Skip Headers
Oracle® Identity Management User Reference
10g Release 2 (10.1.2)
B15883-01
  Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

6.1 dipassistant

The Directory Integration and Provisioning Assistant (dipassistant) is a command-line tool for administering the Oracle Directory Integration and Provisioning server.

6.1.1 Syntax for dipassistant

dipassistant {operation | -gui} [-help]

6.1.2 Arguments for dipassistant

operation

The name of the operation to perform using dipassistant. See the appropriate operation documentation for operation specific syntax, arguments, and usage. The following operations are available:

-gui

Launches the Oracle Directory Integration and Provisioning Server Administration Tool, which is a graphical user interface that enables you to perform the same operations as dipassistant. See the Oracle Identity Management Integration Guide for more information about the Oracle Directory Integration and Provisioning Server Administration Tool.

-help

Displays the command-line help for the dipassistant tool. To see a list of all operations, type:

dipassistant -help

To see the arguments and syntax for a particular operation, type:

dipassistant operation_name -help

6.1.3 The dipassistant bootstrap Operation

The bootstrap (bs) operation performs the initial migration of data between a connected directory and Oracle Internet Directory.

6.1.3.1 Syntax for dipassistant bootstrap

dipassistant bootstrap [-h oid_hostname] [-p port] [-D "bindDN"] [-w password] {-f config_file | {-profile profile_name [-log log_file] [-logseverity 1-15] [-trace trace_file] [-tracelevel level] [-loadparallelism number_threads] [-loadretry retry_count]}

6.1.3.2 Arguments for dipassistant bootstrap

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

The password used to bind to the directory.

-f config_file

Either -f or -profile is required. The full path and file name of a configuration file containing the properties described in "Configuration File Properties for dipassistant bootstrap". If you do not provide a configuration file, you can provide the name of a synchronization profile instead.

-profile profile_name

Either -f or -profile is required. The name of the synchronization profile to use when performing the bootstrap operation. If you do not provide a synchronization profile, you can provide the name of a configuration file instead. If a profile is provided, then the following optional arguments may be supplied on the command-line.

-log log_file

Optional. The path and file name of the log file. The default is ORACLE_HOME/ldap/odi/bootstrap.log.

-logseverity

Optional. A number between 1 and 15 that corresponds to the level of events that should be logged. The levels are as follows.

  • 1 – INFO

  • 2 – WARNING

  • 4 – DEBUG

  • 8 – ERROR

To specify multiple levels, add the numbers together. For example, the default log severity is 9, INFO and ERROR (1+8=9).

-trace trace_file

Optional. The full path and file name of the trace logging file. The default location is ORACLE_HOME/ldap/odi/log/bootstrap.trc. If the file exists it will be overwritten.

-tracelevel level

Optional. The number that corresponds to the level of information to write to the trace logging file. To specify multiple levels, add the numbers together. The default trace level is 3 (1+2=3).

  • 1 - Starting and stopping of threads

  • 2 - Refreshing of profiles

  • 4 - Initialization, execution, and enddetails of connectors

  • 8 - Details during connector execution

  • 16 - Change record of the connector

  • 32 - Mapping details of the connector

  • 64 - Execution time details of the connector

-loadparallelism number_threads

Optional. The number of concurrent threads for loading data into Oracle Internet Directory. The default is 5.

-loadretry retry_count

Optional. If the loading of an entry fails, the number of times to retry to load the entry before the entry is marked as a bad entry. The default is 5.

6.1.3.3 Configuration File Properties for dipassistant bootstrap

odip.bootstrap.srctype

Required. The source of the bootstrap data. Valid values are LDAP or LDIF.

odip.bootstrap.desttype

Required. The destination for the bootstrap data. Valid values are LDAP or LDIF.

odip.bootstrap.srcurl

Required. For LDAP, the host_name:port of the directory server that is the source of the bootstrap data. For LDIF, the absolute path of the file that contains the bootstrap source data.

odip.bootstrap.desturl

Required. For LDAP, the host_name:port of the directory server that is the destination for the bootstrap data. For LDIF, the absolute path of the destination LDIF file.

odip.bootstrap.srcsslmode

Optional. Set to TRUE to require SSL-based authentication to the to connect to the source of the bootstrapping data. The default is FALSE (SSL not used).

odip.bootstrap.destsslmode

Optional. Set to TRUE to require SSL-based authentication to the to connect to the destination for the bootstrapping data. The default is FALSE (SSL not used).

odip.bootstrap.srcdn

Required for LDAP only. The DN used to bind to the source directory. The default is the DN of the Oracle Directory Integration and Provisioning administrator, for example "cn=dipadmin".

odip.bootstrap.destdn

Required for LDAP only. The DN used to bind to the destination directory. The default is the DN of the Oracle Directory Integration and Provisioning administrator, for example "cn=dipadmin".

odip.bootstrap.srcpasswd

Optional. The password used to bind to the source directory. In the case of LDAP binding, this is used as a security credential. Oracle Corporation recommends that you not specify the password in this file.

odip.bootstrap.destpasswd

Optional. The password used to bind to the destination directory. In the case of LDAP binding, this is used as a security credential. Oracle Corporation recommends that you not specify the password in this file.

odip.bootstrap.mapfile

Optional. Location of the map file that contains the attribute and domain mappings.

odip.bootstrap.logfile

Optional. The path and file name of the log file. The default is ORACLE_HOME/ldap/odi/bootstrap.log.

odip.bootstrap.logseverity

Optional. A number between 1 and 15 that corresponds to the level of events that should be logged. The levels are as follows.

  • 1 – INFO

  • 2 – WARNING

  • 4 – DEBUG

  • 8 – ERROR

To specify multiple levels, add the numbers together. For example, the default log severity is 9, INFO and ERROR (1+8=9).

odip.bootstrap.loadparallelism

Optional. The number of concurrent threads for loading data into Oracle Internet Directory. The default is 5.

odip.bootstrap.loadretry

Optional. If the loading of an entry fails, the number of times to retry to load the entry before the entry is marked as a bad entry. The default is 5.

odip.bootstrap.trcfile

Optional. The full path and file name of the trace logging file. The default location is ORACLE_HOME/ldap/odi/log/bootstrap.trc. If the file exists it will be overwritten.

odip.bootstrap.trclevel

Optional. The number that corresponds to the level of information to write to the trace logging file. To specify multiple levels, add the numbers together. The default trace level is 3 (1+2=3).

  • 1 - Starting and stopping of threads

  • 2 - Refreshing of profiles

  • 4 - Initialization, execution, and enddetails of connectors

  • 8 - Details during connector execution

  • 16 - Change record of the connector

  • 32 - Mapping details of the connector

  • 64 - Execution time details of the connector

odip.bootstrap.srcencode

Optional. The native character set encoding of the LDIF file. Defaults to the character set of the user's terminal. Each supported character set has a unique acronym, for example, WE8MSWIN1252, JA16SJIS, or AL32UTF8. You should specify a character set if the LDIF file:

  • Was generated by a third-party directory utility.

  • Contains Globalization Support data.

  • Was processed on a different platform.

6.1.3.4 Tasks and Examples for dipassistant bootstrap

Using the bootstrap operation you can perform the following tasks:

6.1.3.4.1 Bootstrapping a Directory Using a Synchronization Profile

The following example uses a synchronization profile named iPlanetProfile to perform bootstrapping.

Example:

dipassistant bootstrap –profile iPlanetProfile -h myhost –port 3060 -D cn=dipadmin -w welcome1

6.1.3.4.2 Bootstrapping a Directory Using a Configuration File

The following example uses a configuration file named bootstrap.cfg to perform bootstrapping. The configuration file contains the properties described in "Configuration File Properties for dipassistant bootstrap".

Example:

dipassistant bootstrap –f bootstrap.cfg

6.1.4 The dipassistant bulkprov Operation

The bulkprov (bp) operation allows administrators to create user entries and provision them in bulk to various applications, or to delete user entries and de-provision them in bulk form various applications. You can also use this operation to modify the attributes of user entries. This operation takes an LDIF file as input. See Appendix A, "LDIF File Format" for more information about the proper formatting of the input LDIF file.

For example, here is a sample user entry in LDIF format:

dn: cn=John Smith,cn=users,dc=us,dc=mycompany,dc=com
changetype: add
cn: John Smith
cn: John
sn: Smith
mail: jsmith@mycompany.com
uid: jsmith_us
orclisenabled: True

The bulkprov operation invoked with this input file would add the user entry and provision it to the applications configured in the directory. If the configured applications all have a default provisioning policy of PROVISIONING_REQUIRED, then users will be created with this provisioning status by default for each of the applications.

The bulkprov operation also invokes any configured plug-ins for the application. These plug-ins can override the default provisioning policy by means of specifying plug-ins, which determine the provisioning policy, perform data validations, and assign defaults. If the application-specific attributes is maintained elsewhere, then you can provide a plug-in to manage that application's data.

You must ensure that the distinguished name (DN) for each user specified in the LDIF file is a valid DN within the realm. DN validation is not performed automatically. If the LDIF file specifies a DN outside of the realm and that does not fall in one of the user search bases, then the new users will not be visible when you search for users in the Oracle Internet Directory Provisioning Console or the Oracle Internet Directory Self-Service Console.

To delete user entries and de-provision them from applications, you would supply an LDIF file with user entries such as this:

dn: cn=John Smith,cn=users,dc=us,dc=mycompany,dc=com
changetype: delete

6.1.4.1 Syntax for dipassistant bulkprov

dipassistant bulkprov -f ldif_file [-h oid_hostname] [-p port] [-D bindDN]  [-w password] [-realm realm_name] [-E character_set]

6.1.4.2 Arguments for dipassistant bulkprov

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

The password used to bind to the directory.

-realm realm_name

The realm in which the users are to be provisioned. If not specified, then the default identity management realm specified in the Root Oracle Context will be used.

-E "character_set"

Optional. The native character set encoding. Defaults to the character set of the user's terminal. Each supported character set has a unique acronym, for example, ISO-8859-1, JA16SJIS, or AL32UTF8.

6.1.4.3 Tasks and Examples for dipassistant bulkprov

Using the dipassistant bulkprov operation you can perform the following tasks:

6.1.4.3.1 Provisioning Users in Bulk

Example:

dipassistant bulkprov -f users.ldif -h myhost.company.com -p 3040 -D "cn=orcladmin" -w password -E ISO-8859-1

6.1.5 The dipassistant chgpasswd Operation

The chgpasswd (cpw) operation resets the password of the Oracle Directory Integration and Provisioning administrator (dipadmin) account. The default password for the dipadmin account is same as ias_admin password chosen during installation. To reset the password, you must provide the security credentials of the Oracle Internet Directory administrator (orcladmin) account.

6.1.5.1 Syntax for dipassistant chgpasswd

dipassistant chgpasswd [-h oid_hostname] [-p port] [-D bindDn] [-w password]

6.1.5.2 Arguments for dipassistant chgpasswd

In addition to the arguments provided on the command line, the tool will prompt you for the new Oracle Directory Integration and Provisioning administrator (dipadmin) account password.

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

The password used to bind to the directory.

6.1.5.3 Tasks and Examples for dipassistant chgpasswd

Using the dipassistant chgpasswd operation you can perform the following tasks:

6.1.5.3.1 Changing the Password for the Oracle Directory Integration and Provisioning Administrator

Example:

dipassistant chgpasswd -h myhost -p 3060 -D cn=orcladmin -w welcome1

The Directory Integration and Provisioning Assistant then prompts for the new password as follows:

New Password: 
Confirm Password: 

6.1.6 The dipassistant createprofile Operation

The createprofile (cp) operation creates a new synchronization profile for Oracle Internet Directory and an external directory.

6.1.6.1 Syntax for dipassistant createprofile

dipassistant createprofile [-h oid_hostname] [-p port] [-D bindDN] [-w password] -f prop_file -configset configset_number

6.1.6.2 Arguments for dipassistant createprofile

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

The password used to bind to the directory.

-f prop_file

Required. The full path and file name of the profile properties file containing the properties described in "Configuration File Properties for dipassistant createprofile".

-configset configset_number

Required. An integer greater than 0 that represents the configuration set with which to associate the profile.

6.1.6.3 Configuration File Properties for dipassistant createprofile

odip.profile.agentexecommand

In the case of a NON-LDAP interface, the command to produce the information in LDIF format. This is stored in the orclODIPAgentExeCommand attribute of the profile entry.

odip.profile.condiraccount

DN or user name used to connect to the third party directory. This is stored in the orclODIPConDirAccessAccount attribute of the profile entry.

odip.profile.condirpassword

The password used to connect to the third party directory. This is stored in the orclODIPConDirAccessPassword attribute of the profile entry.

odip.profile.condirfilter

Filter that needs to be applied to the changes read from the connected directory before importing to Oracle Internet Directory. This is stored in the orclODIPConDirMatchingFilter attribute of the profile entry.

odip.profile.condirurl

The hostname:port of the third party directory. This is stored in the orclODIPConDirURL attribute of the profile entry.

odip.profile.configfile

Name of the file that contains the additional profile-specific information to be used for execution.

odip.profile.configinfo

Contains additional profile-specific information to be used for execution. This is stored in the orclODIPAgentConfigInfo attribute of the profile entry.

odip.profile.debuglevel

Specifies the debugging level. This is stored in the orclODIPProfileDebugLevel attribute of the profile entry.

odip.profile.interface

The format used for data exchange—LDAP, LDIF, DB or TAGGED. LDAP is the default. This is stored in the orclODIPProfileInterfaceType attribute of the profile entry.

odip.profile.lastchgnum

Last applied change number. In the case of an export profile this number refers to Oracle Internet Directory's last applied change number. However, in the case of the import profile, this number refers to the last applied change number in the connected directory. This is stored in the orclODIPConDirLastAppliedChgNum attribute of the profile entry. You can use the ldapsearch command to determine the last change number in Oracle Internet Directory. For example:

ldapsearch -D cn=orcladmin -w welcome1 -b "" -s base objectclass=* lastchangenumber

odip.profile.mapfile

Name of the file that contains the mapping rules. This is stored in the orclODIPAttributeMappingRules attribute of the profile entry.

odip.profile.name

Name of the synchronization profile. This is stored in the orclODIPAgentName attribute of the profile entry.

odip.profile.oidfilter

Filter that needs to be applied to the changes that are read from the Oracle Internet Directory before exporting to the connected directory. This is stored in the orclODIPOIDMatchingFilter attribute of the profile entry.

odip.profile.password

The password to access this profile. This is stored in the orclODIPAgentPassword attribute of the profile entry.

odip.profile.retry

Maximum number of times the Oracle Directory Integration and Provisioning server should attempt to execute an entry. This is stored in the orclODIPSyncRetryCount attribute of the profile entry. Default is 4.

odip.profile.schedinterval

Interval between successive executions of this profile by the integration server. If the previous execution has not completed then the next execution will not resume until it completes. This is stored in the orclODIPSchedulingInterval attribute of the profile entry. Default is 1 minute.

odip.profile.status

Whether to ENABLE or DISABLE this profile. This is stored in the orclODIPAgentControl attribute of the profile entry. The default is DISABLE.

odip.profile.syncmode

Direction of synchronization. When the changes are propagated from the third party to Oracle Internet Directory, the synchronization mode is IMPORT. When the changes are propagated to the third party directory, the synchronization mode is EXPORT. This is is stored in the orclODIPSchedulingInterval attribute of the profile entry. Default is IMPORT.

6.1.6.4 Tasks and Examples for dipassistant createprofile

Using the createprofile operation you can perform the following tasks:

6.1.6.4.1 Creating a New Synchronization Profile

The following example uses a configuration file named import.profile to create a new profile and associate the new profile with configuration set 1.

Example:

dipassistant createprofile -h myhost -p 3060 -D cn=dipadmin -w welcome1  -f import.profile -configset 1

6.1.7 The dipassistant createprofilelike Operation

The createprofilelike (cpl) operation creates a new synchronization profile by using an existing profile as a template.

6.1.7.1 Syntax for dipassistant createprofilelike

dipassistant createprofilelike [-h oid_hostname] [-p port] [-D bindDN]  [-w password] -profile orig_profile_name -newprofile new_profile_name

6.1.7.2 Arguments for dipassistant createprofilelike

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

The password used to bind to the directory.

-profile orig_profile_name

Required. The name of the existing profile to be used as a template.

-newprofile new_profile_name

Required. The name of the new profile to be created.

6.1.7.3 Tasks and Examples for dipassistant createprofilelike

Using the createprofilelike operation you can perform the following tasks:

6.1.7.3.1 Creating a New Synchronization Profile Using an Existing Profile as a Template

The following example creates a new profile named iPlImport with values copied from a profile named iPllmportTemplate.

Example:

dipassistant createprofilelike -h myhost -p 3060 -D cn=dipadmin -w welcome1 -profile iPlImportTemplate -newProfile iPlImport

6.1.8 The dipassistant deleteprofile Operation

The deleteprofile (dp) operation deletes a synchronization profile from Oracle Internet Directory.

6.1.8.1 Syntax for dipassistant deleteprofile

dipassistant deleteprofile -profile profile_name [-h oid_hostame] [-p port] [-D bindDN] [-w password] [-configset configset_number]

6.1.8.2 Arguments for dipassistant deleteprofile

-profile profile_name

Required. The name of the profile to be deleted.

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

The password used to bind to the directory.

-configset configset_number

Optional. An integer greater than 0 that represents the configuration set associated with the profile. Default is 1.

6.1.8.3 Tasks and Examples for dipassistant deleteprofile

Using the deleteprofile operation you can perform the following tasks:

6.1.8.3.1 Deleting a Synchronization Profile

The following example deletes the myprofile profile.

Example:

dipassistant deleteprofile -profile myprofile -h myhost -p 3060 -D cn=dipadmin -w welcome1 -configset 1

6.1.9 The dipassistant expressconfig Operation

The expressconfig (ec) operation performs an express configuration of the Microsoft Active Directory connector. It performs all required configurations and also creates two profiles, an import profile and an export profile. For more information about configuring Active Directory connectors, see the Oracle Identity Management Integration Guide.

6.1.9.1 Syntax for dipassistant expressconfig

dipassistant expressconfig [-h oid_hostname] [-p port] [-3rdpartyds hostname:port] [-configset configset_number]

6.1.9.2 Arguments for dipassistant expressconfig

In addition to the arguments supplied on the command-line, the tool will prompt you for the following information:

  • Oracle Internet Directory credentials. You must specify the DN and password of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

  • Active Directory connection details and credentials of a privileged user. To synchronize deletions, you must have the necessary administrative privileges in Microsoft Active Directory, for example administrator@mycompany.com if the host on which Microsoft Active Directory is installed is myhost@mycompany.com.

  • Name to identify the synchronization profiles to be created. For example, if you specify the name abc, then the tool creates two profiles: abcImport and abcExport.

  • Appropriate ACLs on the cn=users container (Optional). You can choose to enable users and groups to be managed by Oracle components under the cn=users container. If you customize ACLs in this way, then the original ACLs are saved in ORACLE_HOME/ldap/odi/archive/profile_name_prefix_useracl.ldif.

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-3rdpartyds hostname:port

Optional. The host name and LDAP listening port of the third-party directory service to which you are connecting. If not provided on the command-line, the tool will prompt you for this information.

-configset configset_number

Optional. An integer greater than 0 that represents the configuration set associated with the profile. Default is 1.

6.1.9.3 Tasks and Examples for dipassistant expressconfig

Using the dipassistant expressconfig operation you can perform the following tasks:

6.1.9.3.1 Performing an Express Configuration for Microsoft Active Directory

Example:

dipassistant expressconfig -h myoidhost.company.com -p 3040 -3rdpartyds myadhost.company.com:389 -configset 1

6.1.10 The dipassistant listprofiles Operation

The listprofiles (lp) operation prints a list of all the synchronization profiles in Oracle Internet Directory.

6.1.10.1 Syntax for dipassistant listprofiles

dipassistant listprofiles [-h oid_hostname] [-p port] [-D bindDN] [-w password] [-configset configset_number]

6.1.10.2 Arguments for dipassistant listprofiles

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

The password used to bind to the directory.

-configset configset_number

Optional. An integer greater than 0 that represents the configuration set associated with the profile. Default is 1.

6.1.10.3 Tasks and Examples for dipassistant listprofiles

Using the listprofiles operation you can perform the following tasks:

6.1.10.3.1 Showing a List of All Synchronization Profiles in Oracle Internet Directory

The following example prints a list of all the synchronization profiles in Oracle Internet Directory.

Example:

dipassistant listprofiles -h myhost -p 3060 -D cn=dipadmin -w welcome1

By default, the preceding command prints the following list of sample profiles created during installation. However, your deployment of Oracle Internet Directory may contain additional synchronization profiles.

IplanetExport 
IplanetImport 
ActiveImport 
ActiveExport 
LdifExport 
LdifImport 
TaggedExport 
TaggedImport 
OracleHRAgent 
ActiveChgImp 

6.1.11 The dipassistant loaddata Operation

The loaddata operation loads data from a CSV file into Oracle Internet Directory.

6.1.11.1 Syntax for dipassistant loaddata

dipassistant loaddata -f properties_file | [-h oid_hostname] [-p port] [-D bindDn] [-w password] [-c control_file]  [-a application] [-g groupDN]  -data data_file [-map map_file] [-log log_file] [-logseverity 1-15] [-trace trace_file] [-tracelevel level]

6.1.11.2 Arguments for dipassistant loaddata

-f properties_file

Required for loading data with a properties file. The full path and file name of a properties file containing the properties described in "Configuration File Properties for dipassistant loaddata".

See the following sample properties file, which demonstrates how to load data from a CSV file into Oracle Internet Directory:

$ORACLE_HOME/ldap/odi/samples/csv2ldp.properties 

See the following sample properties file, which demonstrates how to load data from a CSV file into Oracle Internet Directory and make the data available to Oracle Instant Portal. In addition to creating new users in Oracle Internet Directory, the properties file also adds each user to the group required by Oracle Instant Portal. If you need the new users to be available in Oracle Instant Portal and you do not use the following properties file, then you must manually add each user to the required Oracle Instant Portal group.

$ORACLE_HOME/ldap/odi/samples/load2oip.properties

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

Optional. The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

Optional. The password used to bind to the directory.

-c control_file

Required for loading data from a data file. The full path and file name of a control file. See "odip.bootstrap.srcctl" on page 6-18 for more information.

-a application

Optional. The name of an application that will use the loaded data. In Oracle Identity Management 10g Release 2 (10.1.2), the only valid value for this argument is portal, for Oracle Instant Portal.

-g groupDN

Optional. The group DN of the application specified with the -a argument. In Oracle Identity Management 10g Release 2 (10.1.2), the only valid value for this argument is the group DN for Oracle Instant Portal.

-data data_file

Required for loading data from a data file. The full path and file name of a CSV file containing the data to load. See "odip.bootstrap.srcurl" on page 6-18 for more information.

-map map_file

Required for loading data from a data file. The full path and file name of a mapping file. See "odip.bootstrap.mapfile" on page 6-18 for more information.

-log log_file

Optional. The full path and file name of a log file. The default is $ORACLE_HOME/ldap/odi/log/loaddata.trc.

-logseverity 1-15

Optional. A number between 1 and 15 that corresponds to the level of events that should be logged. The levels are as follows.

  • 1—INFO

  • 2—WARNING

  • 4—DEBUG

  • 8—ERROR

To specify multiple levels, add the numbers together. For example, the default log severity is 9, INFO and ERROR (1+8=5).

-trace trace_file

Optional. The full path and file name of the trace logging file.

-tracelevel level

Optional. The number that corresponds to the level of information to write to the trace logging file. To specify multiple levels, add the numbers together. The default trace level is 3 (1+2=3).

6.1.11.3 Configuration File Properties for dipassistant loaddata

odip.bootstrap.srctype

Required. The source type of the data to be loaded. The only valid value for this property is CSV.

odip.bootstrap.dsttype

Required. The destination type of the data to be loaded. The only valid value for this property is LDAP.

odip.bootstrap.srcurl

Required. The absolute path of the CSV file that contains the data to load into Oracle Internet Directory. See the following sample data file:

$ORACLE_HOME/ldap/odi/samples/csvsample.data 

odip.bootstrap.srcctl

Required. The absolute path of the file containing source control information about how the data is stored. See the following sample source control file:

$ORACLE_HOME/ldap/odi/samples/csvsample.ctl 

odip.bootstrap.desturl

Required. The LDAP host_name:port of the directory server that is the destination for the data.

odip.bootstrap.destdn

Required. The DN used to bind to the destination directory. The default is the DN of the Oracle Directory Integration and Provisioning administrator, for example "cn=dipadmin".

odip.bootstrap.destpasswd

Required. The password used to bind to the destination directory. In the case of LDAP binding, this is used as a security credential. Oracle Corporation recommends that you remove the value assigned to this property from the properties file immediately after loading data.

odip.bootstrap.mapfile

Required. The absolute path of the map file that contains the attribute and domain mappings. See the following sample map file:

$ORACLE_HOME/ldap/odi/samples/csvload.map.sample

odip.bootstrap.logfile

Optional. The path and file name of the log file. The default is ORACLE_HOME/ldap/odi/loaddata.log.

odip.bootstrap.trcfile

Optional. The full path and file name of the trace logging file. The default location is $ORACLE_HOME/ldap/odi/log/loaddata.trc. If the file exists it will be overwritten.

6.1.11.4 Tasks and Examples for dipassistant loaddata

Using the loaddata operation you can perform the following task:

6.1.11.4.1 Loading Data with a Properties File into Oracle Internet Directory

The following example uses a properties file named loadcsv.properties to load a CSV file into Oracle Internet Directory.

Example:

dipassistant loaddata –f loadcsv.properties

6.1.11.4.2 Loading Data from a Data File into Oracle Internet Directory

The following example uses a data file named loadcsv.data to load a CSV file into Oracle Internet Directory.

Example:

dipassistant loaddata -h myhost -p 3060 -D cd=dipadmin -w welcome1 
-data loadcsv.data -c loadcsv.ctl -map loadcsv.map

6.1.12 The dipassistant modifyprofile Operation

The modifyprofile (mp) operation enables you to change certain properties of a synchronization profile. You can specify a profile property to change on the command-line, or you can supply a configuration file that lists the properties you want to change and their new values. See "Configuration File Properties for dipassistant createprofile" for a description of the properties of a synchronization profile.

6.1.12.1 Syntax for dipassistant modifyprofile

dipassistant modifyprofile [-h oid_hostname] [-p port] [-D bindDN] [-w password] {-f prop_file | -profile profile_name [-updlcn] [propName1=value] [propName2=value]...}

6.1.12.2 Arguments for dipassistant modifyprofile

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

The password used to bind to the directory.

-f prop_file

The full path and file name of the profile properties file containing the properties you want to change and their new values. The properties are described in "Configuration File Properties for dipassistant createprofile".

-profile profile_name

The name of the synchronization profile you want to modify.

propName=value

The name of the property whose value you want to change and the new value for that property. The properties are described in "Configuration File Properties for dipassistant createprofile".

6.1.12.3 Tasks and Examples for dipassistant modifyprofile

Using the modifyprofile operation you can perform the following tasks:

6.1.12.3.1 Modifying a Synchronization Profile

The following example uses a properties file named changes.profile to modify a profile named myprofile.

Example:

dipassistant modifyprofile -profile myprofile -h myhost -p 3060 -D cn=dipadmin -w welcome1 -f changes.profile

6.1.13 The dipassistant reassociate Operation

The reassociate (rs) operation moves synchronization profiles to another node and reassociates the profiles with the new node. For example, if the middle-tier components are associated with a particular Oracle Identity Management infrastructure, then all the profiles existing in that infrastructure node can be moved to a new infrastructure node and the profiles will be reassociated accordingly.

If a profile does not exist on the new node, it is copied to the new Oracle Internet Directory node and disabled after copying. It must be enabled by the application. The lastchangenumber attribute in the integration profile is modified to the current last change number on the second Oracle Internet Directory node.

If a profile is moved to a node that already has a corresponding profile, both integration profiles are reconciled in the following manner:

  • Any new attribute in the profile on node 1 is added to the profile on node 2.

  • For existing same attributes, the values in profile on node 1 override the attributes in the profile on node 2.

  • The profile is disabled after copying. It needs to be enabled by the application.

  • The lastchangenumber attribute in the integration profile is modified to the current last change number on the second Oracle Internet Directory node.

6.1.13.1 Syntax for dipassistant reassociate

dipassistant reassociate [-src_ldap_host oid1_hostname] [-src_ldap_port port] [-src_ldap_dn bindDN] [-src_ldap_passwd password] -dst_ldap_host oid2_hostname [-dst_ldap_port port] [-dst_ldap_dn bindDN] [-dst_ldap_passwd password] [-log logfile]

6.1.13.2 Arguments for dipassistant reassociate

-src_ldap_host oid1_hostname

Optional. The host name of the source Oracle Internet Directory server. If not provided then the name of the local host is used.

-src_ldap_port port

Optional. The LDAP listening port of the source Oracle Internet Directory server. The default is 389.

-src_ldap_dn bindDN

The DN of the super user on the source Oracle Internet Directory server (cn=orcladmin).

-src_ldap_passwd password

The password used to bind to the source directory.

-dst_ldap_host oid2_hostname

Required. The host name of the destination Oracle Internet Directory server.

-dst_ldap_port port

Optional. The LDAP listening port of the destination Oracle Internet Directory server. The default is 389.

-dst_ldap_dn bindDN

The DN of the super user on the destination Oracle Internet Directory server (cn=orcladmin).

-dst_ldap_passwd password

The password used to bind to the destination directory.

-log logfile

The file name of the log for the operation.

6.1.13.3 Tasks and Examples for dipassistant reassociate

Using the reassociate operation you can perform the following tasks:

6.1.13.3.1 Moving an Integration Profile to a Different Identity Management Node

Example:

dipassistant reassociate -src_ldap_host oid1.mycorp.com -dst_ldap_host oid2.mycorp.com -src_ldap_passwd srcpassword -dst_ldap_passwd dstpassword

6.1.14 The dipassistant showprofile Operation

The showprofile (sp) operation prints the details of a specific synchronization profile.

6.1.14.1 Syntax for dipassistant showprofile

dipassistant showprofile -profile profile_name [-h oid_hostname] [-p port]  [-D bindDN] [-w password]

6.1.14.2 Arguments for dipassistant showprofile

-p profile_name

Required. The name of the synchronization profile you want to view.

-h oid_hostname

Optional. The host name of the Oracle Internet Directory server. If not provided then the name of the local host is used.

-p port

Optional. The LDAP listening port of Oracle Internet Directory. The default is 389.

-D "bindDN"

The DN of the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp,cn=odi,cn=oracle internet directory).

-w password

The password used to bind to the directory.

-configset configset_number

Optional. An integer greater than 0 that represents the configuration set associated with the profile. Default is 1.

6.1.14.3 Tasks and Examples for dipassistant showprofile

Using the showprofile operation you can perform the following tasks:

6.1.14.3.1 Viewing the Details of a Specific Synchronization Profile

The following example command prints the details for the ActiveImport sample profile that is created during installation.

Example:

dipassistant showprofile -profile ActiveImport -h myhost -p 3060 -D cn=dipadmin -w welcome1 

The preceding command prints the following details of the ActiveImport sample profile:

odip.profile.version = 2.0
odip.profile.lastchgnum = 0
odip.profile.interface = LDAP
odip.profile.oidfilter = orclObjectGUID
odip.profile.schedinterval = 60
odip.profile.name = ActiveImport
odip.profile.syncmode = IMPORT
odip.profile.condirfilter = "searchfilter=(|(objectclass=group)(objectclass=organizationalunit)
(&(objectclass=user)(!(objectclass=computer))))"
odip.profile.retry = 5
odip.profile.debuglevel = 0
odip.profile.status = DISABLE

6.1.15 The dipassistant wpasswd Operation

The wpasswd (wp) operation sets the wallet password that the Oracle Directory Integration and Provisioning server uses to connect to Oracle Internet Directory.

6.1.15.1 Syntax for dipassistant wpasswd

dipassistant wpasswd

6.1.15.2 Arguments for dipassistant wpasswd

The Directory Integration and Provisioning Assistant prompts you to enter, and then confirm, the password.

6.1.15.3 Tasks and Examples for dipassistant wpasswd

Using the wpasswd operation you can perform the following tasks:

6.1.15.3.1 Setting the Wallet Password for the Oracle Directory Integration and Provisioning Server

Example:

dipassistant wp

6.1.16 Related Command-Line Tools for dipassistant