BulkModify ldap tool usage: OID 11g

Hi All,

This post will give an insight about bulkmodify ldap tool. Bulk Modify ldap tool is used to modify large number of ldap entries in an efficient manner. Bulk Modify tool supports:

  • Sub-tree based modification
  • Single attribute filter such as objectclass=*
  • Addition or replacing attribute values

The bulkmodify tool performs schema checking on the specified attribute name and value pair during initialization. All entries that meet the following criteria are modified:

  • They are under the specified subtree.
  • They meet the single filter condition.
  • They contain the attribute to be modified as either mandatory or optional.
  • Cannot modify a single valued attribute. In this case, modify the schema to make it multi-valued attribute and fire bulkmodify command.

There are few exceptions under which bulkmodify does not modify an attribute and they are as follows:

  • dn
  • cn
  • userpassword
  • orclentrylevelaci
  • orclaci
  • orclcertificatehash
  • orclcertificatematch

Syntax:

bulkmodify connect=connect_string basedn=Base_DN {[add=”TRUE”|”FALSE”]|[replace=”TRUE”|”FALSE”]} attribute=attribute_name value=attribute_value [filter=filter_string] [size=transaction_size] [threads=num_of_threads] [debug=”TRUE”|”FALSE”] [encode=character_set] [verbose=”TRUE”|”FALSE”]

The log file for bulkmodify operation can be found at $AS_INSTANCE/diagnostics/logs/OID/tools/bulkmodify.log

Pre-requisites:

OID processes should be shutdown before firing bulkmodify command as otherwise it will throw an error as shown below.

OID Processes running on target node and entry cache is enabled Action:
Shutdown OID Processes on target node or disable entry cache.

Our use case is as follows:

The OID has several realms such as cn=Employees; cn=Customers; cn=Agents and so on and each realm has several thousands of users. Some of the users has an attribute value defined. The requirement is to add a default value for all users across realms if the value is not present.

Here the ldap filter is very important.

./bulkmodify connect=”CONN_STRING” basedn=”realm” add=”TRUE” attribute=”attr_name” value=”attr_new_value” filter=”(! (attr_name=*))”

NOTE: There is a space after ! character as otherwise the command will result in error

-bash: !: event not found

Hope this helps.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

2 comments
ldapguru says December 10, 2012

bulkmodify has a number of limitations with regard to which attributes that can be modified, and cannot be used with LDIF files. I would recommend using parallel-update instead: http://ff1959.wordpress.com/2012/12/10/ldap-using-parallel-update-for-concurrent-multiple-updates/

Reply
Mahendra says December 10, 2012

Thanks for your comments ldapguru. Infact bulkmodify tool also can leverage threads but I have not tested its performance. I will consider parallel-update tool in the future.

Reply
Add Your Reply