Migrating Identity Store (Users/Roles) between OAC instances — Oracle Analytics

Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Migrating Identity Store (Users/Roles) between OAC instances

Received Response
31
Views
6
Comments
Mark.Thompson
Mark.Thompson Rank 6 - Analytics Lead
edited Aug 13, 2024 5:50PM in Oracle Analytics Cloud and Server

I am not finding any documentation on how to migrate Users from one (existing) instance of OAC into another (new) instance of OAC.  I believe I should be able to create a CSV download of the Identity Store (Users/Roles) from OAC so that it can be imported into a new instance of OAC.  In my new OAC instance, under /bi/app/public/bin, I find the file import_users_groups_csv.py that will allow me to import such information, but I am not finding a way to export it from our existing instance.  Can someone point me toward the documentation for the process of migrating the Identity Store between OAC instances?                   

Thanks!

Answers

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Basically it boils down to...exactly the same as in on-premises: WLST scripts.

    https://docs.oracle.com/middleware/1212/idm/IDMCR/custom_infra_security.htm#IDMCR11510

    listAppRoles, listAppRolesMembers,...

  • Mark.Thompson
    Mark.Thompson Rank 6 - Analytics Lead

    Ah, very good.  I know how to do that.  Thanks, Christian.

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Don't overthink things in OAC. It's stil based on the OBI core tech so most of the things from on-prem can be made to work there too.

  • Mark.Thompson
    Mark.Thompson Rank 6 - Analytics Lead

    Yeah, I need to keep remembering that, Christian.

    So, now I'm using the same technique that I used in 11g and 12c on-prem, launching :7001/console, going to Security Realms, myrealm, Migration, Export, and I am exporting the identity store from system #1.  Then I'm transferring the generated files to system #2 and doing an import.

    Everything except the passwords appears to come across.  I see a bunch of new users, display names look good, and so forth.  But the passwords are all empty.

    In the export file (DefaultAuthenticator.dat), my own entry looks like this:

    dn: uid=mthompson,ou=people,ou=@realm@,dc=@domain@

    mail: mthompson@careiqsolutions.com

    uid: mthompson

    displayname: Mark Thompson

    objectclass: top

    objectclass: wlsUser

    objectclass: person

    objectclass: organizationalPerson

    objectclass: inetOrgPerson

    givenname: Mark

    sn: Thompson

    cn: mthompson

    createTimestamp: 201801052111Z

    creatorsName: cn=Admin

    userpassword:: e3NzaGEyNTZ9SXlnNzYveGdTUjl3WDJqUi85cWN1NWUrdjBBdFBVeEwvbENiaG9FYmZJTDJJV3FK

    modifyTimeStamp: 201801052129Z

    modifiersName: cn=Admin

    So there is an encrypted password in the .dat file, but the password did not make it into OAC.

    Thoughts?

  • Mark.Thompson
    Mark.Thompson Rank 6 - Analytics Lead

    I cannot seem to delete the previous comment (i.e. passwords don't work).  Passwords DO work.  It would help greatly if I would have typed my password correctly.  This WORKS!!

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    As long as it works all is peachy