Home Learn the Basics View Content Add Content Create Pages Build Portlets Administer Page Groups Administer the Portal Try the Hands-On Exercises
Home
Home
Previous PageGo to page 1 of 7Go to page 2 of 7Current page 3 of 7Go to page 4 of 7Go to page 5 of 7Go to page 6 of 7Go to page 7 of 7Next Page
 

 

SunOne/iPlanet Integration: Configuring the iPlanetImport Profile

Configuring the connector

In this section you will get hands on experience configuring Oracle Internet Directory to Import users from your SunOne server.

This includes:

Creating the attribute and domain mapping rules

Uploading the mapping file

Migrating the SunOne/iPlanet users to OID

Import Agent configuration

PREREQUISITES

OID must be installed

The OID server must be running

Creating the attribute and domain mapping rules

We need to configure our import domain and attribute mapping rules. We will be using a sample file called "ipimport.map" which was provided as part of the sample file downloads.

Copy this file to your $ORACLE_HOME/ldap/odi/conf directory.

Change directory to your $ORACLE_HOME/ldap/odi/conf directory.

Open the file $ORACLE_HOME/ldap/odi/admin/ipimport.map in a text editor. The following graphic is an example of what your should have in your "ipimport.map" file.

In the above example, lets examine the "Domain Rules" first:

ou=people,dc=siroe,dc=com:cn=users,dc=us,dc=oracle,dc=com: cn=%,cn=users,dc=us,dc=oracle,dc=com

In this domain rule you can see three DN's separated by ":" characters.

The left DN represents the location of users in the SunOne source.

ou=people,dc=siroe,dc=com:cn=users,dc=us,dc=oracle,dc=com: cn=%,cn=users,dc=us,dc=oracle,dc=com

This is the location where your users are located in SunOne. Make sure you edit this to reflect your own user container location in SunOne

The destination, or middle section of this DomainRule, represent the location or container in OID where the user accounts are located.

ou=people,dc=siroe,dc=com:cn=users,dc=us,dc=oracle,dc=com: cn=%,cn=users,dc=us,dc=oracle,dc=com

 

The last section of the domain rule (Optional) tells the DIP server how to form the RDN (Relative Distinguished Name) for user accounts in OID. In this example it tells the DIP server to use the "cn" attribute as the RDN attribute for the user accounts.

ou=people,dc=siroe,dc=com:cn=users,dc=us,dc=oracle,dc=com: cn=%,dc=us,dc=oracle,dc=com

Now lets examine a simple "Attribute Rules" definition

o: : :organization:o: :organization

The "o" attribute value which is part of the "organization" objectclass at the source (SunOne), will be mapped to the "o" attribute which is part of the "organization" objectclass at the destination (OID).

The sample file we used to create our mapping rules contain a list of common attributes used in most SunOne to OID import synchronizations.

Uploading the Mapping file

Once you are finished modifying your "ipimport.map" file we need to upload these rules to the "IplanetImport" profile. We will use a program called "dipassistant" to upload the mapping file into the IplanetImport agent profile.

From the command prompt type the following command:

dipassistant mp -host hostname.domain.com -port 3060 -passwd welcome1 -profile IplanetImport odip.profile.mapfile=/oracle/home/ldap/odi/conf/ipimport.map

Note: This command is one command, not three.

Be sure to substitute your own FQDN, port number and password for OID in this command.

The password used in this command is the password for the orcladmin user.

The "odip.profile.mapfile" should be set to the complete directory path to the mapping file including the name of the mapping file.

Migrating the SunOne/iPlanet Users to OID

Migrating users is is often refered to as "Bootstrapping" in the OID administrators guide.

A program called the "dipassistant" is used to perform the migration.

The dipassistant uses a file called ldp2ldpiplanet.properties to migrate users. This file is located in your $ORACLE_HOME/ldap/odi/samples directory

We need to open this file in a text editor and modify it as follows:

Set the "odip.bootstrap.srctype" to "LDAP".

Set the "odip.bootstrap.srcurl" to the fully qualified host name and port number where the SunOne server is running. Remember to use a ":" to seperate the host name and port number

Example:

toolsbde.us.oracle.com:389

Set the "odip.bootstrap.srcdn" to the administrative account on the SunOne server.

Example

cn=Directory Manager

Set the "odip.bootstrap.srcpasswd" value to the SunOne administrators password.

Set the "odip.bootstrap.desttype" to "LDAP".

Set the "odip.bootstrap.desturl" to the fully qualified hostname and port number where the OID server is running. Remember to use a ":" to seperate the host name and port number

Example:

aspen.us.oracle.com:3060

Set the "odip.bootstrap.destdn" to the OID super user account "cn=orcladmin"

Set the "odip.bootstrap.destpasswd" to the OID super users password.

Set the "odip.bootstrap.mapfile" value to the full path to the "ipimport.map" file you created earlier in this lesson. This file is used to determine which user attributes in the SunOne server get mapped into OID.

Set the remaining log file values to whatever location you want them located in your file system.

Example

Now we will run the "dipassistant" command to complete the user migration.

Example:

dipassistant bootstrap -cfg /u01/app/oracle/product/904/ldap/odi/samples/ldp2ldpiplanet.properties

When the migration completes you should see something like this:

You may have noticed in this picture that there were 6 failures. This is because those 6 user accounts already existed in OID.

Now lets open Oracle Directory Manager and view the newly migrated users in OID.

Watch this viewlet to see how its done.

 

Import Agent configuration

Now we will finish configuring the SunOne import agent. First we need to launch the Oracle Directory Manager (ODM) GUI tool.

Once your have successfully logged into ODM, navigate through the DIT tree starting at "Server Management" and then to the "Integration Servers".

Click on "Configuration Set1". You will see all of the default DIP profiles.

Double click on the agent named "IplanetImport".

Configuring the General tab

When the IplanetImport profile form comes up you will be in the "General" tab. The only properties you need to set at this time is the "Debug Level" (optional) and the "Scheduling Interval".

Setting the "Debug Level" to "63" will generate a log file that records all transactions for this agent. Remember to prune this log file from time to time if you "ENABLE" debug tracing.

The "Scheduling Interval" should be set in seconds to how often you want OID to check the SunOne server for changes.

Configuring the Execution tab

Next we want to switch to the "Execution" tab. Here we need to set the "Connected Directory Account" property to an account name on SunOne that has administrative privileges. In this case we are using the account name "cn=Directory Manager".

We also need to set the "Connected Directory Account Password" property to the password for "cn=Directory Manager".

The last property we need to set on this tab is the "Connected Directory URL". This will be either the host name or IP address where SunOne is running and the port number the SunOne server is listening on. The IP/Hostname and port number are delimited with a ":"

Example: 138.1.145.160:389

Configuring the "Mapping" tab

The only property we need to set in the mapping tab is the "Connected Directory Matching Filter". This property only needs to be set if you plan to also setup OID for export synchronization.

If you do plan to use the iPlanetExport profile for exporting changes from OID to SunOne, you need to set this value to the "Connected Directory Account" name that you will use in the iPlanetExport profile.

This filter insures that information synchronized from OID to the SunOne server does not make an unecessary round trip back to OID when the iPlanetImport agent sees the new changes made by the iPlanetExport agent.

Configuring the "Status" tab

We need to get the last change number from the SunOne server. The following command will obtain this value for you:

ldapsearch -p 389 -h SunOneHostName -D "cn=Directory Manager " -w admin_password -b "" -s base "objectclass=*" lastchangenumber

Enter this number in the "Last Applied Change Number" field.

Now we need to set the "Last Successful Execution Time". This value tells the DIP server each time it connects with the SunOne, how far back in time it needs to check for changes in the SunOne Changelog. In our example we will set this to the current date. This will get all changes that happened today.

After each successful pass the DIP server will automatically set this value to the current date and time.

Now we need to start the DIP server and enable the Agent profile.

In this exercise we will use the following command to start the DIP server:

oidctl connect=iasdb server=odisrv instance=10 config=1 flags="port=3060" start

Now bring up your IplanetImport profile again. In the "General" tab, set the "Profile Status" to "Enable".

Watch a viewlet to see how its done.
Oracle Logo Next Page