Forum Stats

  • 3,826,277 Users
  • 2,260,618 Discussions
  • 7,896,861 Comments

Discussions

[oid] - importing users

fleopizz_it - oracle
fleopizz_it - oracle Member Posts: 31
edited Aug 29, 2008 2:11PM in Identity Manager
Hi all,
I've exported the users present in production enviroment from OID using ldif command line tool
ldifwrite -b "cn=Users,dc=ba2014,dc=org" -f /home/oracle/all_users.ldif

Then, with command ldapadd I've tried to import users into development enviroment
ldapadd -p 389 -h localhost -c -D "cn=orcladmin,cn=Users,dc=2015,dc=org" -w as_infra_2007 -f /home/oracle/Desktop/all_users.ldif


first guess:

ldif file:
dn: cn=***********,cn=users,dc=ba2015,dc=org
+authpassword;oid: {SASL/MD5}jo5sOeax3RrDE0ByNfPq2w==+
+authpassword;oid: {SASL/MD5-DN}ExMpUjguOqqcGpIMCQn/Vw==+
+authpassword;oid: {SASL/MD5-U}O+rfI6RJwVl3HzHfrIX0HA==+
+authpassword;orclcommonpwd: {X- ORCLLMV}B40C56FBD745C5ECFC3A211D991668DB+
+authpassword;orclcommonpwd: {X- ORCLWEBDAV}gnVvWEB5a+ynYvKZ/H1USA==+
+authpassword;orclcommonpwd: {X- ORCLIFSMD5}FusJWdJ/n84pUGv3Xd0P6Q==+
+authpassword;orclcommonpwd: {X- ORCLNTV}E791569D901EE75B02EA5E4667F9EA1A+
+authpassword;orclcommonpwd: {MD5}F7coTZTwZJpPnbEe+/gHCA==+
cn: annapellegrino
createtimestamp: 20071115083327z
creatorsname: cn=portal,cn=users,dc=ba2015,dc=org
givenname: ******
mail: ***********@ba2015.org
modifiersname: cn=portal,cn=users,dc=ba2015,dc=org
modifytimestamp: 20071115083327z
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
objectclass: orcluser
objectclass: orcluserv2
orclactivestartdate: 20071115000000z
orcldefaultprofilegroup: cn=staffistituzionale,cn=portal.071030.085314.2675340
00 ,cn=groups,dc=ba2015,dc=org
orclguid: 3DCBE8BAAECD1C84E040007F010048C9
orclisenabled: ENABLED
orclnormdn: cn=******,cn=users,dc=ba2015,dc=org
orclpassword: {x- orcldbpwd}1.0:C18DA03085423B3A
pwdchangedtime: 20071115083327z
sn: ********
uid: **********
userpassword: {SHA}W9r3uyuabrPUgArPz5Le6jHuIjE=


I obtain following errors:

ldap_add: DSA is unwilling to perform
ldap_add: you cannot add entries containing authpassword

then I've deleted authpassoword attribute from entries and add the bolded lines
for owerwrite some fileds

ldif file:
dn: cn=********,cn=users,dc=ba2015,dc=org
changetype:modify
replace:modifytimestamp,createtimestamp
cn: a******
createtimestamp: 20071115083327z
creatorsname: cn=portal,cn=users,dc=ba2015,dc=org
givenname: A***
mail: [email protected]
modifiersname: cn=portal,cn=users,dc=ba2015,dc=org
modifytimestamp: 20071115083327z
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
objectclass: orcluser
objectclass: orcluserv2
orclactivestartdate: 20071115000000z
orcldefaultprofilegroup: cn=staffistituzionale,cn=portal.071030.085314.2675340
00 ,cn=groups,dc=ba2015,dc=org
orclguid: 3DCBE8BAAECD1C84E040007F010048C9
orclisenabled: ENABLED
orclnormdn: cn=annapellegrino,cn=users,dc=ba2015,dc=org
orclpassword: {x- orcldbpwd}1.0:C18DA03085423B3A
pwdchangedtime: 20071115083327z
sn: P******
uid: a********
userpassword: {SHA}*******

error:
ldap_modify: constraing violation
ldap_modify;additiona info: Admin Domain restircts modification of Attribute createtimestamp


Any helps?

thanks

Best Answer

  • onlineAppsDBA.com
    onlineAppsDBA.com Member Posts: 207
    Answer ✓
    You are connecting to target OID from user "cn=orcladmin,cn=Users,dc=2015,dc=org" to add users and this user doesbn't have priviliges

    Kindly use "cn=orcladmin" no domain name (This user is superuser) and try again

    [http://onlineappsdba.com/]

Answers

  • 620862
    620862 Member Posts: 339
    If you're using 'ldifwrite' to export users, then to import them use the tool 'bulkload', OR
    If you want to use 'ldapadd' to import users, then export users using 'ldapsearch'.
    620862
  • onlineAppsDBA.com
    onlineAppsDBA.com Member Posts: 207
    Answer ✓
    You are connecting to target OID from user "cn=orcladmin,cn=Users,dc=2015,dc=org" to add users and this user doesbn't have priviliges

    Kindly use "cn=orcladmin" no domain name (This user is superuser) and try again

    [http://onlineappsdba.com/]

  • I've tried to use bulkload

    *./ldap/bin/bulkload.sh -connect orclinfr -index /home/oracle/Desktop/prova.ldif*

    but the response is :

    Verifying node "orclinfr"
    -----------------------------
    Unable to detect database using connect descriptor orclinfr
    Check Net8 client connect descriptor configuration settings.


    event if the command works fine

    *./bin/tnsping ORCLINFR*

    Used TNSNAMES adapter to resolve the alias
    Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = CCORACLESERVER4)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orclinfr.ccoracleserver4)))
    OK (0 msec)
  • You're right, I've tried in both ways, but the issue persist
  • 620862
    620862 Member Posts: 339
    The 'bulkload' tool requires the LDAP deamon to be down, but the DB to be up. Make sure the DB is up.
    Use the 'bulkload' in stages - check, generate and load. recreate the index only if gives an error regarding index.
  • 619010
    619010 Member Posts: 4
    Oracle used to provide a script for exporting/importing portal between environmets. They have since removed it, but I still use it and it includes an option for what you are attempting. Pulling out all the extra stuff (portal) an providing only the LDAP import users part below.



    //export the users

    ldapsearch -h {OID_HOST_NAME} -p {OID_PORT} -D "cn=orcladmin" -w {IAS_PASSWORD} -X -b "{cn=users,...}" -s sub "objectclass=inetorgperson" > temp_users.xml

    //remove authpassword attributes, etc.
    XslTransform( 'temp_users.xml', 'del_authpassword.xsl', 'portal_users.xml')

    The XSL content is below -

    <!-- Start -->
    <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

    <xml:output method="xml"/>

    <xsl:template match="*|@*|node()&quot;>
    <xsl:copy>
    <xsl:apply-templates select="*|@*|node()&quot;/>
    </xsl:copy>
    </xsl:template>

    <xsl:template match="attr">
    <xsl:choose>
    <xsl:when test="@name='authpassword;oid'">
    </xsl:when>
    <xsl:when test="@name='authpassword;orclcommonpwd'">
    </xsl:when>
    <xsl:otherwise>
    <xsl:copy>
    <xsl:apply-templates select="*|@*|node()&quot;/>
    </xsl:copy>
    </xsl:otherwise>
    </xsl:choose>
    </xsl:template>

    </xsl:stylesheet>

    <!-- End -->

    //Then import users.
    ldapadd -h {OID_HOSTNAME} -p {OID_PORT} -D "cn=orcladmin" -w {IAS_PASSWORD'} -c -X portal_users.xml -v
This discussion has been closed.