###  Read Normal Post in black font ### 

Our expert team is providing online Oracle Apps DBA training via Web Conferencing, here is link for course content and Fee  ->  Oracle Apps DBA 11i course content – 26th April to 11th May

###  Read Normal Post from here ###

Here are key points If you have to integrate Oracle Applications 11i/R12 with OID (for Single Sign-on access) and migrate users across two user repository (Apps and OID)

Users are migrated   
1. From OID to Apps (FND_USER) – In this scenario users already exist in OID and you wish to move them to Apps
2. From Apps to OID  – Users already exist in Apps 11i/R12 and you wish to move then to OID
3. Some users from Apps to OID and others from OID to Apps

Tools/Command to migrate users

1. AppsUserExport– To export account from Oracle E-Business Suite 11i/R12 to intermediate LDIF (Lightweight Directory Interchange Format) file. This is command line tool available in Apps. This is Java class file available under $JAVA_TOP/oracle/apps/fnd/oid

*Required to migrate data from Apps to OID

2. LDAPUserImport– Command line utility to read LDIF file (this file comes from OID containing users and their attribute).  This is Java class file available under $JAVA_TOP/oracle/apps/fnd/oid

*Required to migrate data from OID to Apps

3. ldifmigrator– Command line tool in OID to migrate application specific data or from other directory (AD, iPlanet) to format which OID can understand. This tool is under $ORACLE_HOME/bin on OID node. For syntax of OID click here

*Required to migrate data from Apps to OID

4. bulkload– Command line tool to load OID data in bulk. This tool is available in ORACLE_HOME/ldap/bin on OID node. Limitation with this tool is that you have to shutdown OID (database and listener should be up and running during bulkload). For syntax of bulkload Click Here

*Required to migrate data from Apps to OID and large number of users (else use ldapadd)

5. ldapadd– Command line tool to add an entry in OID. Advantage over bulkload is that no need to shutdown OID. Disadvantage is that this can be used only if number of users to add is small.
For more on ldapadd Click Here

*Required to migrate data from Apps to OID and small number of users (else use bulkload)

6. ldifwrite– Command line utility to create LDIF file from OID data so that LDIF file can later be importaed to Apps using LDAPUserImport.
For more on ldifwrite Click Here

*Required to migrate data from OID to Apps

7. oidprovtool – This is OID command line tool to add/delete/modify provisioning profile. This tool is available under ORACLE_HOME/bin on OID node.

*Required to migrate data from Apps to OID only if “Two Way” or “OID to Apps” provisioning profile is enabled

8. provsubtool.orc– This is command line utility in OID($OH/ldap/odi/bin) to manage application specific subscription list.

Things you should know before user export/import

1. Profile option “Application SSO Login Types” at user level should not be set to Local, else that user will not come to intermediate LDIF file when “AppsUserExport” is executed.

2. Profile option “Application SSO LDAP synchronization” should not be set to NO, else user will not be migrated.

3. If no value is set for above two profile option at user level, then site level value will take effect.

4. Apps users whose user_id < 10 in FND_USER (like SYSADMIN, GUEST, CONCURRENT MANAGER, APPSMGR) should not be synchronized with OID Users.

5. There is limitation to attributes of users migrated from Apps to OID (Full list of supported attributes migrated check page 88-89 of guide mentioned below)

6. $JAVA_TOP should be in CLASSPATH before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport”  (Thanks Ravi for pointing this out)

7. If your provisioning profile (This instructs what user attributes to sync and which way) is configured to synch user data from OID to Apps or Both (OID to Apps and Apps to OID) and you are migrating initial data from Apps to OID (using AppsUserExport, ldifmigrator, bulkload.sh/ldapadd) then DISABLE you provisioning profile during migration process. Enable provisioning profile again after user load from apps to OID.

8. You should know your OID realm where you are going to/from migrate user data.

9. If multiple apps instances are registered with single OID then remove duplicate user data while loading from multiple apps instances to OID.

10. When users are bulk loaded in to OID, the password policy at OID is not enforced as passwords are encrypted in LDIF file.

11. Bulkload coomand to migrate users from Apps to OID does not automatically subscribe users to Apps. You have to manually subscribe them using provsubtool

12. LDAPUserImport command line utility to import data from OID to Apps updates both FND (Foundation) & TCA (Trading Community Architecture) data.

Migrating Users between Apps & OID

OID to Apps
1. Export Users from OID using ldifwrite (OID Node)
2. Import user to Apps using LDAPUserImport (Apps Node)

Apps to OID
1. Export user from Apps using LDAPUserExport (Apps Node)
2. Change file created in above step to ldif file using ldifmigrator (OID Node)
3. Import user to OID using bulkload/ldapadd (OID Node)

Related Doc

Apps 11i / OID Integration Guide    Page 69 to 76
Apps R12/OID Integration Guide    Chapter 6