Understanding the Oracle Directory Integration Platform for Provisioning 12-7

12.4.1 Provisioning Users from the Provisioning Console

You can use the Provisioning Console to centrally manage user provisioning and deprovisioning of one or more users simultaneously. The console includes a wizard-based interface for creating, modifying, and deleting individual users, and for selectively provision and deprovision users for any provisioning-integrated applications. The Provisioning Console also supports bulk user creation, modification, and deletion of users from an LDIF file. See Bulk Provisioning Using the provProfileBulkProv Tool on page 12-7 for more information.

12.4.2 Provisioning Users that are Synchronized from an External Source

When Oracle Internet Directory is used as a central repository and enterprise user entries are synchronized from third-party directories to Oracle Internet Directory, each user identity is automatically provisioned according to the default provisioning policy of each provisioning-integrated application.

12.4.3 Provisioning Users Created with Command-Line LDAP Tools

Any tools developed by Oracle or third-party vendors that use standard command-line LDAP syntax can create user entries in Oracle Internet Directory. As with user entries that are synchronized from external sources, any user entries created with command-line LDAP tools or any other means are provisioned according to the default provisioning policies for each provisioning-integrated application.

12.4.4 Bulk Provisioning Using the provProfileBulkProv Tool

Use the provProfileBulkProv utility, located in the ORACLE_HOMEbin directory, to perform initial migration of data from an LDIF file to Oracle Internet Directory for a provisioning profile.

12.4.4.1 Syntax for provProfileBulkProv

provProfileBulkProv provProfileBulkProv -h HOST -p PORT -D wlsuser -file LDIF_FILE -realm REALM_DN [-ssl -keystorePath PATH_TO_KEYSTORE -keystoreType TYPE] [-encoding INPUT_ENCODING] [-help] Notes: ■ Best security practice is to provide a password only in response to a prompt from the command. ■ You must set the WLS_HOME and ORACLE_HOME environment variables before executing any of the Oracle Directory Integration Platform commands ■ The Oracle WebLogic Managed Server where Oracle Directory Integration Platform is deployed must be configured for SSL to execute this command in SSL mode. Refer to the Configuring SSL chapter in Oracle Fusion Middleware Securing Oracle WebLogic Server for more information. 12-8 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform

12.4.4.2 Arguments for provProfileBulkProv

-h | -host Oracle WebLogic Server host where Oracle Directory Integration Platform is deployed. -p | -port Listening port of the Oracle WebLogic Managed Server where Oracle Directory Integration Platform is deployed. -D | -wlsuser Oracle WebLogic Server login ID -f | -file LDIF file containing the data to be migrated. -realm The realm in which the users are to be provisioned. -ssl Executes the command in SSL mode. -keystorePath The full path to the keystore. -keystoreType The type of the keystore identified by -keystorePath. For example: -keystorePath jks or -keystorePath PKCS12 -encoding Input file encoding. -help Provides command usage help. Note: You will be prompted for the Oracle WebLogic Server login password. You cannot provide the password as a command-line argument. Best security practice is to provide a password only in response to a prompt from the command. If you must execute provProfileBulkProv from a script, you can redirect input from a file containing the Oracle WebLogic Server login password. Use file permissions to protect the file and delete it when it is no longer necessary. Note: The Oracle WebLogic Managed Server where Oracle Directory Integration Platform is deployed must be configured for SSL to execute this command in SSL mode. Refer to the Configuring SSL chapter in Oracle Fusion Middleware Securing Oracle WebLogic Server for more information.