Instead of using the Profiles population wizard, you can
manually populate the database.
Before you begin
You can populate the Profiles database manually, as described
here, or with the help of the population wizard as described in the Using
the Profiles population wizard topic. You might choose to manually
populate the database to take advantage of functionality not provided
by the wizard, such as anonymous LDAP access, large data sets, and
property configuration other than what is provided by the wizard,
for example alternate source options.
Note: Additional and related
information about configuration and mapping properties may be available
in the Using the Profiles population wizard topic.
Before starting this task, you must complete the steps
in the Mapping fields manually topic. You must set up
the mapping file before starting this task.
(AIX® only). An AIX limitation
causes a file naming error when you extract the tdisol.tar archive.
The system renames the profile-links.xsd to profile-links.xs.
To resolve this issue, use the GNU Tar program, version 1.14 or higher,
to extract the archive. Download the program from ftp://ftp.gnu.org/gnu/tar/ and
install it as the default tar utility in the path. The default location
for GNU Tar is /usr/local/bin.
The internal name of the Profiles
database is PEOPLEDB.
About this task
After installing the Profiles database and defining mapping
and validation, complete the following steps to populate the Profiles
database:Procedure
- Update the profiles_tdi.properties file
to specify values for the following properties.
Note: To
locate this file, extract the tdisol.tar|zip file
from the tdisol directory in your IBM® Connections installation media. After extraction,
the file is located in the tdisol.tar|zip/tdisol/TDI directory.
Note: To
locate this file, change to the TDI solution
directory that you created in the Configuring Tivoli Directory Integrator topic.
The file is located in the TDI_solution_directory/TDI directory.
The
following list contains properties that you must review. Edit any
property values that require editing for your configuration.
- source_ldap_url
- Universal resource locator of the LDAP directory. Enables programs
to access the LDAP directory. Use the following syntax to specify
the value:
source_ldap_url=ldap://myldap.enterprise.example.com:389
- source_ldap_user_login
- If you cannot use Anonymous search, a user login name is required
. Use the following syntax to specify the value:
source_ldap_user_login=uid=wpsbind,cn=users,l=Bedford Falls,
st=New York,c=US,ou=Enterprise,o=Sales Division,dc=example,dc=com
- source_ldap_user_password
- If you cannot use anonymous search, a user password is required,
along with user login name. Use the following syntax to specify the
value:
{protect}-source_ldap_user_password=wpsbind
Note: Tivoli® Directory Integrator automatically
encrypts any properties which have the {protect} prefix. If you do
not want to encrypt these properties, remove the {protect} prefix.
- source_ldap_search_base
- A portion of the LDAP DN that must be part of all entries processed.
This base usually contains the expected organization (o) value, such
as source_ldap_search_base=o=ibm.com. Use the following
syntax to specify the value:
source_ldap_search_base=l=Bedford Falls,st=New York,c=US,
ou=Enterprise,o=Sales Division,dc=example,dc=com
- source_ldap_search_filter
- A search filter to further refine the entries used. A typical
value might be source_ldap_search_filter=cn=*. Use
the following syntax to specify the value:
source_ldap_search_filter=(&(uid=*)(objectclass=inetOrgPerson))
- source_ldap_use_ssl
- Required only if you are using SSL to authenticate. Specifies
whether to use Secure Sockets Layer for the connection. Options are true or false.
- dbrepos_jdbc_driver
- JDBC driver used to access the Profiles database repository. The
default value of the properties file references the DB2® database provided with Profiles as follows:
dbrepos_jdbc_driver=com.ibm.db2.jcc.DB2Driver
If you are using DB2,
you do not need to modify this value. If you are using an Oracle database,
change the value to reference an Oracle database. The following values
are examples:dbrepos_jdbc_driver=oracle.jdbc.driver.OracleDriver
dbrepos_jdbc_driver=oracle.jdbc.pool.OracleConnectionPoolDataSource
If
you are using SQL Server, change the value to reference the SQL Server
database. The following value is an example:com.microsoft.sqlserver.jdbc.SQLServerDriver
- dbrepos_jdbc_url
- Universal resource locator of the database that you created. This
value specifies the peopledb database, and must include the port number.
For example:
- DB2:
jdbc:db2://localhost:50000/peopledb
- Oracle:
jdbc:oracle:thin:@localhost:1521:PEOPLEDB
- SQL Server:
jdbc:sqlserver://enterprise.example.com:1433;DatabaseName=PEOPLEDB
.
- dbrepos_username
- The user name used to authenticate to the database that you created.
Use the following syntax to specify the value:
dbrepos_username=<db_admin_id>
- dbrepos_password
- The password used to authenticate to the database that you created.
Use the following syntax to specify the value:
{protect}-dbrepos_password=act1vities
You can provide values for additional properties
if necessary, see Tivoli Directory Integrator solution properties
for Profiles for details.
- Ensure that you have completed the steps in the Mapping
fields manually task. You must complete the mapping task before
continuing.
- Run the ./collect_dns.sh or collect_dns.bat script
to create a file containing the distinguished names (DNs) to be processed
from the source LDAP directory.
Note: Before
starting the script, ensure that you have completed the steps in the Mapping
fields manually task.
Note: If the script does not run,
you might need to enable its Executable attribute by running the chmod command
first. The Executable attribute of a script can become disabled after
the script is copied from a read-only medium such as DVD.
The new file is named collect.dns by
default but you can rename it if necessary. If you change the file
name, update the source_ldap_collect_dns_file parameter
in the profiles_tdi.properties file.
After
the script runs, it creates a log file called ibmdi.log in
the tdisol.tar|zip/tdisol/TDI directory.
Examine this file to find out whether any errors occurred during the
process.
- Populate the database repository from the source LDAP directory
by running the ./populate_from_dn_file.sh or populate_from_dn_file.bat script.
Depending on how many records you are processing, this step could take many hours. For example,
5,000 records might take a few minutes, but half a million records might take a few hours, depending
on the speed of your system. Tivoli Database Integrator
prints a message to the screen after every 1,000 iterations to inform you of its progress.
Note: If a failure occurs during processing, such as loss of the network connection to the LDAP
directory server, you can run the populate_from_dn_file script again with no
harm. If you want to save time though, you can start processing the names from where it was
interrupted. Examine the PopulateDBFromDNFile.log file in the logs subdirectory
to find out which distinguished name was last successfully processed. The
ibmdi.log file also tracks the tasks that you run. Edit the
collect.dns file to remove all entries up to and including the last
successfully processed entry. Start the task again. You can repeat this step as many times as
necessary until all the distinguished names are processed.
- Optional: If you are setting the PROF_IS_MANAGER field
based on PROF_MANAGER_UID references in other employee
records, run the ./mark_managers.sh or mark_managers.bat script.
For more information, see Configuring the Manager designation
in user profiles for details.
Note: Manager identification
is not performed as part of the previous record population step because
it must run across all the records and it is possible that the initial
record population step does not complete in a single pass for large
organizations.
Note: If the manager designation was not part
of the source records for your data set, you can run this task to
analyze all the records after population. This task will take each
user record and see if it is referenced as the manager for any other
users. If yes, the user will be marked as a manager. If not, the
user will be marked as not a manager. If you need to use this process
to set this profile attribute, you will also need to run it periodically
to perform updates. For more information, see Synchronizing
user data between Profiles and the LDAP directory.
- Optional: Run additional and optional scripts
to populate additional fields. For example, run the Country code script ./fill_country.sh or fill_country.bat to
populate the Country table from the isocc.csv file.
Other scripts include the following:
- Work location code script ./fill_workloc.sh or fill_workloc.bat
- Organization codes script ./fill_organization.sh or fill_organization.bat
- Employee type code script ./fill_emp_type.sh or fill_emp_type.bat
- Department code script ./fill_department.sh or fill_department.bat
For more information, see Supplemental user data for
Profiles.