Exporting and importing groups to OID

I got an opportunity to work on exporting and importing groups from/to OID excluding the members of the groups today. In our case, the development environment had groups with users as members of it already and need to move those users to production environment. We need to provision the roles/groups to users into OID using Oracle Identity Manager and thus we had to exclude the members of the groups.

First, we need to export the groups from OID as shown below:

./ldapsearch -p 389 -h  ldap_hostname -D “cn=orcladmin” -w welcome1 -L -s one -b “cn=Groups,dc=oracle,dc=com” “(objectclass=*)” “*” > oid_groups.ldif

Now, we need to edit this oid_groups.ldif file to remove the lines involving uniquemember pertaining to groups as shown below:

uniquemember: cn=testuser,cn=users,dc=oracle,dc=com

If you are using TextPad to edit this file, there is a handsome option Macro to do it in a second.

Once the ldif is ready to imported, we need to run ldap command as shown below in production environment to import all the groups.

./ldapadd -h ldap_hostname -p 389 -D “cn=orcladmin” -w admin123 -c -v -f oid_groups.ldif

That’s it. Your production environment is ready with all groups and OIM can readily provision roles to it.

Now, let us understand in detail about the ldap command options we used for exporting and importing.

Exporting:

./ldapsearch -p 389 -h  ldap_hostname -D “cn=orcladmin” -w welcome1 -L -s one -b “cn=Groups,dc=oracle,dc=com” “(objectclass=*)” “*” > oid_groups.ldif

-h : ldap hostname (in our case, this is development environment)

-p : ldap port

-D : OID administrator

-w : OID admin password

-L : Print entries in LDIF format

-s : This defines scope of search.

  •  base – For searching only the base entry.
  •  one – For searching only the children of the base entry.
  •  sub – For searching the base entry and all its descendants.

-b : base DN for search. We have search all groups under cn=Groups. If you are specific to search within a group, then you can mention it as cn=group_name,cn=Groups,dc=oracle,dc=com.

“(objectclass=*)” : Search based on all object classes that groups are associated to

Importing:

./ldapadd -h ldap_hostname -p 389 -D “cn=orcladmin” -w admin123 -c -v -f oid_groups.ldif

-c: Tells ldapadd to proceed in spite of errors

-v:  Specifies verbose mode

-f :ldif filename

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

1 comments
Vijay Chinnasamy says January 16, 2011

Nice post. Indeed, the same logic works for exporting and importing other LDAP Objects OID too.

Regards
Vijay Chinnasamy

Reply
Add Your Reply