Reconciliation from LDIF files
Hello there,
Can we perform reconciliation from ldif files? Is there anyway we can do that?
I am trying to extract user profiles from Tivoli directory to OIM database. The output from tds is in the form of ldif.
Thanks in advance.
Absolutely, but you are going to need to write it yourself. You just need a scheduled task that reads in the ldif entries, converts them to hashmaps and call the appropriate tcReconciliationOperationsIntf methods to submit the events.
Alternatively, convert the ldif to a csv (there are lots of scripts out there to do this and if you are handy with perl is it not difficult) and use the GTC flat file recon.
Similar Messages
-
Hi,
Can we search objects/entries from a ldif file using ldapsearch?
Thanks.Hi,
Here is my nsswitch.conf file properly configured, /etc/pam.conf (Solaris 11)
This is a new fresh install of Oracle Directory Services... where I can execute ldapsearch success fully..
I am trying to bind, use a method to authenticate users via LDAP (Oracle Directory Services) instead of using local credentials.
Kind of NIS process of authentications..
root@solaris:/etc/pam.d# cat /etc/nsswitch.conf
# _AUTOGENERATED_FROM_SMF_V1_
# WARNING: THIS FILE GENERATED FROM SMF DATA.
# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
# See nsswitch.conf(4) for details.
passwd: files ldap
group: files ldap
hosts: files ldap
ipnodes: files ldap
networks: files ldap
protocols: files ldap
rpc: files ldap
ethers: files ldap
netmasks: files ldap
bootparams: files ldap
publickey: files ldap
netgroup: ldap
automount: files ldap
aliases: files ldap
services: files ldap
printers: user files ldap
project: files ldap
auth_attr: files ldap
prof_attr: files ldap
tnrhtp: files ldap
tnrhdb: files ldap
sudoers: files
root@solaris:/etc/pam.d#
root@solaris:/etc/pam.d# cat /etc/pam.conf
service auth binding pam_unix_auth.so.1 server_policy
service auth required pam_ldap.so.1
other password required pam_authtok_store.so.1 server_policy
root@solaris:/etc/pam.d# cat login
# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
# PAM configuration
# login service (explicit because of pam_dial_auth)
auth definitive pam_user_policy.so.1
auth requisite pam_authtok_get.so.1
auth required pam_dhkeys.so.1
#auth required pam_unix_auth.so.1
auth required pam_ldap.so.1
auth binding pam_unix_auth.so.1 server_policy
auth required pam_unix_cred.so.1
auth required pam_dial_auth.so.1
root@solaris:/etc/pam.d#
root@solaris:/etc/pam.d# ldapsearch -h 138.202.80.167 -p 1389 -D "cn=Directory Manager" -b "dc=usfca,dc=edu" "uid=djuarez"
Enter bind password:
version: 1
dn: uid=djuarez, ou=People, dc=usfca,dc=edu
cn: David Juarez
sn: Juarez
givenName: David
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: Product Development
ou: People
l: San Francisco
uid: djuarez
mail: [email protected]
telephoneNumber: +1 415 422 5835
facsimileTelephoneNumber: +1 415 422 5835
roomNumber: 3445
userPassword: {SSHA}E5WrvyzZa7666BXp93yZmkmBIH2qDY9H3H93Ow==
dn: uid=djuarez,ou=profile,dc=usfca,dc=edu
mobile: (415)333-4444
sn: Juarez
ou: profile
l: US
manager: Melvin Wong
mail: [email protected]
telephoneNumber: (415)423-5835
givenName: David
uid: djuarez
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: David Juarez
userPassword: {SSHA}5h/zfZXDK9ljj1oqPB6LAziLotNtLndszhpgIQ==
root@solaris:/etc/pam.d#
root@solaris:/etc/pam.d# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 138.202.80.167:1389
NS_LDAP_SEARCH_BASEDN= dc=usfca,dc=edu
NS_LDAP_CACHETTL= 0
NS_LDAP_ENABLE_SHADOW_UPDATE= TRUE
root@solaris:/etc/pam.d# -
Custom code for Target Source Reconciliation from a flat file
Hi Experts,
I need help in writing a custom code for Target Source Reconciliation from a flat file to OIM. The flat file will contain account details for different application instances. I am working on 11gr2.
Thanks,
SubinAll right, all right, not so quickly.
I am at the stage of trying to put one dimension
array. But I stuck in one place, this is the program:
import java.io.*;
public class FromFile {
public static void main(String[] args) throws IOException {
File inputFile = new File("mac.txt");
FileReader in = new FileReader(inputFile);
int c;
for(int i = 0; i < 10; i++) {
c = in.read();
System.out.println(c);
and I try to read: 1 2 3 4 from text file
This is the result so far...
49
32
50
32
51
32
52
-1
-1
-1
well,
I think I know what's wrong. I must change ASCII numbers into
ints. But I dont' know how to do it. Some nice book, or
tutorial on streams would come in handy. Could you correct
it?. -
How do I add an objectclass to existing LDAP server entry using an ldif file?
I am trying to fix an LDAP server that has been operating with schema check off. I need to add an objectclass to the groups so that some attributes that have been added to the groups will be "legal." From the documentation, the changetype: modify will allow the changing/adding of attributes that are already a part of the schema objects that define the entry. It does not look like I can add an objectclass with the modify operation.
If this is the case, then how do I add an objectclass to an existing entry? Using the GUI is not possible since the directory server in question is not being managed with an admin server. Please tell me that I do not have to delete the groups and import them again with an LDIF file that has the new objectclass added.
KentSee this post:
http://softwareforum.sun.com/servlet/ProcessRequest?RHIVEID=181&RPAGEID=135&HOID=50B500000008000000636B0000&USEARCHCONTEXT_CATEGORY_0=_21_%24_7_&USEARCHCONTEXT_CATEGORY_S=0&UCATEGORY_0=_21_%24_7_&UCATEGORY_S=0 -
Anyone tried using LDIF file in the User Profile Synchronization Process?
Microsoft pushied an article recently talking about using LDIF file in the SharePoint's user profile synchronization.
Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file (SharePoint Server 2010) http://technet.microsoft.com/en-us/library/ff959234.aspx
Currently I am unable to obtain the required "Replicate Directory Change" permission set up by the AD admin. So I thought of exploring this alternative since I still have AD search permission right now.
So far, I was able to set up the MOSSLDAP-LDIFMA, and use an import.ldif file to add, remove and update user profiles. However, there are some problems that I can't resolve. One of key problems is, the LDIF-imported records can't be
sync'd with login-based records.
In my environment, when a user login SharePoint via Windows authentication, a new profile would be added, under the account name "domain\username". Meanwhile, when an LDIF record imported, there will be another profile created under the account
name "domain:domain\username", or "domain:username". That is, there would be two profiles for each user.
Based on my understanding, it is very likely the user profile synchronization is based on the user's account name. But in document and sample files provided, I can't find out any clue how to prepare the ldif file so that it will update the
matching records, instead of creating new ones.
Any help? Thanks in advance.Has anyone managed to get this to work?
It's nice that Microsoft offers the ability to import user profiles via LDIF into SharePoint, but it is useless if the account name is not correct after the import. I have tried multiple imports from the LDIF to get a user account to show up as "domain\username" but
it always ends up as "domain:domain\username", or "domain:username". or a variation
of these 2 with a colon separating the domain form the username. i see that multiple people have had the same problem, but unfortunetaly can't seem to find a solution. Also I see Bradley mentions that he was able to import accounts using get-QADUser,
but he doesnt mention what the accounts import as or if it resolved the domain colon issue.
Thanks in advance for any help or information anyone can provide.
cheers,
Zed -
I have to read the contents form an ldif file and display it with in a tree, in that the first dn, should be displayed as root dn, and next as child nodes with all the properties of dn.
I displayed all the dn's but am not understanding how to take root dn and child nodes. please help me if any one know.
Thanks,
RagaHi,
When you delete a node and all of its children, what do you want to do with the grandchildren? If you want to set their parent_id to NULL, do that in a separate UPDATE statement first, then DELETE the original node and all its remaining descendants, as show below.
If, when you say "children", you mean "descendants" (including
children,
children of children,
children of children of children,
and so on, to any level,
) then do a CONNECT BY query to find their primary keys, and DELETE everything in that list, like this:
DELETE subforms
WHERE id IN
SELECT id
FROM subforms
START WITH id = :specified_id
CONNECT BY PRIOR id = parent_id
); -
User not created in OIM 11gr2 - trusted reconciliation from OID
Hello,
in my tests I'm trying to do a trusted reconciliation from OID to OIM.
I checked the errors below in the log file and I checked the column on the database. The column is there but I can't understand why this error appear.
I did a select on this table and this column is empty (select RA_USERLOGIN7C7B96D4 from RA_OIDTRUSTEDUSERBCBD344A).
INFO: Generic Information: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4)))
INFO: Generic Information: Params = [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
SEVERE: Generic Information: {0}
oracle.iam.reconciliation.exception.DBAccessException: Failed SQL:: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4))) =>PARAMS:: [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
at oracle.iam.reconciliation.utils.DBAccessTemplate.executeQuery(DBAccessTemplate.java:71)
at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.executeSql(BaseEntityTypeHandler.java:508)
at oracle.iam.reconciliation.impl.UserHandler.getMatchingKeys(UserHandler.java:601)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:556)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:535)
at sun.reflect.GeneratedMethodAccessor3188.invoke(Unknown Source)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: java.sql.SQLSyntaxErrorException: ORA-00904: "RA_OIDTRUSTEDUSERBCBD344A"."RA_USERLOGIN7C7B96D4": invalid identifier
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
After this error the log shows:
SEVERE: oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped
oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Child tables only supported at account-level
at oracle.iam.connectors.icfcommon.service.oim11.OIM11Reconciliation.processEvent(OIM11Reconciliation.java:101)
Please help me on this and tell me if I am missing something here.
ThanksI've found something that worked for me. When executing the trusted recon schedule task, the "Configuration Lookup" field in the "OID Server" IT Resource has to have the value "Lookup.OID.Configuration.Trusted". On the other hand, when executing the user sync recon schedule task, this field must have the value "Lookup.OID.Configuration.Trusted".
The lookups' names can be different if you've manually renamed them.
--jtellier -
Can I load a LDIF file and initalise the database using iPlanet SDK?
I know how to create a new context in the DS, initialise its database with a LDIF file from the console or using the LDAPModify.
But would it be possible if I can create the context & initialise the database using the iPlanet SDK for Java?
I'm developing a module that would allow an user to create a new organisation, thereby the need to create the database using the SDK. How can I go about to achieve this?
Many thanks!I don't understand. If you know how to do everything using ldapmodify, it should be very straightforward to use java. What don't you understand?
-
Hi
I need to extend the schema for iPlanet Dir. 5.0 and I do not want to do so from the console. As per the documentation, I need to either add entries in the 99user.ldif file or define my own custom [00-99]myname.ldif file. I tried this but its not working.
I have made the assumption that there is no explicit import step for the 'user defined' schema files (as it is for user data ldif files). I assume that on start (or on opening the console), I'd be able to see the new schema after the server has read the schema file.
I have verified that entering new objectclasses and attributes from the console adds entries into the 99user.ldif file. So why is the reverse process not working. Can anybody throw some light on this? Also in case my assumptions are faulty, please let me know.
I did not change the aci entries in the existing ldif file. Is any modification needed there? I was logged in as the Directory Manager during this testing process.
regards
Sikka ([email protected])Hi Sikka,
The server reads its schema configuration on startup. If you manually modify the schema files while the server is running, it will not have any effect. You have to restart the server.
The console adds the new schema elements over LDAP (you could do that as well, you only have to modify the cn=schema entry), so the server is aware of the changes immediately and thus restarting is not needed.
I hope this helps.
Bertold -
Unable to import pab ldif file. Insufficient Access
I am in the process of upgrading from iMS 5.2 w/iDS 4.16 on an NT box to iMS 5.2 w/iDS 5.1 on Solaris 9.
And , yes I am new to solaris, but that is another story.....
I have successfully installed solaris, iDS 5.2, run the ims_dssetup.pl script, installed iMS 5.2 servers, and gotten everyting to work. I have successfully imported my users by using .ldif files. My problem is that when I try to import the pab entries from an ldif file, all the entries get rejected with the error "Insufficient Access".
I should add that I am doing this on a SunFire V210 with no video card, mouse or keyboard. In other words through the mgmt port and using a windows workstation to access the administration and directory servers.
I'm at wits end.... do I go left or right?
Thanks in advance..I am logging into the administration server from my windows workstation as admin (administration server user) and i believe this to be the same user as the configuration directory user admin. I am opening the server group and opening the directory server window. I then go to the configuration tab and click on Console > Import database. I then select the file on my local windows workstation(choosing one on the server seems to not be an option) and click ok.
it then procedes to reject the entries.
I did try to do an ldapadd -d DirectoryManager -w password -f filename.ldif from the ldap server instance directory, but got basically the same results..
What am I doing wrong? -
Modifying entries via the System Server Console (GUI's) 'Import From LDIF'
Hello,
I've created an LDIF file with "changeType: modify" entries but when I import the file via the GUI's 'Import From LDIF' button (taking care to have "Add only" unchecked), the entries are rejected with a "Error adding object ... The error sent by the server was 'Already exists'" error.
Here is an example entry:
dn: nxResource=Administrative Policies,nxResource=eCentre,nxResource=Network,o
u=securitypolicy,dc=ECENTRE
changeType: modify
replace: nxRule
nxRule: rule=deny,cn=SeniorAdministrators,ou=Administration,ou=Groups,dc=ECEN
TRE
I get similar results when trying to delete an entry. If I use the command-line ldapmodify tool, it works fine. Is there a different syntax for the GUI-based import?
Thanks!
GreggHi Gregg,
I'm afraid that the term import for the GUI means ADD and not apply a set of modifications.
Usually, import also imply that the current content of the database is removed.
DS6 has this new option to allow appending new entries instead of replacing the DB. The "add only" check box is meant for this.
I don't think there is a way to apply a set of changes from an LDIF file through the console. ldapmodify is the usual and default way to proceed.
Regards,
Ludovic. -
Modifying AD Schema - LDIF File Question
Hi,
I have successfully extended AD schema to support Macs on a vinilla lab domain. I've used AD Schema Analyzer to create the LDIF file. My question is:
Can I use the same LDIF file (created from vinilla lab domain) to extend/ modify the production domain? or is the LDIF file custom to each domain that I would have to create a new LDIF file for production domain?
If I can use the same LDIF file created from the vinilla lab domain, why doesn't Apple just provide us with the LDIF file to import on the domain controller?
Any assistance or advice will be very much appreciated!
Thank you.Since potentially each AD installation might have a different schema (stock schemas modified) it could be different.
-
Hi,
I'm exporting a .ldif file from sun ds 5.2 to importing it to sun ds 6.3. I have to make some changes in the .ldif file after exporting it.
in 5.2, dc=example,dc=com
in 6.3 dc=misc,dc=example,dc=com (adding dc=misc. can this be correct)
The following is the code. could you tell me what additions I have to make before importing it.
Also, is there any error in the following commands
./dsconf create-suffix -h localhost -p 8389 dc=misc,dc=example,dc=com
./dsconf import -h localhost -p 8389 /export/home/user/Example.ldif dc=misc,dc=example,dc=com
Example.ldif file is the exported file.
dn: dc=misc,dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
dn: ou=abc,dc=misc,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: abc
dn: cn=abc_users,dc=misc,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: abc_users
description: abc Users at example
uniqueMember: uid=abc_user,ou=abc,dc=misc,dc=example,dc=com
dn: uid=abc_user,ou=abc,dc=misc,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: abc-user
sn: client
cn: abc-user client
uid: abc_user
userPassword: {SSHA}lksd;koqoqpowk&iqdnlI exported ldif through softerra LDAP administrator. How do I export to ldif in sun ds 5.2 from the command line.
These are the commands I have used to import ldif file.
creating suffix, already created suffix, and overwritung it.
./dsconf create-suffix -h 1192.169.2.100 -p 8389 dc=misc,dc=example,dc=com
Enter "cn=Directory Manager" password:
"dc=misc,dc=example,dc=com": suffix already exists.
The "create-suffix" operation failed on "192.169.2.100:8389".
./dsconf import -h 192.169.2.100 -p 8389 /export/home/user/example.ldif dc=misc,dc=example,dc=com
Enter "cn=Directory Manager" password:
New data will override existing data of the suffix "dc=misc,dc=example,dc=com".
Initialization will have to be performed on replicated suffixes.
Do you want to continue [y/n] ? y
## Index buffering enabled with bucket size 40
## Beginning import job...
## Processing file "/export/home/user/example.ldif"
## WARNING: skipping entry "dc=misc,dc=example,dc=com" which violates schema, ending line 5 of file "/export/home/user/example.ldif"
## Finished scanning file "/export/home/user/example.ldif" (3 entries)
## WARNING: Skipping entry "ou=abc,dc=misc,dc=example,dc=com" which has no parent, ending at line 10 of file "/export/home/user/example.ldif"
## WARNING: Skipping entry "cn=abc_users,dc=misc,dc=example,dc=com" which has no parent, ending at line 17 of file "/export/home/user/example.ldif"
## WARNING: Skipping entry "uid=abc_user,ou=abc,dc=misc,dc=example,dc=com" which has no parent, ending at line 27 of file "/export/home/user/example.ldif"
## Workers finished; cleaning up...
## Workers cleaned up.
## Cleaning up producer thread...
## Indexing complete.
## Starting numsubordinates attribute generation. This may take a while, please wait for further activity reports.
## Numsubordinates attribute generation complete. Flushing caches...
## Closing files...## Import complete. Processed 3 entries (4 were skipped) in 3 seconds. (1.00 entries/sec)
Can I export from sun ds 5.2 and import to sun ds 6.3 using commands
how do I do that
Please help me
thanks,
Charan -
Need to covert .mab files to .ldif files
Accidenatlly deleted most of my main address book. Ran restore from my backups and I see the .mab files but my main address book was not restored. How do I convert the .mab files to either .ldif or .csv files? From there I can easily import into TBird.
Thanks.The two default address books, abook.mab (Personal Address Book) and history.mab (Collected Addresses) can be copied directly into the profile folder, overwriting the existing abook.mab and history.mab.
To import other mab file address books, use [https://freeshell.de//~kaosmos/morecols-en.html MoreFunctionsForAddressBook] ([http://chrisramsden.vfast.co.uk/3_How_to_install_Add-ons_in_Thunderbird.html How to install]).
In Address Book, Tools/MFFAB/Actions for addressbooks/Import addressbook from mab file. -
Loading 361000 records at a time from csv file
Hi,
One of my collegue loaded 361000 records from one file file , how is this possible as excel accepts 65536 records in one file
and even in the infopackage the following are selected what does this mean
Data Separator ;
Escape Sign "
Separator for Thousands .
Character Used for Decimal Point ,
Pls let me knowhi Maya,
it just possible, other than ms-excel, we have editor like Textpad that support more 65k rows (and windows Notepad), the file may be generated by program or edited outside in excel, or newer version of excel is used, ms-excel 2007 support more 1 million rows.
e.g we have csv file
customer;product;quantity;revenue
a;x;"1.250,25";200
b;y;"5.5";300
data separator ;
- char/delimeter used to separate field, e.g
escape sign, e.g
- "1.250,25";200 then quantity = 1.250,25
separator for thousands = .
- 1.250,25 means one thousand two hundred ...
char used for decimal point
- - 1.250<b>,</b>25
check
http://help.sap.com/saphelp_nw70/helpdata/en/80/1a6581e07211d2acb80000e829fbfe/frameset.htm
http://help.sap.com/saphelp_nw70/helpdata/en/c2/678e3bee3c9979e10000000a11402f/frameset.htm
hope this helps.
Maybe you are looking for
-
Missing scroll bars on a pop up window in safari
I'm not even sure if Im in the right section for this question but I kept getting and error message under the safari topic. I have been trying to have my fantasy football draft, but whenever I open the window to enter the live draft there are no scro
-
Can't get validation to work.
I can't get my validation to work. What I want is to create a validation that makes a particular field required when certain options are selected from a select list that has a display value containing text and a return value containing an ID number.
-
Offline Payment Passphrase doesn't work - Solution
Just in case anyone else comes up with this issue with another client. We have been having problems with the offline credit card payment file passwords not being accepted in the Adobe Reader password input window when they are copied from the BC Orde
-
Seeing so many complaints on the Adobe Muse bugs forum, wondering if there is fixes coming soon to all these, ESPECIALLY compatibility issues with Windows 8-8.1 64bit PC's. These are the PC's being sold nowadays, I cannot buy a new laptop with Window
-
Java 7 u45 Web Start application won't launch
I maintain an Eclipse RCP application launched with WebStart. Java 7 u45 made some security changes, and now my application crashes on startup. I've added to the manifest: Permissions: all-permissions Codebase: * Trusted-Library: true This removed al