• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • Migrate Users to/from OID and Oracle Apps 11i/R12

    Posted by "" in "10gAS, 11i, appsASintegration, oid" on 2008-04-17

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    ###  Read Normal Post in black font ### 

    Our expert team is providing online Oracle Apps DBA training via Web Conferencing, here is link for course content and Fee  ->  Oracle Apps DBA 11i course content – 26th April to 11th May

    ###  Read Normal Post from here ###

    Here are key points If you have to integrate Oracle Applications 11i/R12 with OID (for Single Sign-on access) and migrate users across two user repository (Apps and OID)

    Users are migrated   
    1. From OID to Apps (FND_USER) – In this scenario users already exist in OID and you wish to move them to Apps
    2. From Apps to OID  – Users already exist in Apps 11i/R12 and you wish to move then to OID
    3. Some users from Apps to OID and others from OID to Apps

    Tools/Command to migrate users

    1. AppsUserExport- To export account from Oracle E-Business Suite 11i/R12 to intermediate LDIF (Lightweight Directory Interchange Format) file. This is command line tool available in Apps. This is Java class file available under $JAVA_TOP/oracle/apps/fnd/oid

    *Required to migrate data from Apps to OID

    2. LDAPUserImport- Command line utility to read LDIF file (this file comes from OID containing users and their attribute).  This is Java class file available under $JAVA_TOP/oracle/apps/fnd/oid

    *Required to migrate data from OID to Apps

    3. ldifmigrator- Command line tool in OID to migrate application specific data or from other directory (AD, iPlanet) to format which OID can understand. This tool is under $ORACLE_HOME/bin on OID node. For syntax of OID click here

    *Required to migrate data from Apps to OID

    4. bulkload- Command line tool to load OID data in bulk. This tool is available in ORACLE_HOME/ldap/bin on OID node. Limitation with this tool is that you have to shutdown OID (database and listener should be up and running during bulkload). For syntax of bulkload Click Here

    *Required to migrate data from Apps to OID and large number of users (else use ldapadd)

    5. ldapadd- Command line tool to add an entry in OID. Advantage over bulkload is that no need to shutdown OID. Disadvantage is that this can be used only if number of users to add is small.
    For more on ldapadd Click Here

    *Required to migrate data from Apps to OID and small number of users (else use bulkload)

    6. ldifwrite- Command line utility to create LDIF file from OID data so that LDIF file can later be importaed to Apps using LDAPUserImport.
    For more on ldifwrite Click Here

    *Required to migrate data from OID to Apps

    7. oidprovtool – This is OID command line tool to add/delete/modify provisioning profile. This tool is available under ORACLE_HOME/bin on OID node.

    *Required to migrate data from Apps to OID only if “Two Way” or “OID to Apps” provisioning profile is enabled

    8. provsubtool.orc- This is command line utility in OID($OH/ldap/odi/bin) to manage application specific subscription list.

    Things you should know before user export/import

    1. Profile option “Application SSO Login Types” at user level should not be set to Local, else that user will not come to intermediate LDIF file when “AppsUserExport” is executed.

    2. Profile option “Application SSO LDAP synchronization” should not be set to NO, else user will not be migrated.

    3. If no value is set for above two profile option at user level, then site level value will take effect.

    4. Apps users whose user_id < 10 in FND_USER (like SYSADMIN, GUEST, CONCURRENT MANAGER, APPSMGR) should not be synchronized with OID Users.

    5. There is limitation to attributes of users migrated from Apps to OID (Full list of supported attributes migrated check page 88-89 of guide mentioned below)

    6. $JAVA_TOP should be in CLASSPATH before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport”  (Thanks Ravi for pointing this out)

    7. If your provisioning profile (This instructs what user attributes to sync and which way) is configured to synch user data from OID to Apps or Both (OID to Apps and Apps to OID) and you are migrating initial data from Apps to OID (using AppsUserExport, ldifmigrator, bulkload.sh/ldapadd) then DISABLE you provisioning profile during migration process. Enable provisioning profile again after user load from apps to OID.

    8. You should know your OID realm where you are going to/from migrate user data.

    9. If multiple apps instances are registered with single OID then remove duplicate user data while loading from multiple apps instances to OID.

    10. When users are bulk loaded in to OID, the password policy at OID is not enforced as passwords are encrypted in LDIF file.

    11. Bulkload coomand to migrate users from Apps to OID does not automatically subscribe users to Apps. You have to manually subscribe them using provsubtool

    12. LDAPUserImport command line utility to import data from OID to Apps updates both FND (Foundation) & TCA (Trading Community Architecture) data.
     

    Migrating Users between Apps & OID

    OID to Apps
    1. Export Users from OID using ldifwrite (OID Node)
    2. Import user to Apps using LDAPUserImport (Apps Node)

    Apps to OID
    1. Export user from Apps using LDAPUserExport (Apps Node)
    2. Change file created in above step to ldif file using ldifmigrator (OID Node)
    3. Import user to OID using bulkload/ldapadd (OID Node)
     

    Related Doc

    Apps 11i / OID Integration Guide    Page 69 to 76
    Apps R12/OID Integration Guide    Chapter 6

    Related Posts for Apps SSO/OID Integration


    1. 25 Things Apps DBA should know for Apps 11i/R12 Integration with OID/SSO
    2. Questions for Oracle Apps 11i & R12 Integration with 10g AS/SSO
    3. Oracle Single Sign-On Server for Apps DBA
    4. Clone Apps 11i/R12/12i integrated with SSO
    5. Notes/Docs to integrate Apps 11i with 10g AS Portal/OID/SSO
    6. Migrate Users to/from OID and Oracle Apps 11i/R12
    7. User created in Apps 11i/R12/12i not sync to OID
    8. Apps 11i/R12/12i Registration/Deregistration with OID/SSO : internals
    9. Error while running SSO registration on 11i : txkrun.pl -script=SetSSOReg
    10. How to Deregister SSO/OID from Oracle Apps 11i/R12/12i
    11. Error adding new User (11i) – unable to call fnd_ldap _wrapper .create_user
    12. Unable to call fnd_ldap_wrapper . create_user / update_user ORA-20001
    13. Oracle Access Manager 11g is now certified with E-Business Suite (Apps) R12
    14. Integrate Oracle Apps (E-Business Suite) R12 with Oracle Access Manager (OAM) 11g for SSO
    15. EBusiness Suite (Apps R12) integration with OAM 11g : inter component communication and Ports to open in FireWall
    16. 10g WebGate Installation with OAM 11g : Access Server ID, Port and WebGate ID
    17. EBS R12 integration with WebCenter – Error retrieving WSDL at URL OA_HTML/ portlets/ WSRPBaseService?WSDL
    18. Integrate E-Business Suite with Oracle WebCenter (11.1.1.5) using OID and OAM (11g) as SSO
    19. EBS R12 integrated with SSO (OAM/OSSO) prompting for username / password again : Your Oracle E-Business Suite account has not been linked
    20. EBS OAM integration : Logout should re-direct to different URL

    33 Responses to “Migrate Users to/from OID and Oracle Apps 11i/R12”

    1. Amit says:

      Hey Atul,

      Nice and to the point information. Gud work.

      Cheers
      Amit

    2. Mina says:

      Dear All,
      we use oid 10.2.4 , we have problem in synchronizing data from oid to db. below lines are shown in the log file. Can any body help us?

      Enabling API Debugging..
      Initialization – Starting for Mode ChangeSync
      Prov Reader – Initialize : Instantiating oracle.ldap.odip.prov.LDAPEventReader
      LDAP URL : (srv-metasearc.padl.local:636 cn=odisrv+orclhostname=srv-metasearc,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
      Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
      Connecting in SSL
      LDAP Connection success
      Update search count = 100
      Intialized the LDAP Reader.
      Status Attribute orcluserapplnprovstatus;rasaApp_rasaappDefault Subscription Status Attribute:orcluserapplnprovstatus;rasaapp
      Prov Reader – Initialized
      Prov Writer – Initialize : Instantiating oracle.ldap.odip.prov.PLSQLEventWriter
      [fine] PLSQLEventWriter : Connecting …
      Loaded driver..: oracle.jdbc.OracleDriver
      Using Service Name to connect – URL : jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.2)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=nlidb))),user : nashr
      DataBase Connection Success
      [fine] PLSQLEventWriter : Call Stmt Initialized successfully….
      Writer : Last Applied Change Key : 3480
      Prov Writer – Initialized ..
      Initialization – Ending ..
      Event Propagation – Begin..
      Event Propagation – End ..
      Updating the Status..
      Setting Event Success Count : 0
      Setting Event Failure Count : 0
      Propagation Status : SUCCESS
      Last change Key Set to:3480
      Profile status Update – SUCCESS
      Cleaned/Closed Readers and Writers
      Initialization – Starting for Mode Bootstrap
      Prov Reader – Initialize : Instantiating oracle.ldap.odip.prov.AppBootstrapEventReader
      Provisioning Failure Retry Limit for App is : 1000
      Status Attribute in OID:orcluserapplnprovstatus;rasaApp_rasaapp
      Default Subscription Status Attribute:orcluserapplnprovstatus;rasaapp
      Timestamp attribute 20080713064905z
      LDAP URL : (srv-metasearc.padl.local:636 cn=odisrv+orclhostname=srv-metasearc,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
      Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
      Connecting in SSL
      LDAP Connection success
      AppBootstrap searchFilter : (&(objectclass=orcluserv2)(|(orcluserapplnprovstatus;rasaApp_rasaapp=PROVISIONING_FAILURE)(!(orcluserapplnprovstatus;rasaApp_rasaapp=*))))
      Search Time : 16
      App Bootstrap Search Successful for application : ‘null’
      Intialized the App Bootstrap Event Reader.
      Prov Reader – Initialized
      Prov Writer – Initialize : Instantiating oracle.ldap.odip.prov.LDAPEventWriter
      LDAP URL : (srv-metasearc.padl.local:636 cn=odisrv+orclhostname=srv-metasearc,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
      Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
      Connecting in SSL
      LDAP Connection success
      Retreived Factory from Profile..
      Prov Writer – Initialized ..
      Initialization – Ending ..
      Event Propagation – Begin..
      More Data Found..
      Reader finds some data…
      More Data Found..
      Getting Users for the BootStrap cases..
      More Data Found..
      Processing User – cn=user2
      UserCreateTimeStamp 20080714131248z
      Application TimeStamp 20080713120917z
      Upgrade Timestamp 20080713064905z
      Current status : null
      Current User FailCount : 0
      [fine] Inside Generate Events..
      [fine] Object Type identified as : USER
      [fine] LDAP Changetype : ADD
      [fine] getObjTypeRules:Processing Event Defn (0) – ,Object Type:ENTRY
      [fine] getObjTypeRules:Processing Event Defn (1) – ,Object Type:USER
      [fine] getObjTypeRules:Matched Object Type :USER
      [fine] getObjTypeRules:# Event Rules:0
      [fine] EventEngine: No ObjectType Rules for :USER – changeType : ADD
      [fine] EventEngine: # Generated Events : 0

      Events to write 0
      Process Event Status for 0
      Not calling status processor
      Event Propagation – End ..
      Updating the Status..
      Cleaned/Closed Readers and Writers

    3. Ravi Kumar says:

      Hi Sir,

      This iS Ravi from UK. According the doc –Before MIgrating EBS users to OID, we have to set CLASSPATH env variable point to $APPL_TOP/java(in $APPL_TOP there is no java dir so how we can set CLASSPATH for the $APPL_TOP/java). OR the $JAVA_TOP is already pointing to CLASSPATH env variable so there is any java path has to add existing paths of CLASSPATH env variable in adovars.env ?

      Please suggest me and guide.
      Thanks in advance

      Regards,
      Ravi

      $APPL_TOP/java should be in CLASSPATH before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport”

    4. Ravi Kumar says:

      Hi Sir,

      This $APPL_TOP/java should be in CLASSPATH is temporary purpose (like export CLASSPATH=$APPL_TOP/java) or permannetly in adovars.env?
      before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport” .
      Why CLASSPATH should be in $APPL_TOP/java?

      Thanks for your support. Please

      Regards,
      Ravi

    5. Ravi Kumar says:

      Hi Sir,

      The $APPL_TOP/java(created java dir in $APPL_TOP) should be in CLASSPATH is temporary setting(like export CLASSAPTH=$APLL_TOP/java) or permanent setting in adovars.env ?

      Please suggest for above.

      Thanks,
      Ravi

    6. Ravi Kumar says:

      Hi,

      The $APPL_TOP/java is sameas $JAVA_TOP….rite?

    7. Ravi Kumar says:

      Hi Sir,

      After implementing of Infrastructure 10.1.4 integration with EBS 11i .Canot open the Application home page through sso page but I can open EBS home page throug login of OracleAS10g Infra server console navigate :homepage> >SSO:orasso>Administer via SSO web Application.

      Why EBS home page is not opening through http://server:port/oa_servlets/AppsLogin. of using SSO page ?

      Any idea on it.
      Waiting for your suggestion.
      Thanks in advance.

      Regards,
      Ravi

    8. Atul Kumar says:

      Ravi,
      Install IE http header (tool to enable debugging in browser which shows HTTP header)

      Then try accessing apps url to check if this is forwarding request to SSO page or not.

      Check in error_log & Jserv log of 11i to check issue

    9. vivekmodi1@gmail.com says:

      Hi Atul,

      I have registered at http://www.teachmeoracle.com , but still my id has not been activated.

      MY ICQ Number is : 0601
      Username is: vivek_modi1

      Please help me on this.

      Thanks and Regards,
      Vivek Modi.

    10. vivekmodi1@gmail.com says:

      Facing Issue:
      ~~~~~~~~~~~~~~~

      When we are cloning an 111i Application, after DB recovery when we try to connect to DB from MT Node using below string, we are getting error as,

      From MT Node: sqlplus apps/****@SID

      SQL*Plus: Release 10.2.0.3.0 – Production on Fri Dec 26 22:55:13 2008

      Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

      ERROR:
      ORA-30006: resource busy; acquire with WAIT timeout expired

      Any idea for this error.

      This errror we are getting only for RAC Instances only and not for Single node DB.

      Please advice.

      Thanks

    11. rajeshmanoharan says:

      Hi Atul,

      Please let me know how to restrict the same user connecting with multiple sessions in 11i
      in profile option level

      Thanks,
      Rajesh

    12. veeru says:

      Hi!Atul..

      I installed OIM11.1.1.3.0 and OER11.1.1.5.0 for Migration.
      How to migrate UserData from OIM10g to OIM11g by using the OracleEnterpriseRepository.

      Thanks&Regards,
      Veeru

    13. Atul Kumar says:

      @ Veeru,
      I am not clear with requirement, Do you want to use Enterprise Repository (OER) to migrate user data from OIM ? (never heard of OER to be used for this purpose)

      Do you have any reference doc or any link which talks about using OER for user migration ?

    14. veeru says:

      Hi!
      Thanks for your reply..
      I followed below link for DataMigration.. ..http://www.techrepublic.com/article/migrating-user-files-and-settings/5090551..,in this link he gave this 11.1.1.x.x-OER-10gMigrate.zip file..when i search this zip file..i didnt get anywhere,then i approched the oracle Discussion forum,one of the reply, I got the zip file by using the OER111150_generic.jar..
      then after I completed my Installation.then what should I do right now?

      Thanks in Advanced,
      Veeru

    15. Atul Kumar says:

      @ Veeru, I can’t find any thing in link which suggestes that this is for OIM (Oracle Identity Manager) or using OER

    16. veeru says:

      Thanks for your reply..
      Is it use for Data Migration from OIM10g to OIM11g.
      What should I do?Please let me know Which is the best option for DataMigration?

      Regards,
      Veeru

    17. Atul Kumar says:

      @ Veeru,
      Do you have two OIM systems (OIM 10g & OIM 11g) across which you wish to replicate users

      or

      You have OIM 10g which you wish to upgrade to OIM 11g

      OIM – Oracle Identity Manager

    18. veeru says:

      Hi!

      Thanks for your reply,

      Yes,I had two OIM systems(OIM 10g & OIM 11g).I have to Migrate the entire data from OIM10g to OIM11g.Please let me Know Which is the right way to get the Data.

      I want to migrate.

      Thanks in Advanced,
      Veeru

    19. nagendra says:

      Hi!

      1. I’m beginner to OIM. I don’t know about OIM.

      2. But,I have two OIM systems(OIM 10g & OIM 11g).

      3. I have to Migrate the entire data from OIM10g to OIM11g.

      Please let me Know Which is the right way to get the Data.

      I want to migrate.

      Thanks & Regards

      Nagendra.

    20. Atul Kumar says:

      @ Nagendra,
      What you need is a upgrade path from 10g OIM to 11g OIM (I was expecting OIM upgrade in OIM 11.1.1.5 but it looks like its not out yet)

      Here is 11.1.1.5 IDAM upgrade guide (steps fro OIM upgrade are not yet in doc)
      http://download.oracle.com/docs/cd/E21764_01/upgrade.1111/e10129/toc.htm

      So for OIM 10g to OIM 11g will have upgrade scripts which will upgrade OIM schema from 10g OIM to 11g OIM.

    21. veeru says:

      Hi!AthulKumar,

      Iam new beginer to OIM.now iam insatlling OER11g,but in which way i use the OER11g.Whats the main role and purpose of OER11g.Could you please give the details of OER11g??

      Thanks & Regards,
      Veeru

    22. veeru says:

      Hi!
      Thanks for your reply,

      But i want to see the entire picture for about OER11g.with screen shots. how to use am I?

      Thanks & Regards,
      veeru

    23. Nagendra says:

      Hi Atul,

      I installed OID11.1.1.3 and E-Business Suite 12.1.1 on different machines.
      Now I want to Register and integrate Oracle E-Business Suite instance with Oracle Internet Directory (OID).
      How to set up user synchronization (provisioning) between Oracle E-Business Suite and OID and
      how to Verify that user provisioning is working correctly before proceeding with the rest of this integration.

      Thanks & Regars,

      Nagendra.

    24. Atul Kumar says:

      @ Nagendra,

      Use below command on EBS

      $FND_TOP/bin/txkrun.pl \
      -script=SetSSOReg \
      -registeroid=yes \

      Follow section 6 of doc 876539.1 – Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite

      and Appendix A, Section 1.2. Register Instance and Section 1.4: Register OID of

      376811.1 Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On

      Also follow my EBS – OID/SSO series at (ignore SSO piece from here).

      I am going to cover step by step EBS R12 integration with OID 11.1.1.4 on this blog so stay tuned.

    25. Narendra says:

      Hi Atul,

      I want to integrate OAM 11g and EBS 12.1.1. For that it needs OID(11g).How can I set up and verify synchronization and provisioning of users between EBS and OID.

      Thanks & Regards,
      Narendra.Ch

    26. LM says:

      Hi Atul,
      I’ve been using LDAPUserImport to read a file generated by ldifwrite. It imports users into FND_USER but populates the customer_id column there.
      When users are manually created in “Define User” that column is not populated. Is there a way to use LDAPUserImport without populating customer_id? I have already disabled various Business Events named “Cust%create” but no luck.

      Thanks,

    27. tanwanichandan says:

      Hi,

      We want to migrate only few users for OID login.
      Is it possible other users can use the same URL that they were using earlier?
      If yes, How can we achieve this goal?

      Regards,
      Chandan

    28. karthiga says:

      Is there any way to migrate users from dba_users table to OID

    29. Atul Kumar says:

      @ karthiga,
      Why would you do that ?

      How many users do you have in dba_users table ?

    30. karthiga says:

      We have nearly 150 users in dba_users, which we need to migrate to OID.

      is there any utility to do this ?

      I could see notes only for migrating from fnd_users to OID.

      • Atul Kumar says:

        @ karthiga, There is no automated way to migrate user from Database to OID. You can load users in bulk in OID using ldapadd or bulkload using LDIF file .

        bulkload -connect OIDDB -check=true -generate=true file=/export/home/oracle/users.ldif

        Command may change slightly based on OID version

    31. karthiga says:

      I tried using ‘UMU – user migration utility’

      And it works well, with few limitations.

      Regards,
      Karthiga

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP