The following example searches for entries in which the common name cn is not foo. The following example searches for entries in which cn begins with foo or sn begins with bar. The following example searches for entries in which employeenumber is less than or equal to It can be used when both an Oracle directory server and Oracle directory replication servers are in operation. It uses a SQL interface to benefit performance.
For this release, the bulkdelete tool runs on only one node at a time. This tool does not support filter-based deletion. That is, it deletes an entire subtree below the root of the subtree. If the base DN is a user-added DN, rather than a DN created as part of the installation of the directory, it is included in the delete.
You must restrict LDAP activity against the subtree during deletion. When using bulkload, you specify any options and the input filename. The bulkload tool expects the input file to be in LDIF. The bulkload tool uses this syntax:. Use this argument only when the LDIF file contains operational attributes. Use this in conjunction with the generate and check arguments.
Bulk loading must be performed when Oracle Internet Directory instances are not running. Do this only when creating a new replica node. See Also: "Task 6: Start the Replication Servers on All the Nodes" The current version of bulkload does not allow you to specify the connection information for all of the nodes in one command. When you load the same data into multiple nodes in a replicated network, ensure that the orclGUID parameter global IDs is consistent across all the nodes.
You can accomplish this by generating the bulkload data file once only using the - generate option , and then using the same data file to load the other nodes using the - load option. The bulkmodify command line tool enables you to modify a large number of existing entries in an efficient way. The bulkmodify tool supports the following:.
A single attribute filter. Attribute value addition and replacement. It modifies all matched entries in bulk. The bulkmodify tool performs schema checking on the specified attribute name and value pair during initialization. All entries that meet the following criteria are modified:. They meet the single filter condition. They contain the attribute to be modified as either mandatory or optional. The Oracle directory server and Oracle directory replication server may be running concurrently while bulk modification is in progress, but the bulk modification does not affect the replication server.
You must perform bulk modification against all replicas. Note: LDIF file based modification is not supported by bulkmodify. This type of modification requires per entry based schema checking, and therefore the performance gain over the existing ldapmodify tool is insignificant.
You must restrict user access to the subtree during bulk modification. If necessary, ACI restriction can be applied to the subtree being updated by bulkmodify. You cannot use bulkmodify to add a value to single-valued attributes that already contain one value.
If a second value is added, you must alter the directory schema to make that attribute multi-valued. If not specified, default is The filter specified with the -f option must contain a single attribute. There can be only one attribute name specified in the -a or -r option in each execution. There can be only one value specified in the -v option in each execution.
For example, the following bulkmodify command adds the telephone number to the entries of all employees who have Anne Smith as their manager:. To assure that the modified entries are read, after completing the bulkmodify procedure, restart the Oracle Internet Directory server.
The ldifwrite command line tool enables you to convert all or part of the information residing in an Oracle Internet Directory to LDIF. This makes that information available for loading into a new node in a replicated directory or into another node for backup storage. The ldifwrite tool performs a subtree search, including all entries below the specified DN, including the DN itself. The ldifwrite tool includes the operational attributes of each entry in the directory, including createtimestamp , creatorsname , and orclguid.
Oracle Internet Directory uses indexes to make attributes available for searches. Only those attributes that have an equality matching rule can be indexed. If you want to use additional attributes in search filters, you must add them to the catalog entry. You can do this at the time you create the attribute by using Oracle Directory Manager. However, if the attribute already exists, then you can index it only by using the Catalog Management tool. If you enter the correct password, the command is executed.
If you give an incorrect password, the following message is displayed:. This is the network service name set in the tnsnames. This argument is optional. The default sleep time is 10 seconds. This is the net service name set in the tnsnames. Note: OID Monitor must be running whenever you start, stop, or restart directory server instances. This section contains these topics:. Argument Description connect If you already have a tnsnames. This is not case-sensitive. Should be a number between 0 and This defaults to configset0 if not set.
This should be a number between 0 and Default port if not set is The space is important for the line to be read correctly. The value is then assigned on the right side. Multiple lines can be used to provide long values for attribute by beginning the extra lines with a single space.
LDAP will join these when processing the entry. There are two main ways of specifying a new entry within an LDIF file. The best method for your needs depends on the types of other changes you need to coordinate with. The method you choose will dictate the tools and arguments you must use to apply the changes to the LDAP DIT directory information tree. The most basic method of defining new entries to add to LDAP is to simply list the entries in their entirety, exactly as they would typically displayed using LDAP tools.
This starts with the DN distinguished name where the entry will be created, after the dn: indicator:. In the line above, we reference a few key-value pairs in order to construct the DN for our new entry. When setting attribute values, you must use the colon and space.
The necessary objectClass declarations and attributes must be set to construct a valid entry. For example, to create an organizational unit to contain the entries for the employees of our organization, we could use this:. You can add multiple entries in a single file.
Each entry must be separated by at least one completely blank line:. The second format that we will be looking at works well if you are making other modifications within the same LDIF file. OpenLDAP provides tools that can handle both additions and modifications, so if we are modifying other entries within the same file, we can flag our new entries as additions so that they are processed correctly.
This looks much like the method above, but we add changetype: add directly below the DN specification. Here, we tell LDAP that the change we are making is an entry creation. Since we are using the changetype option, this entry can be processed by the ldapmodify tool without a problem, allowing us to place modifications of other types in the same LDIF file.
The changetype option must come immediately after the DN specification. Another thing to note above is the use of a multi-line value for the description attribute.
Since the lines that follow begin with a space, they will be joined with the space removed. As with the last section, each additional entry within the same file is separated by a blank line. Comments can be used by starting the line with a character.
Comments must exist on their own line. For instance, if we wanted to add Sally in this same LDIF file, we could separate the two entries like this:. If you are using the simple entry format without the changetype setting , you can use the ldapadd command or the ldapmodify command with the -a flag, which specifies an entry addition.
You will either need to use a SASL method to authenticate with the LDAP instance this is outside of the scope of this guide , or bind to an administrative account in your DIT and provide the required password.
For instance, if we stored our entries from the simple entry section in a file called newgroups. If you are using the second format, with the changetype declaration, you will want to use the ldapmodify command without the -a flag.
Since this command and format works for most other modifications, it is probably easier to use for most changes. Be aware that for binary values, you must encode the values as base The -k option of ldifde ignores a larger set of LDAP errors. The complete list of ignored errors is as follows:. Be aware that this file is a modified version of the file generated from Lgetattcls. Furthermore, the schemaUpdateNow operational attribute is set in two places to trigger updates of the schema cache so that dependent attributes and classes will be available for adding the two classes in the script.
Also be aware that the script uses a prefix to find the classes and attributes you should also define and use a prefix for all your classes and attributes. For more information, see Naming Attributes and Classes.
Configuring Security Between Clients and Servers. Managing Directory Data. Importing and Exporting Data. Importing Data Using import-ldif. To Import Data in Offline Mode. To Import Fractional Files. To Run an Import in Online Mode. Exporting Data Using export-ldif. To Export Partial Data. To Run an Export in Online Mode. To Schedule an Export. The Template File Format. Custom Tag Includes.
Global Replacement Variables. Branch Definitions. Template Definitions. Standard Replacement Tags. Attribute Value Reference Tags. Tag Evaluation Order. Defining Custom Tags. Importing Large Data Sets. Setting the Import Options. Backing Up and Restoring Data. Overview of the Backup and Restore Process.
Backing Up Data. To Schedule a Backup as a Task. Backing Up the Server Configuration. Backing Up for Disaster Recovery. Restoring Data. To Restore a Back End. To Schedule a Restore as a Task. To Restore the Configuration File. Restoring Replicated Directory Servers. Deleting Backup Data. To Delete Backup Files. Searching Directory Data. Overview of the ldapsearch Command.
Common ldapsearch Options. Understanding Search Criteria. Specifying Filter Types and Operators. Using Compound Search Filters. Using Special Characters in Search Filters.
0コメント