Synchronize IBM Tivoli Directory Server and Microsoft Active Directory LDAP changes 

To keep your profiles synchronized with your LDAP directory, use the generic sync_all_dns command. However, if your LDAP directory is IBM Tivoli Directory Server or Microsoft™ Active Directory, you can use the process_tds_changes or process_ad_changes commands.


About this task

The process_tds_changes and process_ad_changes commands do not support synchronizing multiple LDAP directories or multi-branch LDAP directories. If you have populated your profiles database with data from multiple locations, running the process_tds_changes and process_ad_changes commands applies changes related to the current LDAP directory only.


Procedure

To synchronize Tivoli Directory Server and Microsoft Active Directory LDAP directory changes with Profiles, perform the following steps.

  1. Update the change log properties in the profiles_tdi.properties file so that the changes to the LDAP directory can be reflected back to the Profiles database. The change log properties are the set of properties that begin with <LDAP_type>_changelog_*.

  2. Do one of the following:

    • For Tivoli Directory Server, use the following script to process changes made to the LDAP directory and have those changes made to the corresponding records in your database repository:

      • IBM AIX or Linux™:

          chmod +x process_tds_changes.sh

          ./process_tds_changes.sh

      • Microsoft Windows™:

          process_tds_changes.bat

    • For Microsoft Active Directory, use the following script to process changes made after the initial population:

      • AIX or Linux:

          chmod +x process_ad_changes.sh

          ./process_ad_changes.sh

      • Microsoft Windows:

          process_ad_changes.bat

  3. The process_tds_changes task keeps track of the changelog number in a persistent field. If your LDAP directory is reset, you can do one of the following:

    • Delete the changelog number value...

      • AIX or Linux:

          chmod +x reset_changelog_state.sh

          ./reset_changelog_state.sh

      • Microsoft Windows:

          reset_changelog_state.bat

    • Set a particular value using the following script and passing it the count value to set:

      • AIX or Linux:

          chmod +x set_changelog_count.sh

          ./set_changelog_count.sh

      • Microsoft Windows:

          set_changelog_count.bat


Parent topic

Synchronize LDAP directory changes with Profiles

Related reference
Batch files for processing Profiles data


   

 

});

+

Search Tips   |   Advanced Search