OUD Backup Script

Here is the output :


OUD Script Log Purge:: Purging the OUD Backup Script Logs older than 7 days
OUD Backup Purge:: Purging the OUD LDIF Backup older than 7 days
OUD Backup Purge:: Purging the OUD Binary Backup older than 7 days
OUD Backup:: Script Start -- 20160526_0854
Export task 20160526085425844 scheduled to start immediately
[26/May/2016:08:54:25 +0000] severity="NOTICE" msgCount=0 msgID=9896349 message="Export task 20160526085425844 started execution"
[26/May/2016:08:54:25 +0000] severity="INFORMATION" msgCount=1 msgID=10487422 message="Exporting to /tmp/oud-bkup/ldif/20160526_085421.ldif"
[26/May/2016:08:54:25 +0000] severity="INFORMATION" msgCount=2 msgID=8388850 message="The export will be done in Entry ID Order"
[26/May/2016:08:54:25 +0000] severity="NOTICE" msgCount=3 msgID=8847447 message="Exported 22 entries and skipped 0 in 0 seconds (average rate 1466.7/sec)"
[26/May/2016:08:54:25 +0000] severity="NOTICE" msgCount=4 msgID=9896350 message="Export task 20160526085425844 finished execution"
Export task 20160526085425844 has been successfully completed
+---  OUD LDIF Backup Verification:: Listing the backup ----+
-----
20160526_085421.ldif
-----
[26/May/2016:08:54:33 +0000] category=TOOLS severity=NOTICE msgID=10944792 msg=Starting backup for backend virtualAcis
[26/May/2016:08:54:33 +0000] category=JEB severity=NOTICE msgID=8847446 msg=Archived: 00000000.jdb
[26/May/2016:08:54:33 +0000] category=TOOLS severity=NOTICE msgID=10944792 msg=Starting backup for backend tasks
[26/May/2016:08:54:33 +0000] category=TOOLS severity=NOTICE msgID=10944792 msg=Starting backup for backend schema
[26/May/2016:08:54:33 +0000] category=TOOLS severity=NOTICE msgID=10944792 msg=Starting backup for backend userRoot
[26/May/2016:08:54:33 +0000] category=JEB severity=NOTICE msgID=8847446 msg=Archived: 00000000.jdb
[26/May/2016:08:54:33 +0000] category=TOOLS severity=NOTICE msgID=10944792 msg=Starting backup for backend replicationChanges
[26/May/2016:08:54:33 +0000] category=JEB severity=NOTICE msgID=8847446 msg=Archived: 00000000.jdb
[26/May/2016:08:54:33 +0000] category=TOOLS severity=NOTICE msgID=10944795 msg=The backup process completed successfully
+--- OUD Binary Backup Verification:: Listing the backup ----+
-----
20160526_085421
-----
OUD Backup :: Script End -- 20160526_0854
Elapsed Time ::  00h:00m:12s

Advertisements

OUD – Using ldif-modify


# Add a test user : 
 
$ $BIN_PATH/ldapmodify -p 1389 -D "cn=Directory Manager" -w Welcome1

dn: cn=User12,ou=People,dc=example,dc=com
changetype: add
objectclass:inetorgperson
sn: User
cn: Twelve
 
# Stop the server
 
$ $BIN_PATH/stop-ds 
 
# Import the Group having member in it. 
 
$BIN_PATH/import-ldif -a -r -l /add-group1.ldif -n userRoot 
 
$ cat > /add-group1.ldif
 
dn: cn=Group12, ou=Groups, dc=example,dc=com
cn: Group12
objectclass: top
objectclass: groupOfNames
ou: Groups
member: cn=User12,ou=People,dc=example,dc=com

# Start the server
 
$ $BIN_PATH/start-ds 
 
# Perform ldapsearch verification from group and member side : 
 
$BIN_PATH/ldapsearch -p 1389 -D "cn=Directory Manager" -w Welcome1 -b "dc=example,dc=com" "(cn=Group12)"
dn: cn=Group12,ou=Groups,dc=example,dc=com
member: cn=User12,ou=People,dc=example,dc=com
cn: Group12
ou: Groups
objectClass: groupOfNames
objectClass: top

$ $BIN_PATH/ldapsearch -p 1389 -D "cn=Directory Manager" -w Welcome1 -b "dc=example,dc=com" "(cn=User12)" isMemberOf
dn: cn=User12,ou=People,dc=example,dc=com
isMemberOf: cn=Group12,ou=Groups,dc=example,dc=com

# Stop the server 

$ $BIN_PATH/stop-ds 

# Import the group with no members :

cat > /add-group-no-members.ldif
dn: cn=Group13, ou=Groups, dc=example,dc=com
cn: Group13
objectclass: top
objectclass: groupOfNames
ou: Groups

# Import the group: 
$ $BIN_PATH/import-ldif -a -r -l /add-group13.ldif -n userRoot


# Start the server:

$ $BIN_PATH/stop-ds 

$ $BIN_PATH/ldapsearch -p 1389 -D "cn=Directory Manager" -w Welcome1 -b "dc=example,dc=com" "(cn=Group12)"
dn: cn=Group12,ou=Groups,dc=example,dc=com
cn: Group12
ou: Groups
objectClass: groupOfNames
objectClass: top

$ $BIN_PATH/ldapsearch -p 1389 -D "cn=Directory Manager" -w Welcome1 -b "dc=example,dc=com" "(cn=User12)" isMemberOf
dn: cn=User12,ou=People,dc=example,dc=com

OUD – Sample LDIF File

$ ldapmodify -a -p 1389 -D “cn=Directory Manager” -w Welcome1

dn: dc=example,dc=com
objectclass: top
objectclass: domain
dc: example

dn: ou=people,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=ste,ou=people,dc=example,dc=com
postalAddress: Schwielowsee
postalCode: 14548
uid: ste
description: This is the description for stefan0
userPassword: password
employeeNumber: 23
initials: SW
givenName: Stefan
objectClass: person
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: top
pager: +1 724 334 4454
mobile: +1 699 006 9072
cn: Stefan W
sn: W
roomNumber: 123
telephoneNumber: 456
street: Auf dem Franzensberg
homePhone: +1 698 343 6105
l: Potsdam
mail: stefan@maildomain.net
st: BR

ODSEE/OUD attributes hashing

You can define an attribute with password syntax. It will be stored using the default scheme defined in the default password policy.

For instance:

dn: cn=schema
objectClass: top
objectClass: ldapSubentry
objectClass: subschema
cn: schema
attributeTypes: ( 2.5.4.35 NAME 'myAttribute'
  SYNTAX 1.3.6.1.4.1.26027.1.3.1 ) 

1) Update the schema with the attribute and associate it to a objectclass

# ./ldapmodify -X -Z -D "cn=Directory Manager" --bindPasswordFile pwdfile.txt -p 2636 --useSSL --trustAll
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 2.16.840.1.113730.3.1.999 NAME 'myAttribute' SYNTAX 1.3.6.1.4.1.26027.1.3.1 X-ORIGIN 'user defined' )

Processing MODIFY request for cn=schema
MODIFY operation successful for DN cn=schema

dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.110 NAME 'myInetOrgPerson' SUP inetOrgPerson MAY ( myAttribute) X-ORIGIN 'user defined' )

Processing MODIFY request for cn=schema
MODIFY operation successful for DN cn=schema
dsuser@confusion1#

OUD – Migration mass user data to OUD from DB

Ref Links :

Oracle Unified Directory 11gR2PS3 Very Large Static Groups

https://docs.oracle.com/cd/E52734_01/oud/OUDAG/tuning_performance.htm#BBADGEFF

Password Policy Example

 
$ dsconfig -h hostname -p 4444 -D "cn=directory manager" -w password -n create-password-policy \

  --policy-name "First Login Password Policy" --set password-attribute:userpassword \
  --set default-password-storage-scheme:"Salted SHA-1" \
  --set allow-user-password-changes:true --set force-change-on-add:true \
  --set force-change-on-reset:true --set expire-password-without-expiration:false \
  --set password-expiration-warning-interval:86400 \
  --set min-password-age:0 --set max-password-age:259200 --set lockout-duration:3600 \
  --set lockout-failure-count:3 --set password-change-requires-current-password:true