9-30 Oracle Fusion Middleware Application Security Guide ■ domain: on WebLogic, specifies the domain name where the reassociating takes place; on WebSphere, specifies the WebSphere cell name. ■ admin specifies, in case of an LDAP target, the administrator’s user name on the target server, and the format is cn=usrName. In case of a DB target, it is required only when the DB has a protected data source protected with userpassword; in this case, it specifies the user name set to protect the data source when the data source was created; that user and password must be present in the bootstrap credential store. ■ password specifies the password associated with the user specified for the argument admin. It is required in case of an LDAP target. In case of a DB target, it is required only when the DB has a protected data source; in this case, it specifies the password associated with the user specified for the argument admin. ■ ldapurl specifies the URI of the LDAP server. The format is ldap:host:port, if you are using the default port, or ldaps:host:port, if you are using an anonymous SSL or one-way SSL transmission. The secure port must be configured to handle the desired SSL connection mode, and must be distinct from the default non-secure port. ■ servertype specifies the kind of the target LDAP server or DB server. The only valid types are OID and DB_ORACLE. ■ jpsroot specifies the root node in the target LDAP repository under which all data is migrated. The format is cn=nodeName. ■ join specifies whether the domain is to share an OPSS security store in another domain. Optional. Set to true to share an existing store in another domain; set to false otherwise. The use of this argument allows multiple WebLogic domains to point to the same logical OPSS security store. ■ datasourcename specifies the JNDI name of the JDBC data source; this should be identical to the value of the JNDI name data source entered when the data source was created; see Section 8.3.1.3, Creating a Data Source Instance. Examples of Use reassociateSecurityStoredomain=myDomain, admin=cn=adminName, password=myPass, ldapurl=ldaps:myhost.example.com:3060, servertype=OID, jpsroot=cn=testNode Suppose that you want some other domain distinct from myDomain, say otherDomain to share the policy store in myDomain. Then you would invoke the script as follows: reassociateSecurityStoredomain=otherDomain, admin=cn=adminName, password=myPass, ldapurl=ldaps:myhost.example.com:3060, servertype=OID, jpsroot=cn=testNode, join=true Important: When an OPSS security store is reassociated with join=true, the bootstrap wallet from the first domain must be manually copied to the second domain. The reason for this requirement is that the first domain generates a local key that is used to encrypt the keystore data and the second domain needs to have the same key in its bootstrap wallet in order to decrypt that data.