Oracle® Fusion Middleware Integration Guide for Oracle Identity Management 11g Release 1 (11.1.1) Part Number E10031-01 |
|
|
View PDF |
This appendix provides an example of a profile properties file that can be used with the manageSyncProfiles
command and its -f
option. The appendix contains the following topics:
The manageSyncProfiles
command and its -f
option allows you to specify the full path to a profile properties file that contains properties for a synchronization profile. For example:
manageSyncProfiles register -h myhost.mycompany.com -p 7005 -D login_ID \
-f /opt/ldap/odip/iPlImport.profile
See:
"Managing Synchronization Profiles Using manageSyncProfiles" for more information about manageSyncProfiles.The following is an example of a profile properties file. Be sure to modify your properties file so that it is specific to your environment and configuration.
#################################################################### ## This file contains information required to create a profile in ## ## OID. ## #################################################################### # Profile Name : Name of the profile # # NOTE - This should be a unique name # odip.profile.name = ActiveImport # Profile Status : Can be either DISABLE or ENABLE # # NOTE - Default is DISABLE. When it is in the disable mode you can also test the # profile using the 'testprofile' option. # odip.profile.status = DISABLE # Synchronization Mode : Specifies the direction of synchronization i.e when the # changes are required to be propagated from the 3rd party to OID then the # synchronization mode is IMPORT. On the other hand when the changes needs ot be # propagated to the 3rd party directory then the synchronization mode is EXPORT. # # odip.profile.syncmode = IMPORT # Retry Count : Maximum number of times this profile should be executed # in case of an error before the integration server gives up # # NOTE - the default value is 4 # odip.profile.retry = 5 # Schedule Interval: The time interval between successive execution of this # profile by the integration server. # # NOTE - the default value is 60 sec. If the previous execution has not # compeleted then the next execution will not resume util it completes. # odip.profile.schedinterval = 60 # Agent Execution Command : In case of a NON-LDAP interface the command # that needs to be executed that would produce the information in LDIF/Tagged # format. By default this property is commented out for LDAP directories. # odip.profile.agentexecommand = # Connected Directory Url : The 3rd party directory location # The property is of teh format "host:port:sslmode" # Host : Connected directory/repository Host # port : connected Directory/repository Port # sslMode: can have valid values 0,1,2,3 # 0: Non -ssl # 1: ssl mode 1 ( no certificate ) # 2: One way SSL ) Server only Auth - Trust Point Certificate ) # odip.profile.condirurl = host:port:sslmode # Connected Directory/repository Account : The Dn or user name used to connect to # the target repository # odip.profile.condiraccount = # Connected Directory Account : The password used to connect to the 3rd party # directory # When you create a profile using the properties file you'll be prompted for the # password even if you specify the password in this file. For security reasons it # is recommended that you specify the password in the commandline. # odip.profile.condirpassword = ******** # Interface Type : Whether the LDAP or LDIF or DB or TAGGED format is # to be used for data exchange # # NOTE - Default value is LDAP # odip.profile.interface = LDAP # Config Info : Additional information required for execution of this # profile by the integration server. # # NOTE - The value for this property is the name of the file that contains # the additional profile specific information to be used for execution # Specify the absolute pathname of the file here. If the absolute pathname # contains a `\`, use the escape sequence and specify it as `\\` # odip.profile.configfile = /scratch/americas/product/oracle/wls/Oracle_ IDM1/ldap/odi/conf/activeimp.cfg.master # Mapping Rules : Specifies the Mapping Rules to be used for execution # profile by the integration server. # # NOTE - The value for this property is the name of the file that contains # the domain and attribute mapping rules # Specify the absolute pathname of the file here. If the absolute pathname # contains a `\`, use the escape sequence and specify it as `\\` # odip.profile.mapfile = /scratch/americas/product/oracle/wls/Oracle_ IDM1/ldap/odi/conf/activechg.map.master # Matching filter Con Dir : Specifies the filter that needs to be # applied to the changes that are read from the connected directory # before importing to OID # # NOTE - There are certain defaults available for different directories. # You can look at the $ORACLE_HOME/ldap/odi/conf directory for sample # files and filters. # # odip.profile.condirfilter = "searchfilter=(|(objectclass=group)(objectclass=organizationalunit)(&(objectclass=user)(!(objectclass=computer))))" # Matching OID attribute : Specifies the matching attribute # on OID for import from the connected directory # odip.profile.oidfilter = orclObjectGUID # Change Number : Specifies the last applied change number. In case of # an export profile this number refer's to OID's last applied change number. # However, in case of the import profile this number refers to the last # applied change number in the connected directory. # odip.profile.lastchgnum = 0 # Profile Version : Value is 4.0. Only version 4.0 profiles are supported. # # NOTE - Default is 4.0 # odip.profile.version = 4.0 # Debug Level : Specifies the debug level of the profile. A value of 63 logs all # information, including entries that are synchronized. # odip.profile.debuglevel = 0 # Specify the directory type here. Supported values are , ACTIVEDIRECTORY,ADAM, # EDIRECTORY, IPLANET, OID, OPENLDAP, and TIVOLI # odip.profile.directorytype=ACTIVEDIRECTORY # associated Profile name. Specify the profile you would like to associate with # the current profile. This is applicable only for LDAP directories and is # required only if you are using bi-directional # synchronization with a connected directory. If you have only one direction of # synchronization you can leave this field empty. odip.profile.associatedProfile = # updateChangeNumberatCreate: if the field is set to false, # Last Change Number(lastchgnum) will be set to # current time stamp or value at the time of profile creation. # Instead you can set it true to retain its deafult value. # odip.profile.updateChangeNumberatCreate = TRUE