How to Dump Provisioning and Synchronisation Profile from OID
How to Dump Provisioning Profile from OID
This would help you understand what are the Provisioning Profile exists in OID, configuration and status of all those.
ldapsearch -h mkktestserver1.unixdomain.local -p 3060 -D "cn=orcladmin" \
-w MalayFalsePass -L -s sub -b "cn=provisioning profiles,cn=changelog subscriber,cn=oracle internet directory" objectclass=*
Accordingly you can take a call on either enabling or disabling those, or changing the interval or troubleshooting purpose.
orclstatus: ENABLED
orclodipprovisioningappname: ebusl
orclodipprovisioningappname: ebsgold
How to Dump Synchronisation Profile from OID
manageSyncProfiles list -h mkktestserver1.unixdomain.local -p 7005 -D weblogic
Output of this would be something like:
Following are the registered profile(s):
ADtoOIDSynch >>> This is the synch profile that is in place.....
manageSyncProfiles get -h mkktestserver1.unixdomain.local -p 7005 -D weblogic -pf ADtoOIDSynch
Output of this would be something like(I have given only the important fields and removed the attribute part)
If these are configured in OID DIP Synch Profile AD to OID Synch should be issueless.
Profile ADtoOIDSynch details are :
odip.profile.condirfilter = searchfilter=(|(objectclass=group)(objectclass=organizationalUnit)(&(objectclass=user)(!(objectclass=computer))))
odip.profile.status = ENABLE
odip.profile.syncmode = IMPORT
odip.profile.version = 4.0
odip.profile.configfile = [INTERFACEDETAILS]
Reader: oracle.ldap.odip.gsi.ActiveChgReader
CheckAllEntries: false
SkipErrorToSyncNextChange: true
UpdateSearchCount: 100
SearchDeltaSize: 500
odip.profile.lastchgnum = 122685657
odip.profile.debuglevel = 0
You can Validate Synch Profile using following Command:
manageSyncProfiles validateProfile -h mkktestserver1.unixdomain.local -p 7005 -D weblogic -pf ADtoOIDSynch
Sample output for validateProfile
Map rules "orclodipattributemappingrules" have the following warnings:
Attribute rule "2" has warning: Source attribute 'cn' is optional for a required destination attribute 'cn'
Attribute rule "7" has warning: Source attribute 'samaccountname' is optional for a required destination attribute 'orclsamaccountname'
Attribute rule "22" has warning: Source attribute 'employeeid' is optional for a required destination attribute 'sn'
Attribute rule "25" has warning: Source attribute 'samaccountname' is optional for a required destination attribute 'orclsamaccountname'
Attribute rule "25" has warning: Source attribute 'userprincipalname' is optional for a required destination attribute 'orclsamaccountname'.
You can test Synch Profile using following Command:
You need to disable the profile temporarily to do this testProfile.
manageSyncProfiles testProfile -h mkktestserver1.unixdomain.local -p 7005 -D weblogic -pf ADtoOIDSynch
SynchronizationStatus : Synchronization Successful
SynchronizationErrors :
ECID : 39cb4812cad10e7e:-123fc09f:1401eaa2992:-8000-0000000000005981
View the related logs using the above ECID with the wlst command :
displaylogs(target=<ManagedServer_Name>, ecid='39cb4812cad10e7e:-123fc09f:1401eaa2992:-8000-0000000000005981')
Now this ECID you can look in wls_ods1-diagnostic.log, in my case it was warning only. This report that "SynchronizationStatus : Synchronization Successful", this means, synch is going okay...
In the wls_ods1-diagnostic.log, you can see this ECID in warning as reported in validateProfile.
Following Commands are also very useful to troubleshoot Synch Profile Issues:
ldapsearch -p 389 -h mkktestADserver1.addomain.local -D "AdtoOidSyncUser@vaa.vtg.local" -w "MalayFalsePass" -b "" -s base "objectclass=*" highestCommittedUSN
ldapsearch -h mkktestOIDserver1.unixdomain.local -p 3060 -D "cn=orcladmin" -w MalayFalsePass -b "" -s base "objectclass=*" lastchangenumber
ldapsearch -h mkktestOIDserver1.unixdomain.local -p 3060 -D "cn=orcladmin" -w MalayFalsePass \
-b "cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory" -s sub "objectclass=*"
How to Dump Provisioning Profile from OID
This would help you understand what are the Provisioning Profile exists in OID, configuration and status of all those.
ldapsearch -h mkktestserver1.unixdomain.local -p 3060 -D "cn=orcladmin" \
-w MalayFalsePass -L -s sub -b "cn=provisioning profiles,cn=changelog subscriber,cn=oracle internet directory" objectclass=*
Accordingly you can take a call on either enabling or disabling those, or changing the interval or troubleshooting purpose.
orclstatus: ENABLED
orclodipprovisioningappname: ebusl
orclodipprovisioningappname: ebsgold
How to Dump Synchronisation Profile from OID
manageSyncProfiles list -h mkktestserver1.unixdomain.local -p 7005 -D weblogic
Output of this would be something like:
Following are the registered profile(s):
ADtoOIDSynch >>> This is the synch profile that is in place.....
manageSyncProfiles get -h mkktestserver1.unixdomain.local -p 7005 -D weblogic -pf ADtoOIDSynch
Output of this would be something like(I have given only the important fields and removed the attribute part)
If these are configured in OID DIP Synch Profile AD to OID Synch should be issueless.
Profile ADtoOIDSynch details are :
odip.profile.condirfilter = searchfilter=(|(objectclass=group)(objectclass=organizationalUnit)(&(objectclass=user)(!(objectclass=computer))))
odip.profile.status = ENABLE
odip.profile.syncmode = IMPORT
odip.profile.version = 4.0
odip.profile.configfile = [INTERFACEDETAILS]
Reader: oracle.ldap.odip.gsi.ActiveChgReader
CheckAllEntries: false
SkipErrorToSyncNextChange: true
UpdateSearchCount: 100
SearchDeltaSize: 500
odip.profile.lastchgnum = 122685657
odip.profile.debuglevel = 0
You can Validate Synch Profile using following Command:
manageSyncProfiles validateProfile -h mkktestserver1.unixdomain.local -p 7005 -D weblogic -pf ADtoOIDSynch
Sample output for validateProfile
Map rules "orclodipattributemappingrules" have the following warnings:
Attribute rule "2" has warning: Source attribute 'cn' is optional for a required destination attribute 'cn'
Attribute rule "7" has warning: Source attribute 'samaccountname' is optional for a required destination attribute 'orclsamaccountname'
Attribute rule "22" has warning: Source attribute 'employeeid' is optional for a required destination attribute 'sn'
Attribute rule "25" has warning: Source attribute 'samaccountname' is optional for a required destination attribute 'orclsamaccountname'
Attribute rule "25" has warning: Source attribute 'userprincipalname' is optional for a required destination attribute 'orclsamaccountname'.
You can test Synch Profile using following Command:
You need to disable the profile temporarily to do this testProfile.
manageSyncProfiles testProfile -h mkktestserver1.unixdomain.local -p 7005 -D weblogic -pf ADtoOIDSynch
SynchronizationStatus : Synchronization Successful
SynchronizationErrors :
ECID : 39cb4812cad10e7e:-123fc09f:1401eaa2992:-8000-0000000000005981
View the related logs using the above ECID with the wlst command :
displaylogs(target=<ManagedServer_Name>, ecid='39cb4812cad10e7e:-123fc09f:1401eaa2992:-8000-0000000000005981')
Now this ECID you can look in wls_ods1-diagnostic.log, in my case it was warning only. This report that "SynchronizationStatus : Synchronization Successful", this means, synch is going okay...
In the wls_ods1-diagnostic.log, you can see this ECID in warning as reported in validateProfile.
Following Commands are also very useful to troubleshoot Synch Profile Issues:
ldapsearch -p 389 -h mkktestADserver1.addomain.local -D "AdtoOidSyncUser@vaa.vtg.local" -w "MalayFalsePass" -b "" -s base "objectclass=*" highestCommittedUSN
ldapsearch -h mkktestOIDserver1.unixdomain.local -p 3060 -D "cn=orcladmin" -w MalayFalsePass -b "" -s base "objectclass=*" lastchangenumber
ldapsearch -h mkktestOIDserver1.unixdomain.local -p 3060 -D "cn=orcladmin" -w MalayFalsePass \
-b "cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory" -s sub "objectclass=*"
No comments:
Post a Comment