Symantec Access Management

  • Private Community

  • 1.  Oracle OID to CA Directory migration

    Posted Jul 22, 2015 06:18 AM

    Hi,

     

    I am going to migrate data from Oracle Internet Directory (OID) to CA directory.

     

    On a high level, I am trying with below steps.

    1. Export schema from OID

    2. Import schema into CA Directory

    3. Export data from OID to an LDIF file

    4. Remove userPassword for the entries in exported LDIF file and import it into CA Directory

    5. Export another data file from OID with DNs and UserPassword

    6. Import the password data file into CA Directory

     

    I came across the SunOne to CA Directory migration KB article http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec483208.aspx. Following it, I I had successfully exported the schema from OID server, but getting some errors when converting to CA Directory DXC format with respect to OID related object classes.

     

    Few questions:

    1. Is there any KB article for OID to CA Directory migration?

    2. How to migrate the password for the users from OID to CA Directory?

    3. Has anyone performed this migration and if so can share implementation steps and any best practices.

     

    Thank you.

     

    Regards,

    Chenna



  • 2.  Re: Oracle OID to CA Directory migration

    Posted Jul 28, 2015 09:54 PM

    I'm not sure about (1) or (3)

     

    (2) Can you provide a sample of the password hash? At some stage OID moved to using (SHA-1) which is supported by CA Directory. This just requires the userPassword attribute in the LDIF to be prefixed by {SHA}. If the hashes are MD4 then these aren't supported.

     

    Example,

     

    userPassword: W6ph5Mm5Pz8GgiULbPgzG37mj9g=

     

    Would need to be

     

    userPassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

     

    This can be achieved using sed: cat data.ldif | sed 's/^userPassword: /userPassword: {SHA}/'

     

    For your schema conversion how did you extract the schema from OID? Did you use the dxschemaldif tool to read the schema directly from OID, or use another method?



  • 3.  Re: Oracle OID to CA Directory migration

    Posted Aug 05, 2015 02:33 AM

    Thanks Justin for the reply.

     

    I have performed POC and has successfully migrated the users from OID to CA Directory including password in the data. OID was using SHA-1 password hash which is supported in CA Directory.

     

    Yes, I had used dxschemaldif tool to extract OID schema. But wasn't able to convert it to CA Directory schema using the other tool ldif2dxc. So I had manually prepared the required schema and loaded it into CA Directory and then the data import into CA Directory.



  • 4.  Re: Oracle OID to CA Directory migration

    Broadcom Employee
    Posted Nov 10, 2016 08:43 AM

    Hello,

    New TEC1425627 "Migrating Data from LDAP-Compliant Directories to CA Directory" Technote dealing with this question should be published soon.

    Best regards.



  • 5.  Re: Oracle OID to CA Directory migration

    Posted Nov 18, 2016 12:13 AM

    Hi Chenna, 

     

    can you share the brief plan of action for migrating from OID to CA directory?

     

    Thanks