Child pages
  • EUS Migration from OID to OUD

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Host Name:                oraldap3.dkrzcust.de
Administrative Users:     cn=Directory Manager

...

orclSubscriberSearchBase: dc=dkrzcust,dc=de
dn: cn=Common,cn=Products,cn=OracleContext

...

orclDefaultSubscriber: dc=dkrzcust,dc=de
dn: cn=Common,cn=Products,cn=OracleContext,dc=dkrzcust,dc=de
changetype: modify
replace: orclCommonUserSearchBase
orclCommonUserSearchBase: ou=people,dc=dkrzcust,dc=de
dn: cn=Common,cn=Products,cn=OracleContext,dc=dkrzcust,dc=de
changetype: modify
replace: orclCommonUserCreateBase
orclCommonUserCreateBase: ou=people,dc=dkrzcust,dc=de
dn: cn=Common,cn=Products,cn=OracleContext,dc=dkrzcust,dc=de
changetype: modify
replace: orclCommonDefaultUserCreateBase
orclCommonDefaultUserCreateBase: ou=people,dc=dkrzcust,dc=de
dn: cn=Common,cn=Products,cn=OracleContext,dc=dkrzcust,dc=de
changetype: modify
replace: orclCommonGroupCreateBase
orclCommonGroupCreateBase: ou=groups,dc=dkrzcust,dc=de
dn: cn=Common,cn=Products,cn=OracleContext,dc=dkrzcust,dc=de
changetype: modify
replace: orclCommonDefaultGroupCreateBase
orclCommonDefaultGroupCreateBase: ou=groups,dc=dkrzcust,dc=de
dn: cn=Common,cn=Products,cn=OracleContext,dc=dkrzcust,dc=de
changetype: modify
replace: orclCommonGroupSearchBase
orclCommonGroupSearchBase: ou=groups,dc=dkrzcust,dc=de


Next, we need a basic structure for users and groups in the LDAP subtree:

[oracle@oraldap3 ~]$ /u01/Middleware/Oracle_OUD1/bin/ldapmodify -D "cn=Directory Manager" -j /tmp/p -a -f add_dkrzcust_structure.ldif 
Processing ADD request for cn=Users,dc=dkrzcust,dc=de
ADD operation successful for DN cn=Users,dc=dkrzcust,dc=de
Processing ADD request for cn=Groups,dc=dkrzcust,dc=de
ADD operation successful for DN cn=Groups,dc=dkrzcust,dc=de
[oracle@oraldap3 ~]$ cat add_dkrzcust_structure.ldif 
#
# LDAPv3
# base <dc=dkrzcust,dc=de> with scope oneLevel

...

# requesting: * 
#
# Users, dkrzcust.de
dn: cn=Users, dc=dkrzcust,dc=de
objectclass: top
objectclass: orclContainer
cn: users
# Groups, dkrzcust.de
dn: cn=Groups, dc=dkrzcust,dc=de
objectclass: top
objectclass: orclContainer

...

dn: cn=test_oud,cn=Users, dc=dkrzcust,dc=de
cn: test_oud
mail: test.test_oud@mycompany.com

...

Processing ADD request for cn=test_oud,cn=Users,dc=dkrzcust,dc=de
ADD operation successful for DN cn=test_oud,cn=Users,dc=dkrzcust,dc=de

Export of OID data

The export can be done on the OUD host with the Linux ldapsearch binary against the still-running OID server, if reachable:

/usr/bin/ldapsearch/ldapsearch -p 3060 -h oraldap1.dkrzcust.de -D "cn=orcladmin" -w "XXX" -L -s one -b "cn=Groups,dc=dkrzcust,dc=de" "(objectclass=*)" "*" > oid-groups.ldif
/usr/bin/ldapsearch/ldapsearch -p 3060 -h oraldap1.dkrzcust.de -D "cn=orcladmin" -w "XXX" -L -s one -b "cn=users,dc=dkrzcust,dc=de" "(objectclass=*)" "*" > oid-users-ldif

...

/usr/bin/ldapsearch -p 3060 -h oraldap1.dkrzcust.de -D "cn=orcladmin" -w "XXX" -L -s one -b "cn=CERA_GROUPS,cn=Groups,dc=dkrzcust,dc=de" "(objectclass=*)" "*" > oid-groups-NESTED.ldif
/usr/bin/ldapsearch -p 3060 -h oraldap1.dkrzcust.de -D "cn=orcladmin" -w "XXX" -L -s one -b "cn=ADMIN_GROUPS,cn=Groups,dc=dkrzcust,dc=de" "(objectclass=*)" "*" >> oid-groups-NESTED.ldif 

...

The filtered LDI file now looks like this:

# alfonso_xxx, Users, dkrzcust.de
dn: cn=alfonso_xxx,cn=Users, dc=dkrzcust,dc=de
cn: alfonso_xxx
mail: alf.xxx@libero.it

...

dn: cn=test_oud2,cn=Users, dc=dkrzcust,dc=de
cn: test_oud2
mail: test.test_oud2@mycompany.com

...

Processing ADD request for cn=test_oud2,cn=Users,dc=dkrzcust,dc=de
ADD operation failed

...

ADD operation successful for DN cn=OCS_PORTAL_USERS,cn=groups,dc=dkrzcust,dc=de
Processing ADD request for cn=PORTAL_GROUPS,cn=Groups,dc=dkrzcust,dc=de
ADD operation successful for DN cn=PORTAL_GROUPS,cn=Groups,dc=dkrzcust,dc=de
Processing ADD request for cn=my_dummy,cn=groups,dc=dkrzcust,dc=de
ADD operation successful for DN cn=my_dummy,cn=groups,dc=dkrzcust,dc=de
Processing ADD request for cn=CERA_GROUPS,cn=Groups,dc=dkrzcust,dc=de
ADD operation successful for DN cn=CERA_GROUPS,cn=Groups,dc=dkrzcust,dc=de
Processing ADD request for cn=ADMIN_GROUPS,cn=Groups,dc=dkrzcust,dc=de
ADD operation successful for DN cn=ADMIN_GROUPS,cn=Groups,dc=dkrzcust,dc=de

And the additional nested groups:

...

Mapping DN:    cn=Users,dc=dkrzcust,dc=de
Mapping schema:GLOBAL_IDENT

...

Code Block
languagebash
/usr/bin/ldapsearch -p 3060 -h oraldap1.cust.de -D "cn=orcladmin" -w "XXX" -L -s one -b "cn=users,dc=cust,dc=de" "(objectclass=*)" "*" > oid-users-20171124.ldif

/usr/bin/ldapsearch -p 3060 -h oraldap1.cust.de -D "cn=orcladmin" -w "XXX" -L -s one -b "cn=Groups,dc=cust,dc=de" "(objectclass=*)" "*" > oid-groups-20171124.ldif

/usr/bin/ldapsearch -p 3060 -h oraldap1.cust.de -D "cn=orcladmin" -w "XXX" -L -s one -b "cn=CERA_GROUPS,cn=Groups,dc=cust,dc=de" "(objectclass=*)" "*" > oid-groups-20171124-NESTED.ldif
/usr/bin/ldapsearch -p 3060 -h oraldap1.cust.de -D "cn=orcladmin" -w "XXX" -L -s one -b "cn=ADMIN_GROUPS,cn=Groups,dc=cust,dc=de" "(objectclass=*)" "*" >> oid-groups-20171124-NESTED.ldif

/usr/bin/ldapsearch -p 3060 -h oraldap1.dkrzcust.de -D "cn=orcladmin" -w "XXX" -L -s one -b "cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=cust,dc=de" -o ldif-wrap=no "(objectclass=*)" "*"  > eus-mappings-20171124.ldif 

...

Code Block
[oracle@oraldap3 Loopback]$ cat OUD_Users-20171124.ldif | grep "^dn: " | sort | uniq > OUDusers.list

[oracle@oraldap3 Loopback]$ ldapdelete -D "cn=Directory Manager" -j ~/.xxx -f a.txt 
Processing DELETE request for dn: cn=test,cn=users,dc=dkrzcust,dc=de
DELETE operation failed
Result Code:  34 (Invalid DN Syntax)
Additional Information:  The provided value "dn: cn=test,cn=users,dc=cust,dc=de" could not be parsed as a valid distinguished name because character ':' at position 2 is not allowed in an attribute name

[oracle@oraldap3 Loopback]$ cat OUDusers.list | awk '{print $2}' > OUDusers-SYNTAXed.list 
[oracle@oraldap3 Loopback]$ ldapdelete -D "cn=Directory Manager" -j ~/.xxx -f OUDusers-SYNTAXed.list -c

[oracle@oraldap3 Loopback]$ cat OUD_Groups-20171124.ldif | grep "^dn: " | sort | uniq > OUDgroups.list
[oracle@oraldap3 Loopback]$ cat OUD_Groups-20171124-NESTED.ldif | grep "^dn: " | sort | uniq >> OUDgroups.list

[oracle@oraldap3 Loopback]$ cat eus-mappings-20171124.ldif | grep "^dn: " | sort | uniq |  awk '{print $2}' > OUDeusmaps.list
[oracle@oraldap3 Loopback]$ ldapdelete -D "cn=Directory Manager" -j ~/.bindpw -f OUDeusmaps2delete.list -c

...