synchronization profile. You can specify a profile property to change on the command-line, or you can supply a configuration file that lists the properties you want to change and their new values. See "Configuration File Properties for dipassistant createprofile" for a description of the properties of a synchronization profile.
dipassistant modifyprofile [-h oid_hostname] [-p port] [-D bindDN] [-w password] {-f prop_file | -profile profile_name [-updlcn] [propName1=value] [propName2=value]...}
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
The password used to bind to the directory.
-f prop_file
The full path and file name of the profile properties file containing the properties you want to change and their new values. The properties are described in "Configuration File Properties for dipassistant createprofile".
-profile profile_name
The name of the synchronization profile you want to modify.
propName=value
The name of the property whose value you want to change and the new value for that property. The properties are described in "Configuration File Properties for dipassistant createprofile".
The reassociate (rs)
operation moves synchronization profiles to another node and reassociates the profiles with the new node. For example, if the middle-tier components are associated with a particular Oracle Identity Management infrastructure, then all the profiles existing in that infrastructure node can be moved to a new infrastructure node and the profiles will be reassociated accordingly.
If a profile does not exist on the new node, it is copied to the new Oracle Internet Directory node and disabled after copying. It must be enabled by the application. The lastchangenumber
attribute in the integration profile is modified to the current last change number on the second Oracle Internet Directory node.
If a profile is moved to a node that already has a corresponding profile, both integration profiles are reconciled in the following manner:
Any new attribute in the profile on node 1 is added to the profile on node 2.
For existing same attributes, the values in profile on node 1 override the attributes in the profile on node 2.
The profile is disabled after copying. It needs to be enabled by the application.
The lastchangenumber
attribute in the integration profile is modified to the current last change number on the second Oracle Internet Directory node.
dipassistant reassociate [-src_ldap_host oid1_hostname] [-src_ldap_port port] [-src_ldap_dn bindDN] [-src_ldap_passwd password] -dst_ldap_host oid2_hostname [-dst_ldap_port port] [-dst_ldap_dn bindDN] [-dst_ldap_passwd password] [-log logfile]
-src_ldap_host oid1_hostname
Optional. The host name of the source Oracle Internet Directory server. If not provided then the name of the local host is used.
-src_ldap_port port
Optional. The LDAP listening port of the source Oracle Internet Directory server. The default is 389.
-src_ldap_dn bindDN
The DN of the super user on the source Oracle Internet Directory server (cn=orcladmin
).
-src_ldap_passwd password
The password used to bind to the source directory.
-dst_ldap_host oid2_hostname
Required. The host name of the destination Oracle Internet Directory server.
-dst_ldap_port port
Optional. The LDAP listening port of the destination Oracle Internet Directory server. The default is 389.
-dst_ldap_dn bindDN
The DN of the super user on the destination Oracle Internet Directory server (cn=orcladmin
).
-dst_ldap_passwd password
The password used to bind to the destination directory.
-log logfile
The file name of the log for the operation.
The showprofile (sp)
operation prints the details of a specific synchronization profile.
dipassistant showprofile -profile profile_name [-h oid_hostname] [-p port] [-D bindDN] [-w password]
-p profile_name
Required. The name of the synchronization profile you want to view.
-h oid_hostname
Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.
-p port
Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.
-D "bindDN"
The DN of the super user, that is, cn=orcladmin
, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory
).
-w password
The password used to bind to the directory.
-configset configset_number
Optional. An integer greater than 0 that represents the configuration set associated with the profile. Default is 1.
Using the showprofile
operation you can perform the following tasks:
The following example command prints the details for the ActiveImport
sample profile that is created during installation.
Example:
dipassistant showprofile -profile ActiveImport -h myhost -p 3060 -D cn=dipadmin -w welcome1
The preceding command prints the following details of the ActiveImport
sample profile:
odip.profile.version = 2.0 odip.profile.lastchgnum = 0 odip.profile.interface = LDAP odip.profile.oidfilter = orclObjectGUID odip.profile.schedinterval = 60 odip.profile.name = ActiveImport odip.profile.syncmode = IMPORT odip.profile.condirfilter = "searchfilter=(|(objectclass=group)(objectclass=organizationalunit) (&(objectclass=user)(!(objectclass=computer))))" odip.profile.retry = 5 odip.profile.debuglevel = 0 odip.profile.status = DISABLE
The wpasswd (wp)
operation sets the wallet password that the Oracle Directory Integration and Provisioning server uses to connect to Oracle Internet Directory.
The Directory Integration and Provisioning Assistant prompts you to enter, and then confirm, the password.