Populate peopledb

Overview

Manually populating the Profiles database with LDAP data provides functionality not provided by the wizard...

• Anonymous LDAP access
• Large data sets
• Batch files
• Alternate sources

To set values in the Profiles database we set attributes and values in profiles_tdi.properties. This file is not read by the system. Rather, changes made are persisted to the Profiles database, which is read by the system. This file is similar to the wkplc.properties file in portal, which is not read by portal, but is used by ConfiguEngine commands to write to the Portal configuration.

Populate the Profiles database

1. Create Profiles database: PEOPLEDB

2. Define mappings and validations

3. Extract profiles_tdi.properties...
   mkdir TDI_HOME/TDISOL
   cp $CNX_INSTALL_MEDIA/TDISOL/tdisol.tar TDI_HOME/TDISOL
   cd $TDI_HOME/TDISOL
   tar xvf tdisol.tar

   For AIX, when extracting tdisol.tar, the system renames profile-links.xsd to profile-links.xs. To fix, install the GNU Tar program into /usr/local/bin.

4. Edit...
   TDI_solution_directory/TDI/profiles_tdi.properties

5. Set...

   Property	Description	Example
   source_ldap_url	URL of the LDAP directory.	ldap://myldap.enterprise.myco.com:389
   source_ldap_user_login	If anonymous search is not allowed, a user login name is required.	uid=wpsbind,cn=users,l=Frostbite Falls, st=Minnesota,c=US,ou=Enterprise,o=Sales Division,dc=example,dc=com
   source_ldap_user_password	If anonymous search is not allowed, a user password is required, along with user login name.	wpsbind TDI automatically encrypts properties with the {protect} prefix. To not encrypt these properties, remove the {protect} prefix.
   source_ldap_search_base	A portion of the LDAP DN that must be part of all entries processed. Usually contains the expected organization (o) value	l=Frostbite Falls,st=Minnesota,c=US, ou=Enterprise,o=Sales Division,dc=example,dc=com
   source_ldap_search_filter	A search filter to further refine the entries used.	cn=*. (&(uid=*)(objectclass=inetOrgPerson))
   source_ldap_use_ssl	Whether to use SSL for the connection.	true or false
   dbrepos_jdbc_driver	JDBC driver used to access the Profiles database repository.	DB2... com.ibm.db2.jcc.DB2Driver Oracle... dbrepos_jdbc_driver=oracle.jdbc.driver.OracleDriver oracle.jdbc.pool.OracleConnectionPoolDataSource SQL Server... com.microsoft.sqlserver.jdbc.SQLServerDriver
   dbrepos_jdbc_url	URL and port of peopledb.	DB2 jdbc:db2://localhost:50000/peopledb Oracle jdbc:oracle:thin:@localhost:1521:PEOPLEDB SQL Server jdbc:sqlserver://enterprise.myco.com:1433;DatabaseName=PEOPLEDB
   dbrepos_username	The user name used to authenticate to the database.	<db_admin_id>
   dbrepos_password	The password used to authenticate to the database.	act1vities

6. Complete the steps in the Map fields task.

7. Create a file containing distinguished names to be processed from the source LDAP directory.
   ./collect_dns.sh

   Before starting, complete steps in the Map fields task.

   If the script does not run, we might need to enable its Executable attribute by running the chmod command first. The Executable attribute of a script can become disabled after the script is copied from a read-only medium such as DVD.

   The new file is named collect.dns by default but we can rename it if necessary. If we change the file name, update the source_ldap_collect_dns_file parameter in profiles_tdi.properties.

   After the script runs, it creates a log file called ibmdi.log in the directory...

   tdisol.tar|zip/tdisol/TDI

   Examine this file to find out whether any errors occurred during the process.

8. Populate the database repository from the source LDAP directory by running the ./populate_from_dn_file.sh or populate_from_dn_file.bat script.

   Depending on how many records we are processing, this step could take many hours. For example, 5,000 records might take a few minutes, while half a million records could take over 12 hours. Tivoli Database Integrator prints a message to the screen after every 1,000 iterations to inform you of its progress.

   If a failure occurs during processing, such as loss of the network connection to the LDAP directory server, start processing the names from where it was interrupted. Examine the PopulateDBFromDNFile.log file in the logs subdirectory to find out which distinguished name was last successfully processed. The ibmdi.log file also tracks the tasks that you run. Edit the collect.dns file to remove all entries up to and including the last successfully processed entry. Start the task again. We can repeat this step as many times as necessary until all the distinguished names are processed.

9. If we are setting the PROF_IS_MANAGER field based on PROF_MANAGER_UID references in other employee records, run ./mark_managers.sh.

   Manager identification is not performed as part of the previous record population step because it must run across all the records and it is possible the initial record population step does not complete in a single pass for large organizations.

   If the manager designation was not part of the source records for the data set, we can run this task to analyze all the records after population. This task will take each user record and see if it is referenced as the manager for any other users. If yes, the user will be marked as a manager. If not, the user will be marked as not a manager. If use this process to set this profile attribute, you will also need to run it periodically to perform updates. See Synchronizing user data between Profiles and the LDAP directory.

10. Run additional and optional scripts to populate additional fields

    For example, run the Country code script ./fill_country.sh to populate the Country table from the isocc.csv file. Other scripts include the following:

    Description	Script
    Work location code	./fill_workloc.sh
    Organization codes	./fill_organization.sh
    Employee type code	./fill_emp_type.sh
    Department code	./fill_department.sh

Parent topic:
Populate peopledb with LDAP info

Related:

Synchronize Profiles and LDAP
sync_all_dns
Profiles population wizard
TDI solution properties for Profiles
Administer Profiles
Search index
Populate the Profiles database
TDI solution properties for Profiles
Customize the Profiles data model
Profile-types
Populate a large user set
Batch files