 |
|
|
|
|
|
|
|
|
|
|
 |
 |
|
||||||||
 |
    |
|
||||||||
 |
 |
|
||||||||
|
|
|||||||||
|
SunOne/iPlanet
Integration: Configuring the iPlanetExport Profile
Configuring the Connector In this section you will get hands on experience configuring Oracle Internet Directory to Export data from OID to SunOne. This includes: Creating the attribute and domain mapping rules PREREQUISITES OID must be installed The OID server must be running Password Policy Plug-in must be configured Creating the attribute and domain mapping rules We need to configure the export domain and attribute mapping rules. We will be using a sample file called "iplanetexp.map" which was provided as part of the sample file downloads. Copy this file to your $ORACLE_HOME/ldap/odi/conf directory. Change directory to your $ORACLE_HOME/ldap/odi/conf directory. Open the file $ORACLE_HOME/ldap/odi/admin/iplanetexp.map in a text editor. The following graphic is an example of what your should have in your iplanetexp.map file.
It is important to note that the source and destination, domain and attribute mapping rules are exactly the opposite of the import mapping rules. OID is the source or left part of the rules and SunOne is the destination or right side of the rules. In the above example, lets examine the "Domain Rules" first: cn=Users,dc=us,dc=oracle,dc=com:ou=people,dc=siroe,dc=com In this domain rule you can see two DN's separated by a ":" character. The left DN represents the location of users in the OID source. cn=Users,dc=us,dc=oracle,dc=com:ou=people,dc=siroe,dc=com The right side DN represents the location of users in the SunOne destination. cn=Users,dc=us,dc=oracle,dc=com:ou=people,dc=siroe,dc=com This is the location where your users are located in SunOne. Make sure you edit this to reflect your own user container location in SunOne. Now lets examine a simple "Attribute Rules" definition o: : :organization:o: :organization The "o" attribute value which is part of the "organization" objectclass at the source (OID), will be mapped to the "o" attribute which is part of the "organization" objectclass on the destination (SunOne). This sample file we used to create our mapping rules contain a list of common attributes used in most OID to SunOne synchronization integration's. Once you are finished modifying your "iplanetexp.map" file we need to upload these rules to the "IplanetExport" profile. We will use a program called "dipassistant" to upload the mapping file into the IplanetExport agent profile. From the command prompt type the following command: dipassistant mp -host hostname.domain.com -port 3060 -passwd welcome1 -profile IplanetExport odip.profile.mapfile=/oracle/home/ldap/odi/conf/iplanetexp.map Note: This command is one command, not three. Be sure to substitute your own FQDN, port number and password for OID in this command. The password used in this command is the password for the orcladmin user. The "odip.profile.mapfile" should be set to the complete directory path to the mapping file including the name of the mapping file. Now we will finish configuring the SunOne export agent. First we need to launch the Oracle Directory Manager (ODM) GUI tool. Login to ODM as the "orcladmin" user. Once your have successfully logged into ODM, navigate through the DIT tree starting at "Server Management" and then to the "Integration Servers". Click on "Configuration Set1". You should see all of the default DIP profiles appear on the right. Double click on the agent named "iPlanetExport". Configuring the General tab When the iPlanetExport profile form comes up you will be in the "General" tab. The only properties you need to set at this time is the "Debug Level" (optional) and the "Scheduling Interval". Setting the "Debug Level" to "63" will generate a log file that records all transactions for this agent. Remember to prune this log file from time to time if you turn on debug tracing. The "Scheduling Interval" should be set in seconds to how often you want OID to check the SunOne server for changes.
Configuring the Execution tab Next we want to switch to the "Execution" tab. Here we need to set the "Connected Directory Account" property to an account name on SunOne that has administrative privileges. In this case we are using the account name "uid=kvaughan,ou=people,dc=siroe,dc=com". It is important to note that if you also plan to have both the iPlanetImport and IplanetExport agents running at the same time, you cannot use the same "Connected Directory Account" property value that is used in the iPlanetImport agent profile. The reason is because we will be setting filters in the "Mapping" tab for both of these profiles that will prevent unecessary round trips of data that has already been synchronized. The meaning of these filters is this: Don't export changes in OID to SunOne that were made by the iPlanetImport agent. Don't import changes from SunOne that were made by the iPlanetExport agent. We also need to set the "Connected Directory Account Password" property to the password for the user "uid=kvaughan,ou=people,dc=siroe,dc=com".
The last property we need to set on this tab is the "Connected Directory URL". This will be either the host name or ip address where SunOne is running and the port number SunOne is listening on. The IP/Hostname and port number are delimited with a ":" Example: 138.1.145.160:389
Configuring the "Mapping" tab If you are not planning to use the iPlanetImport profile, you can skip the "Mapping" tab setup entirely. If you do plan to use the iPlanetImport agent, switch to the "Mapping" tab. Here we need to set the value for the "OID Matching Filter" property. As mentioned earlier in the "Execution" tab section, this value prevents changes made by the iPlanetImport agent from being exported by the iPlanetExport agent. We will set the value for this property to "Modifiersname=orclodipagentname=iplanetimport,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory"
Configuring the "Status" tab We need to get the last change number from the OID server. The following command will obtain this value for you: ldapsearch -p 3060 -h host_name -D "cn=orcladmin" -w oid_password -b "" -s base "objectclass=*" lastchangenumber Enter the number returned in the "OID Last Applied Change Number" field. Set the "Last Execution Time" to the current date and time.
Now we need to start the DIP server and enable the Agent profile. Stop the DIP server if it is already running with the following command: oidctl connect=iasdb server=odisrv instance=1 config=1 flags="port=3060" stop In this exercise we will use the following command to start the DIP server: oidctl connect=iasdb server=odisrv instance=1 config=1 flags="port=3130 debug=63" start Now bring up your iPlanetExport profile again. In the "General" tab, set the "Profile Status" to "Enable".
|
 |
|
||||||||
 |
 |
 |
 |
 |
|
|||||
 |
|
|||||||||
