7-12 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform ■ View Source Directory Entry - Select to view an existing source directory entry that you can use as a template. This option should be used to view Active Directory source data, including the uSNChanged attribute. The Source Container values in the drop-down menu are retrieved using the domain mapping rules set in the profile. Enter a value for the Source RDN box. ■ View Destination Directory Entry - Select to view an existing destination directory entry that you can use as a template. The Destination Container values in the drop-down menu are retrieved using the domain mapping rules set in the profile. Enter a value for the Destination RDN box. Test Options From the Test data source menu, select Change Number, SourceDN, or LDIF Data, then type the change number, SourceDN, or the LDIF commands that you want to test. Click Next to go to step three of the wizard, Review Options and Test Output. Review Options and Test Output This section describes the Review Options and Test Output screen, which is the third screen of the three screen DIP Tester wizard. If running DIP Tester in Advanced mode, use the Review Test Options section to review the change number or LDIF data that you entered on the previous screen. If running DIP Tester in Basic mode, this section uses preconfigured settings. ■ Click Test to initiate the synchronization test. ■ Click Dump Profile to write detailed information about the selected synchronization profile to a pop-up window. The Test Output section displays the following information: ■ Result - Either Test Passed or Test Failed. Caution: A synchronization test is not a simulation. Initiating the test will cause an actual sync operation to take place. Proceed with caution when using DIP Tester in Advance mode. Note: If a source directory entry and a destination directory entry are already in sync, DIP Tester will not report that the sync operation did not occur. Instead, DIP Tester simply reports Test Passed because the entry and attribute data in both directories match. Note: When using DIP Tester in Basic mode, the Test Output section will occasionally report a result of Test Passed, when, in fact, errors were reported. For this reason you should always check the Log Messages for DIP Tester section to verify that no errors are reported there. Managing Directory Synchronization Profiles 7-13 ■ Source Entry Details Destination Entry Details - If the test passed, displays actual directory data test results for both the source and destination directories. ■ Error Message - If the test failed, displays a message reporting the reason for the test failure. ■ Log Messages for DIP Tester - Detailed messages generated during the course of the synchronization test.

7.1.5.2 Running DIP Tester From the WLST Command-Line Interface

To run DIP Tester from a command-line, use the manageSyncProfiles command and specify the testProfile option. Operation Mode DIP Tester testProfile can run in Basic mode or Advanced mode. ■ Use Basic mode to quickly run the synchronization task using DIP Testers preconfigured settings. The synchronization task runs and sync status and log messages from the test are returned to standard out. Basic mode is useful if you need to quickly retry a failed synchronization. To retry the last failed change, set Skip Error To Sync Next Change to false and set Update Search Count to 1. To run DIP Tester in Basic mode, do not include the -changenumber, -sourcedn, or -ldiffile options. ■ Use Advanced mode if you need to specify and configure the source of the test data. You can either enter a change number to run a specific change in a change log, enter a SourceDN to test sync a specific change on either an eDirectory or an Open LDAP directory, or enter LDIF data. To run DIP Tester in Advanced mode, include either the -changenumber, the -sourcedn, or the -ldiffile options when running DIP Tester. Refer to the following DIP Tester Command-Line Examples section for more information. Note: In the default configuration, Skip Error To Sync Next Change is set to false. Consequently DIP Tester will not move past any failed operations. To have DIP Tester continue on to the next operation upon encountering a failed operation, set Skip Error To Sync Next Change to true. Note: DIP Tester cannot process delete operations for the OpenLDAP or eDirectory LDAP servers. When processing user or group delete operations on other LDAP servers, LDIF delete files need to include the dn and changetype attributes. For example: dn: cn=userToDelete,cn=users,dc=comain changetype: delete 7-14 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform Syntax and Arguments for testProfile manageSyncProfiles testProfile -h hostName -p port -D wlsuser -pf profileName [-changenumber number | -ldiffile file | -sourcedn sourcedn ] [-ssl -keyStorePath path -keyStoreType type] [-help] -h | -host Oracle WebLogic Server where Oracle Directory Integration Platform is deployed. -p | -port Listening port of the Oracle WebLogic Managed Server where Oracle Directory Integration Platform is deployed. - D | -wlsuser Login ID to connect to the server. -pf | -profile The profile name. -changenumber The change loge number representing the change that needs to be synchronized from directories like Oracle Internet Directory, iPlanet, Tivoli and Active Directory to the destination. -sourcedn Distinguished name of the source entry that needs to be synchronized from directories like eDirectory and OpenLDAP to the destination. -ldiffile A file containing LDIF data that will be applied to the source and then synchronized to the destination. - ssl Executes the command using SSL. - keyStorePath Location of the trust keystore. - keyStoreType Keystore type. If unspecified, defaults to jks. - help Provides help for the testProfile command. Note: If a source directory entry and a destination directory entry are already in sync, DIP Tester will not report that the sync operation did not occur. Instead, DIP Tester simply reports Test Passed because the entry and attribute data in both directories match. Note: Passwords cannot be passed as command parameters. Instead, the system will prompt you for passwords as needed. Managing Directory Synchronization Profiles 7-15 DIP Tester Command-Line Examples DIP Tester Basic Mode manageSyncProfiles testProfile -h hostName -p port -D wlsuser -pf profileName DIP Tester Advanced Mode , Change Number Specified manageSyncProfiles testProfile -h hostName -p port -D wlsuser -pf profileName [-changenumber number] DIP Tester Advanced Mode , SourceDN Specified manageSyncProfiles testProfile -h hostName -p port -D wlsuser -pf profileName [-sourcedn sourcedn] DIP Tester Advanced Mode , LDIF File Specified manageSyncProfiles testProfile -h hostName -p port -D wlsuser -pf profileName [-ldiffile file]

7.2 Managing Synchronization Profiles Using manageSyncProfiles

The Manage Synchronization Profiles utility, manageSyncProfiles, allows you to manage synchronization profiles. manageSyncProfiles is located in the ORACLE_ HOMEbin directory. This topic contains the following sections: ■ Syntax for manageSyncProfiles ■ Arguments for manageSyncProfiles ■ Tasks and Examples for manageSyncProfiles Notes: ■ Best security practice is to provide a password only in response to a prompt from the command. ■ You must set the WLS_HOME and ORACLE_HOME environment variables before executing any of the Oracle Directory Integration Platform commands ■ The Oracle WebLogic Managed Server where Oracle Directory Integration Platform is deployed must be configured for SSL to execute this command in SSL mode. Refer to the Configuring SSL chapter in Oracle Fusion Middleware Securing Oracle WebLogic Server for more information. 7-16 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform

7.2.1 Syntax for manageSyncProfiles

manageSyncProfiles manageSyncProfiles {activate | deactivate | copy | deregister | get | isexists | update | testProfile | validateProfile | validateMapRules | register | updatechgnum | associateProfile | dissociateProfile | getAllAssociatedProfiles | getAssociatedProfile | list } -h HOST -p PORT -D wlsuser [-ssl -keystorePath PATH_TO_KEYSTORE -keystoreType TYPE] [-profile] [-newProfile] [-associateProfile][-file] [-params prop1 val1 prop2 val2 ...] [-conDirHost] [-conDirPort] [-conDirBindDn] [-mode] [-conDirType] [-conDirSSL] [-profileStatus] [-help]

7.2.2 Arguments for manageSyncProfiles

Operations activate Changes the state of the profile identified by -profile to ENABLE. deactivate Changes the state of the profile identified by -profile to DISABLE. copy Copies an existing profile profile to profile newProfile. deregister Deletes an existing profile from Oracle Internet Directory. get Gets the profile details from Oracle Internet Directory. isexists Checks if the profile profile exists in Oracle Internet Directory. update Modifies the profile properties that are identified by command arguments. testProfile Changes the state of a disabled profile profile to TEST and schedules the profile for testing to ensure the profile will successfully perform synchronization. After executing the manageSyncProfiles command with the testProfile operation, the results of the test are available in the following log file, where WL_DOMAIN_HOME represents the Oracle WebLogic Server Domain home and ORACLE_WEBLOGIC_ MANAGEDSERVER_NAME represents the name of the Oracle WebLogic Managed Server where Oracle Directory Integration Platform is deployed: WL_DOMAIN_HOME serversORACLE_WEBLOGIC_MANAGED_SERVER_NAMElogsORACLE_WEBLOGIC_ MANAGED_SERVER_NAME .log