Update Profiles when changing LDAP directory 

When you need to change your LDAP directory, synchronize the user data stored in profiles with the information in your new LDAP directory. You can run commands that synchronize the information in the Profiles database with the user information stored in your new LDAP deployment.

Before starting

Ensure that the values of either the distinguished name (DN) or the email address properties in the existing data source match those in the new deployment LDAP directory. If neither of these properties have matching values, you cannot use the scripts provided with IBM Connections to synchronize the IDs.

Procedure

To use the scripts provided with IBM Connections to synchronize the IDs and update Profiles...

1. Open the profiles_tdi.properties file from the IBM Tivoli Directory Integrator directory on the system that hosts the Profiles application in a text editor, and edit the following properties to match the values of the corresponding properties in the LDAP system:
   

   • source_ldap_url

   • source_ldap_user_login

   • source_ldap_user_password

   • source_ldap_search_base

   • source_ldap_search_filter

   • source_ldap_use_ssl
     
   For more information about these properties and how they are used, see Tivoli Directory Integrator properties.
   

2. Ensure that the guid property in the map_dbrepos_from_source.properties file is set to the appropriate value for your environment:
   

   • IBM Tivoli Directory Server:

     guid=ibm-entryUuid

     
     

   • IBM Lotus Domino Directory:

     guid={function_map_from_dominoUNID}

     
     

   • Microsoft™ Active Directory:

     guid={function_map_from_objectGUID}

     
     

   • Sun Java™ System Directory Server:

     guid=nsuniqueid

     
     

3. Identify an attribute that is the same in the old LDAP deployment and the new deployment, and then set the sync_updates_hash_field property in the profiles_tdi.properties file to this value.
   
   For example, you might choose an attribute such as email address or employee number:

   sync_updates_hash_field=email

   
   

4. Synchronize the data so that the values from the new LDAP deployment are updated in the Profiles database by running the following script:

   • IBM AIX or Linux™:

     chmod +x sync_all_dns.sh

     ./sync_all_dns.sh
     

   • Microsoft Windows™:

     sync_all_dns.bat

     
     

   For more information about the properties that you can set when synchronizing LDAP data with Profiles, see Synchronize LDAP directory changes with Profiles.
   

Parent topic

Manage user data using Tivoli Directory Integrator scripts

Related tasks

Mapping fields manually
Synchronize LDAP directory changes with Profiles

Related reference
Tivoli Directory Integrator properties
Batch files for processing Profiles data

+

Search Tips   |   Advanced Search